Pinecone has introduced two new security features: Customer-Managed Encryption Keys (CMEK) and Role-Based Access Control (RBAC) with API key roles, enhancing security and control for data stored in their serverless platform. CMEK allows customers to manage their encryption keys for greater control over data access, supporting compliance with regulations like GDPR and HIPAA, and providing enhanced tenant isolation through hierarchical encryption. This system uses Key Encryption Keys (KEKs) and Data Encryption Keys (DEKs) to secure data without the direct use of the customer's AWS key for each file, optimizing performance and security. The expanded RBAC system with API key roles offers a more granular access control, improving security management by assigning specific permissions to API keys, thereby streamlining operations and mitigating risks. These features are currently available in public preview, with CMEK initially supporting AWS, and future plans to extend support to Azure and GCP.