Oso's Blog

We're launching the Oso MCP server! Connect AI tools to Oso Cloud for policy debugging, testing, and secure, context-aware authorization.

LLMs take action, not just generate text. This post unpacks a high-profile failure and shows why authorization is the key to keeping them in check.

Oso is now on AWS Marketplace and in the ISV Accelerate Program, making it easy for AWS customers to adopt authorization for permissions and access control.

Zanzibar creator Abhishek Parmar shares lessons on scaling authorization at Google and Airbnb—and what teams should know before building their own system.

Secure LLM apps from day one. Learn how to design RAG pipelines with built-in authorization to prevent data leaks and simplify your AI stack.

Learn how to secure your RAG pipelines using Oso’s new SQLAlchemy integration. Apply fine-grained authorization directly to your database queries—including those using pgvector—without writing custom SQL. Prevent data leaks in LLM apps, simplify permissions, and build safer AI features with Python and SQLAlchemy.

LLMs have already changed the rules. How do we make sure they don't also ignore them?

As AI apps like RAG chatbots integrate with Google Drive, Notion, and Jira, one challenge dominates: preventing data leaks. This post explores three architectural approaches to secure AI access with real-world tradeoffs and guidance from Oso engineers.

Learn how we built a step-by-step debugger for Polar, our Datalog-inspired logic language for fine-grained authorization. This post explores coinductive trees, lazy evaluation, and why a TUI made more sense than a GUI for tracing recursive, rule-based decisions.

Introducing Oso Migrate: A TUI that simplifies authorization migrations.

Authorization seems simple until you build it. Learn from 40 common mistakes developers make when tackling one of the toughest problems in software.

Tido Carriero shares career advice for engineers, his 3-pillar framework for fulfillment, and why Oso’s approach to authorization inspired him to become an advisor.

A wake-up call for SaaS: JPMorgan exposes deep security flaws. See how top vendors are rethinking authorization with Oso to win enterprise trust.

Oso Self-Hosted is now in private beta! Run Oso in your AWS account for full control over authorization infrastructure, data, and compliance.

A weak password exposed full admin access and sensitive customer data. Learn from this real-world breach before it becomes your own nightmare.

Is your app's authorization logic holding you back or putting you at risk? Discover 5 critical signs your permissions system is fragile—and how to fix it before it breaks. Learn from real-world examples and best practices from Oso,

Learn why sub-10ms authorization is the new gold standard for enterprise apps. Discover how Oso delivers lightning-fast, scalable permission checks without compromising on flexibility or control.

Discover "A Tour of Polar," Oso’s interactive, point-and-click guide to building authorization policies. Learn RBAC, ReBAC, and ABAC with editable policies and real-time authorization decisions in a fun, hands-on experience.

Learn how Oso Cloud enables fine-grained access control in microservices using RBAC, ReBAC, ABAC, and Polar—our purpose-built policy language.

Discover how Sensat transformed its authorization system with Oso! Learn how they built fine-grained access control, implemented permission inheritance, and eliminated API code changes—all while streamlining development. Read more!

Learn how to simplify and scale your authorization tests in Oso Cloud using assert variables and the iff operator. Write fewer test cases, validate multiple permissions at once, and ensure your access control policies stay correct as they grow.

Oso Sync ensures your authorization data stays consistent between your app and Oso Cloud by detecting and fixing data drift caused by issues like latency or manual changes. It supports PostgreSQL, MongoDB, and CSVs for other databases, offering both reporting and automatic updates.

Use Oso Cloud, OpenAI, and Supabase to build a permissions-aware RAG chatbot, so users only see context from documents they have permission to view.

Duolingo migrated to Oso to simplify authorization and improve developer productivity. Previously, permission changes took hours or even days—now, they take minutes. In this interview, Tom Whittaker, Senior Engineering Manager at Duolingo, shares how Oso helped them focus on core business features instead of workarounds. Watch the full story and explore real-world authorization insights from top engineering teams.

List filtering is the process of retrieving only the data a user is authorized to access, rather than fetching everything and filtering in-memory. In an LLM chatbot, this means ensuring users only see responses or documents they have permission for. Instead of checking authorization for each item one by one, which is slow at scale, Oso Cloud provides two efficient methods: centralized filtering, where the chatbot queries Oso Cloud for a list of authorized item IDs before retrieving them from the database, and local filtering, where Oso Cloud generates a database filter to apply directly in SQL, reducing unnecessary data transfers.