In a nutshell: PAR Technology does not treat LLM models as security boundaries for multi-tenant data, but instead locks down data access through cryptographic signing, semantic validation, and programmatic SQL isolation.
PAR Technology has built a production LLM system for text-to-SQL analytics that manages data from over 300 restaurant operations with strict tenant separation. The company solves the core access control problem through a three-layer security architecture that does not rely on LLM models as trust boundaries.
PAR Technology operates a SaaS platform for the restaurant industry with over 300 customers – from single locations to large franchise chains with hundreds of outlets. The requirement for an NLP-powered analytics tool was clear: business professionals should ask questions in natural language and receive correct answers in seconds. But the core challenge ran deeper: every generated SQL query had to be not only syntactically correct, but also executed for exactly the right person, on precisely their dataset, at the right level of granularity.
The problem becomes concrete: a franchise owner with two locations in Chicago and a brand manager with 200 locations nationwide ask the identical question “What were total revenues last week?” – and receive completely different, but both correct, answers ($84,000 vs. $9.2 million). If the system showed the wrong number, it would be both a data protection violation and a trade secret breach. The solution cannot rely on the LLM model alone: language models are probabilistic systems. They can apply filters correctly 10,000 times and slip on the 10,001st, hallucinate filter values, or misinterpret ambiguous prompts. This is an inconvenience in consumer apps, but a compliance risk in a multi-tenant system handling sensitive business data.
PAR therefore implemented a three-layer architecture in which each layer operates independently and reduces the risk of cross-tenant data leaks: (1) Cryptographic request signing with AWS SigV4 at the transport layer, (2) Semantic validation via Amazon Bedrock (LLM-based), (3) Programmatic data isolation through split-plane SQL at the database layer. This strategy divides responsibility: the model generates correct SQL syntax and logic, but not the security guarantee. The security guarantee comes from the technical layers beneath it.
Source: aws.amazon.com · Published June 29, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.