As organizations move agentic AI into production, maintaining safe and auditable access to enterprise data becomes challenging. Agents can make mistakes or be manipulated into executing SQL that exposes sensitive data or modifies protected records, creating security, privacy, and compliance risk.
That risk is amplified as agents and applications connect to databases with highly privileged service accounts on behalf of their end-users. This often requires broad access and increases the risk that any exploit or misstep can lead to large-scale exfiltration or unauthorized access.
Access control has historically been enforced in the application layer. This approach breaks down when SQL is dynamically constructed by agents and cannot be practically reviewed or tested for safety or correctness. This can be further exacerbated by AI-assisted application development (“vibe coding”), where insecure authorization patterns may be reproduced from the training dataset. Retrieval-Augmented Generation (RAG) workflows that use semantic search over vector embeddings are similarly difficult to secure using application-layer controls.
To help address these challenges, we are introducing Oracle Deep Data Security, a next-generation data access control system in Oracle AI Database 26ai.
Database-native access control for agentic AI, analytics, and enterprise applications
Oracle Deep Data Security is a database-native authorization system designed to give developers and security teams the necessary controls to manage end-user and agent access across agentic, analytics, and enterprise application workloads. It simplifies and modernizes access control so that organizations can safely adopt agentic AI while helping them address security and privacy requirements.
Key capabilities include:
Identity- and context-aware access control
Deep Data Security supports transparent and secure identity propagation so end-user and agent identities, roles, and attributes can be relayed to the database at runtime. The database then uses this context to enforce policies that control what users and agents can do under which conditions, and to generate audit records that captures user activity.
Fine-grained, database-enforced authorization
The Deep Data Security authorization model supports fine-grained row, column, and cell-level security, enabling least-privilege access so that users and agents only have access to their authorized data elements. Because policies are enforced in the database, access control is applied centrally and consistently across multiple applications and agents sharing the same data.
Declarative, SQL-native policies for evolving workloads
Authorization policies are expressed declaratively in SQL, decoupling access control from application logic and keeping rules consistent as applications and agents evolve. This makes policies easier to update to address new requirements and reduces the need for developers to reimplement authorization logic in each application, accelerating development. Workload-specific rules can also be defined so that developers can extend legacy applications with AI by enforcing agent access on shared schemas while allowing legacy workflows to continue without disruption.
Controlled privilege elevation
Sensitive operations can be executed with temporarily elevated privileges that are limited to approved workflows. This helps prevent agents from performing unrestricted database reads and writes, and can help remove the need for shared, high-privilege service accounts.
Key takeaways
Agentic AI shifts data access and actions from fixed application flows to dynamic, agent-driven decisions. This requires access boundaries that remain enforceable and auditable across rapidly changing workflows. Deep Data Security in Oracle AI Database 26ai delivers database-enforced authorization to support safer AI adoption by enforcing least-privilege access for end-users and agents, while preserving the user identity in audit records for compliance purposes.
Learn more
Expanding Oracle’s database security portfolio, Oracle Deep Data Security extends and modernizes Oracle Virtual Private Database and Real Application Security, moving from earlier procedural PL/SQL and API-driven controls to declarative policies in SQL. Visit the Oracle Deep Data Security page on oracle.com to learn more. For a technical briefing, contact your Oracle team.
Availability details will be announced soon. In the meantime, consider:
· Building an inventory of AI agents and applications that access sensitive data in your databases
· Defining who can access what data and under what conditions
· Using IAM to manage end users, agents, and applications