To address sensitive data leakage and the absence of fine-grained access control in enterprise multilingual multimodal large language model (LLM) deployment, this paper proposes a permission-aware, training-free LoRA routing framework. Our method dynamically retrieves and weightedly fuses permission-matched LoRA adapters based on similarity between query and document embeddings, enabling cross-modal plug-and-play adaptation and strong information isolation. Critically, it requires no additional routing training; instead, multimodal alignment and permission-aware response generation are inherently embedded within the fusion process. Evaluated on two enterprise-scale datasets, our approach matches or surpasses state-of-the-art LoRA mixture methods in task performance while providing formal guarantees of information isolation. This significantly enhances controllability and practicality of LLMs in high-security operational environments.

Corporate LLMs are gaining traction for efficient knowledge dissemination and management within organizations. However, as current LLMs are vulnerable to leaking sensitive information, it has proven difficult to apply them in settings where strict access control is necessary. To this end, we design AC-LoRA, an end-to-end system for access control-aware corporate LLM chatbots that maintains a strong information isolation guarantee. AC-LoRA maintains separate LoRA adapters for permissioned datasets, along with the document embedding they are finetuned on. AC-LoRA retrieves a precise set of LoRA adapters based on the similarity score with the user query and their permission. This similarity score is later used to merge the responses if more than one LoRA is retrieved, without requiring any additional training for LoRA routing. We provide an end-to-end prototype of AC-LoRA, evaluate it on two datasets, and show that AC-LoRA matches or even exceeds the performance of state-of-the-art LoRA mixing techniques while providing strong isolation guarantees. Furthermore, we show that AC-LoRA design can be directly applied to different modalities.