Helping Hands
What Happens When an AI 'Reads' Your Knowledge Base?
An AI doesn't 'read' your knowledge base like a person — it's handed a few pieces at a time. How the mechanism works, where it fails, and how OMQ keeps it controlled and compliant.
When an AI answers a customer using your knowledge base, what does it actually read? Not the whole base. Not even close. For anyone responsible for data protection or IT governance, that question matters more than it first appears — because what the AI is given to read determines not only whether an answer is right, but whether an internal document ever reaches a public visitor. Picture the AI as a brilliant new intern: it graduated last summer and knows a great deal about the world, but nothing about your organisation. It has never read your refund policy, never seen your price list, never heard of your premium tier. To help a customer, someone has to hand it the right page from the manual, every single time. That hand-off is exactly where access, freshness and control are won or lost.
- 1The knowledge cutoff: why an AI doesn't know your business
- 2Retrieval-Augmented Generation in plain English
- 3Three ways AI is given your knowledge today
- 4The four natural limits — and the compliance one
- 5How OMQ approaches the same problem
- 6Retrieval is only half the picture
- 7Conclusion
- 8Frequently asked questions
The knowledge cutoff: why an AI doesn’t know your business
The friendly intuition first. Today’s AI models are trained on enormous piles of public text — encyclopaedias, books, news, forums — up to a cutoff date. Training happens once, then stops. After that, the model knows everything it learned up to that date and nothing about anything that happened later. That date is the knowledge cutoff.
For your organisation, the consequence is direct. The new refund policy your team agreed last week? The model has not seen it. Your internal price list? Perhaps an old public version, certainly not the current one. The premium-only exception your support lead documented yesterday? Definitely never seen. “Free shipping over £50” — last summer’s promotion or this year’s rule? The model cannot tell.
This is not a flaw; it is the nature of how language models are built. But it has a clear result: a language model on its own cannot answer questions about your specific organisation. It can sound confident, yet it is guessing — sometimes well, sometimes badly. So if you want an AI to handle customer enquiries about your business, your knowledge has to be handed to it at the moment of each question. That is exactly what every modern AI assistant does under the bonnet.
Retrieval-Augmented Generation in plain English
In the AI world this pattern has a name: Retrieval-Augmented Generation, usually shortened to RAG. The term breaks down into three simple steps. In retrieval, the moment a customer asks something, the system searches your knowledge for relevant pieces. In augmented, those pieces are placed right beside the customer’s question, in the AI’s view. In generation, the AI writes its answer from what it now has in front of it.
Picture the intern again: a customer arrives with a question and, just before the intern opens their mouth, someone slides a few pages from the manual across the desk. The intern reads those pages, then answers. Without the pages they would invent something plausible. With the right pages they answer accurately. With the wrong pages they answer confidently and wrongly. That last sentence is the whole story — and, for a compliance owner, the wrong pages also include pages a public visitor should never have seen.
People picture the AI “reading” the knowledge base. The reality is the system slides a handful of pages onto its desk every time a customer asks something. Almost all the engineering — and almost all the failure cases — sit in deciding which pages.Gil Noh, ML Engineering at OMQ
Three ways AI is given your knowledge today
In practice, the “pages on the desk” come from one of three mechanisms. Most AI products use one or a combination.
The AI sends a few keywords to a search engine, receives snippets of public web pages and reads them. Good for general, public information. Less good when you need your specific version of a page — and it cannot see anything that is not public, which also means it offers no control over confidential content.
The standard mechanism behind “upload your PDFs and chat with them”. Behind the scenes your documents are chopped into small chunks. Each chunk is turned into a numerical “fingerprint” — an embedding. When a customer asks a question, the question is fingerprinted too, and the system fetches the chunks whose fingerprints are most similar. Those chunks are slid across the desk. It works surprisingly well in many cases — and has predictable weak spots.
The newest pattern. Instead of automatic retrieval, the AI decides for itself when to look something up and calls a function — “search the FAQ”, “look up the order”, “fetch the price list”. This gives the AI more deliberation, but the mechanism beneath each tool call is usually still one of the first two.
The unifying point: in every case, the AI is not reading your knowledge base the way a person reads a book. It is handed a small, often unlabelled handful of fragments and asked to write a confident answer.
The four natural limits — and the compliance one
Once you see the mechanism, the typical failure modes are unsurprising. They are nobody’s fault — they are the natural consequence of how the underlying methods work.
The first is stale snapshots: whatever the AI reads was indexed at some past moment. If your refund policy changed yesterday and the index is from last week, the AI reads last week’s version. The second is chunks that lost their context: when a long document is chopped into pieces, a single chunk can lose its heading, its preceding paragraph, the table it referred to. The AI reads “you may return the item within 14 days” — without the next sentence, “…except for special orders”. The third is multiple versions with no clear winner: your knowledge base holds the 2024 policy and the 2026 policy. Both get indexed, both come back, and without rules the AI picks one — sometimes the wrong one.
The fourth limit is the one a compliance or IT gatekeeper feels most sharply: no notion of who is allowed to see what. A pile of files is just a pile of files. Nothing in the mechanism itself knows “this section is for support agents only” or “this must never reach a public visitor”. If you do not gate it from outside, it can be retrieved by anyone — and that is precisely where data residency, GDPR and EU AI Act exposure live. These four are the recurring story in production AI customer service, and the four things every serious tool — OMQ included — has to engineer around.
How OMQ approaches the same problem
The retrieval mechanism inside OMQ is conceptually the same as everyone else’s: find relevant pieces of your knowledge, hand them to the AI, let it write the answer. What we add on top is structure — three layers of it — so the AI is always given the right pieces, freshly, and in the right priority. This is not an upgrade tier; it is how the system is built. For a compliance or IT owner, it is the difference between hoping a model behaves and being able to demonstrate, on the record, exactly what each channel is permitted to use.
Every piece of knowledge in OMQ carries two tags that decide its audience. A visibility says whether the asset is for the public-facing world, for internal teams, for agents to surface manually, or still a draft nobody should serve. A category says which segment it belongs to — a “general visitors” category, a “members-only” category, a “premium” category, a “support team” category. Categories can sit inside each other, so granting access to a parent category grants everything beneath it.
Each channel — the website chat, the email assistant, the voice bot, the agent’s assistant tool — has its own filter over visibility and category. The same knowledge base serves them all, but each only sees the slice it should. A public chat cannot accidentally surface an internal document; a members-only portal won’t miss a members-only answer. Importantly, this works the same whether the knowledge is a curated FAQ entry, a crawled web page, or an uploaded file. One model, three source types.
Knowledge ages, and OMQ handles this directly in two ways. Curated answers can carry a start date and an expiry date: a summer promotion automatically stops being served on 1 September, a retired policy on the day it is retired. The calendar handles it; nobody has to remember. Crawled web pages and uploaded files can be re-indexed on a schedule — daily, weekly, monthly — and can carry their own expiry dates. You don’t have to wonder when the snapshot was taken; you set the policy. Built into the data model, freshness also supports data-minimisation: content that should no longer exist in answers simply stops being served.
Entry A — Refund Policy: visibility public-facing · category billing, returns · German · valid from 1 January 2026, open-ended · used by website chat and email assistant · source: curated FAQ.
Entry B — Refund Exception List Q1-2026: visibility internal · category support team · German · valid until 1 April 2026 (expired — no longer served) · used by agent-assistant only · source: uploaded file.
This is the layer most tools never expose. Suppose a customer asks “how long does shipping take?” — and the answer appears both in a curated FAQ entry and on a crawled help-centre page. The two might phrase it slightly differently, or even disagree. Which should the AI use?
OMQ lets you decide, per channel: prefer the curated entry (“we hand-maintain our FAQ; trust it first, fall back to the website if the FAQ has nothing”), prefer the crawled source (“our web team keeps the live site current; trust it first”), or use both (“combine what’s found”). There is no universally right answer; different teams trust different sources. What matters for governance is that the decision — and therefore the audit trail — is yours, not the vendor’s.
Retrieval is only half the picture
Even with retrieval handled well — fresh, gated, prioritised — the AI can still err when it writes the actual answer. Misread a date, blend two retrieved entries, mis-state a number. That is the other half of the picture, and it is what the companion article, the Four-Eyes Principle for AI, is about.
In short: retrieval decides what the AI is allowed to see. The four-eyes review decides whether what the AI then writes is actually correct. Both, by default. That is how we build OMQ.
Conclusion
The key insight is undramatic: an AI does not read your knowledge base — it is handed a handful of fragments and writes an answer from them. Once that is clear, the engineering choices that make AI safe for customer service become far more legible. Stale snapshots, context-stripped fragments, conflicting versions and the missing access boundary are not glitches but the natural limits of the method — and the last of them is squarely a data-protection concern. OMQ meets them with three control layers — access, freshness and priority — reviews the output as well, and runs in the EU. For a compliance or IT owner, that means demonstrable control, a clear audit trail, and less exposure.