Expert insights on AI-powered coding security, vibe-based development practices, and protecting AI-generated web applications from vulnerabilities.

· · 2 min read

What Is an Embedding?

embedding AI vector database NLP
Embedding : A numerical vector representation of text, images, or other data that captures semantic meaning in a high-dimensional space. Similar concepts have similar embeddings (close in vector space), enabling semantic search, clustering, and retrieval. Embedding models (OpenAI text-embedding-3, Cohere embed, sentence-transformers) convert raw data into fixed-length vectors.

Why It Matters for AI-Coded Apps

Embeddings are the foundation of RAG systems, search features, and recommendation engines in AI-coded apps. Security concerns include: sensitive data encoded in embeddings that can be partially reconstructed, injection attacks through embedded content, and API key exposure when calling embedding services from the client side.

Real-World Example

A support chatbot embeds customer conversations to find similar past tickets. The embedding vectors are stored in a vector database. If an employee asks ‘show me conversations about account cancellation,’ the system finds semantically similar past conversations – including ones containing personal data that the querying employee should not access.

How to Detect and Prevent It

Implement access controls on embedding storage and search results. Never embed sensitive data without considering who can query it. Call embedding APIs from the server side only (never expose API keys to the client). Consider that embeddings can partially leak the content they represent – treat them as sensitive data if the source is sensitive.

Frequently Asked Questions

Can sensitive information be extracted from embeddings?

Research shows that text can be partially reconstructed from embeddings using inversion attacks. While exact reconstruction is difficult, semantic content can be inferred. Treat embeddings of sensitive data (PII, medical records, financial data) with the same security controls as the original data.

What embedding model should I use?

For most applications: OpenAI text-embedding-3-small (good quality, low cost), Cohere embed-v3 (multilingual), or sentence-transformers (open-source, self-hosted). Choose based on quality requirements, cost, latency, and whether you need to self-host for data privacy.

How are embeddings different from tokens?

Tokens are the units that LLMs process (words or subwords). Embeddings are dense vector representations of entire texts that capture semantic meaning. Tokenization splits text into pieces; embedding converts those pieces into a numerical representation that captures meaning for similarity comparison.

Scan your app for security issues automatically

Vibe Eval checks for 200+ vulnerabilities in AI-generated code.

Try Vibe Eval

AI Coding Security Insights.
Ship Vibe-Coded Apps Safely.

Effortlessly test and evaluate web application security using Vibe Eval agents.

GET STARTED GET A DEMO