What is a vector database?

What is a vector database?

A vector database is a data store built to index and search vectors: long lists of numbers that represent the meaning, features, or behavior of an object. In AI systems, those objects are often text passages, documents, images, support tickets, product descriptions, log events, or user queries. The vector is created by an embedding model. Items with similar meaning should produce vectors that are close together, even if they do not share the same words.

That makes a vector database different from a traditional keyword index. A keyword search for "password reset" may miss a document titled "account recovery." A vector search can find it because the two phrases are semantically related. The database is optimized to store many of these embeddings and return nearby results quickly.

Vector databases are commonly used in semantic search, recommendation systems, duplicate detection, fraud analysis, image search, and retrieval augmented generation, often called RAG. In a RAG application, the system retrieves relevant source material from a vector database before a model writes an answer. The quality and safety of the answer depend heavily on what was retrieved.

How vector search works

A typical pipeline starts with source data. The application breaks documents into chunks, sends each chunk to an embedding model, and stores the resulting vector with metadata such as source URL, document ID, tenant, owner, language, timestamp, sensitivity label, and access rules.

When a user asks a question, the application embeds the question into another vector. The vector database searches for stored vectors that are near the query vector. Many systems use approximate nearest neighbor search, which trades a small amount of precision for speed at large scale. The application then returns the closest passages, applies filters, ranks the results, and may pass them to another service or model.

Metadata is not an optional detail. The same sentence may be safe to show in a public documentation search but unsafe in a customer support context if it came from another tenant's ticket. Good vector systems combine similarity search with strict filtering by access level, customer, product, region, freshness, and source type.

Why vector databases matter

Vector databases let applications work with meaning rather than exact strings. A support tool can find similar past incidents. A commerce site can recommend visually similar products. A security team can cluster log messages or phishing reports that look different but describe the same technique. An AI assistant can retrieve policy text before answering a user's question.

They also become a sensitive part of the application. A vector store may contain embeddings derived from private documents, customer conversations, internal runbooks, source code, or security events. Even when the vectors are not human-readable in the same way as the original text, they are still derived from that data and should be governed as part of the data lifecycle.

The operational risk is often indirect. The vector database may not decide anything by itself, but its results can influence a chatbot, search page, analyst workflow, recommendation engine, or automated agent. If retrieval is wrong, stale, poisoned, or overbroad, the downstream system can give bad advice or expose content.

Common failure modes

Access leakage is one of the most important risks. If a system searches across all vectors and only filters the final answer, restricted content may still reach the model or ranking layer. The safer pattern is to enforce permission filters before sensitive content is retrieved.

Stale indexes are another common problem. Source documents change, policies expire, customers delete data, and product names are reused. If vectors are not rebuilt or expired, the application may continue retrieving old content. This is especially risky for legal terms, security procedures, pricing, medical guidance, or incident response steps.

Chunking can also cause errors. If chunks are too small, the system may retrieve fragments without enough context. If chunks are too large, irrelevant material can be pulled into the answer. Tables, diagrams, code blocks, and policy exceptions need extra care because their meaning may depend on surrounding structure.

Poisoning is a separate concern. If attackers can insert content into pages, comments, tickets, profiles, or support messages that are later embedded, they may influence retrieval. A poisoned instruction in a retrieved document can try to steer a model away from policy, reveal data, or recommend unsafe actions.

Operational checks before production

Teams should inventory every source feeding the vector database. For each source, record the owner, data classification, refresh interval, deletion path, and intended audience. A public marketing page and a private support case should not be treated the same just because both can be embedded.

Test retrieval with realistic roles. A customer, support agent, administrator, unauthenticated visitor, and internal developer should each retrieve only what they are allowed to see. Negative tests are important: ask questions that are close to restricted topics and confirm that filters still hold.

Measure retrieval quality separately from answer quality. If the right source material was not retrieved, changing the prompt will not fix the underlying issue. Review examples where the top results are irrelevant, outdated, duplicated, or missing the source a human would expect.

Log enough evidence for audits and incidents. Useful logs include query ID, user or service identity, filter values, source IDs returned, model or index version, and whether the result was shown, summarized, or used to trigger an action. Avoid logging sensitive raw prompts or documents unless there is a defined retention and access policy.

Governance and retention

A vector database needs the same governance discipline as other production data stores: authentication, authorization, encryption, backups, change review, incident response, and retention rules. It also needs AI-specific controls, because the stored data may be transformed and reused in contexts far from the original source.

Deletion is a good test of design maturity. If a customer deletes a document, can the team remove the original, its chunks, its vectors, its cached retrieval results, and any derived indexes? If the answer is unclear, the system is not ready for sensitive data.

For low-risk public search, lightweight controls may be enough. For customer data, internal security knowledge, regulated content, or systems that feed automated actions, teams should use stricter filters, review workflows, and monitoring. The key question is not whether the vector database is advanced. It is what the application is allowed to retrieve, who can see the result, and what can happen next.