PAR Technology Corporation has developed a secure multi-tenant LLM analytics agent on AWS, allowing business users to query data with row-level security. The system enables users to ask questions in plain English and receive accurate, data-backed answers while ensuring data boundaries are strictly enforced. The solution addresses the challenge of providing self-serve analytics for thousands of users across different businesses and datasets, without exposing sensitive information. The system uses a three-layer architecture to ensure data isolation and security, even when the underlying LLM is compromised. Source: awsml
The analytics agent was initially built using Amazon Bedrock with Anthropic’s Claude Sonnet 4 model, which interprets user questions and generates SQL queries against a Databricks data warehouse. While this approach worked for a proof of concept, it was not sufficient for production use due to the inherent non-determinism of LLMs. The system needed to ensure data boundaries were enforced deterministically, regardless of the model's behavior. This led to the development of a more robust architecture that includes cryptographic request signing with AWS SigV4, semantic validation on Bedrock, and programmatic data isolation via Split-Plane SQL. Source: awsml
PAR serves over 300 restaurant businesses, organized into tenants, businesses, and admins. A tenant represents a brand group or franchisor, while a business is a specific restaurant chain within a tenant. Admins are individual users who access the analytics agent, with varying levels of data access. Each API request includes Tenant ID, Business ID, and Admin ID to ensure queries are scoped to the exact data the user is authorized to see. This structure ensures that row-level security is a foundational requirement, not just a feature. Source: awsml
