ISOLATION.

14 multi-tenant systems audited across RLS, namespace, cache, queue. 4 systems leak data across tenants at one or more layers. 2 leak via cache keys that don't include tenant ID.

Multi-tenant by default is single-tenant breach by accident.

TI-009 · Redis session cache CROSS-TENANT

Cache key omits tenant prefix. Sessions collide between accounts.

Prefix tenant ID in all keys, flush cache, notify affected tenants.