As of September 18, 2025, Databricks has added compliance support to its Mosaic AI Vector Search standard endpoints, and they can now be accessed in FedRAMP Moderate and IRAP workspaces. The enhancement enables the government agencies and organizations to meet the high security requirements to capitalize on the high-level search outcomes of the vectors to implement their AI applications without having to forgo the quality of regulatory compliance.
Enhanced compliance capabilities are now available
Mosaic AI Vector Search standard endpoints are now available in FedRAMP Moderate and IRAP workspaces, according to Databricks’ release notes. This compliance support enables organizations operating under strict government security frameworks to utilize Databricks’ vector search technology for their artificial intelligence and machine learning applications.
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. IRAP (Information Security Registered Assessors Program) is Australia’s equivalent framework forย cloud security assessmentsย and certifications.
Vector search technology overview
Mosaic AI Vector Search is a vector search solution that is built into the Databricks Data Intelligence Platform and integrated with its governance and productivity tools, according to Microsoft Learn documentation. Vector search is a type of search optimized for retrieving embeddings. Embeddings are mathematical representations of the semantic content of data, typically text or image data.
Embeddings are created with the help of a large language model and they are one of the most important components of most generative AI applications that require searching documents or images which are similar to one another. They include RAG systems, recommender systems, and image and video recognition. Using Mosaic AI Vector Search, you build a search index based on a Delta table as a vector search.
Technical capabilities and features
The index includes embedded data with metadata. You can then query the index using a REST API to identify the most similar vectors and return the associated documents. You can structure the index to automatically sync when the underlying Delta table is updated. Mosaic AI Vector Search supports hybrid keyword-similarity search, filtering, reranking, andย access control lists (ACLs)ย to manage vector search endpoints.
Mosaic AI Vector Search uses the Hierarchical Navigable Small World (HNSW) algorithm for its approximate nearest neighbor (ANN) searches and the L2 distance metric to measure embedding vector similarity. If you want to use cosine similarity, you need to normalize your datapoint embeddings before feeding them into vector search. The update represents a colossal step into developing AI technology that will be more democratic in the most regulated environments.
Security and authentication features
Databricks implements the following security controls to protect your data: Every customer request to Mosaic AI Vector Search is logically isolated, authenticated, and authorized. Mosaic AI Vector Search encrypts all data at rest (AES-256) and in transit (TLS 1.2+). Mosaic AI Vector Search supports two modes of authentication, service principals and personal access tokens (PATs).
For production applications, Databricks recommends that you use service principals, which can have a per-query performance up to 100 msec faster relative to personal access tokens. Customer Managed Keys (CMK) are supported on endpoints created on or after May 8, 2024, providingย additional encryption controlย for sensitive data.
The successful creation of the federal FedRAMP and IRAP regular assistance to Mosaic AI Vector Search endpoints is of immense importance in the capability to make accessible the powerful AI apps to governments and other highly controlled organizations. This will help the agencies to have the upper hand and take advantage of the improved technology of the vector search without putting the high standard of security and compliance in their duties at risk.