Many organizations are experimenting with AI agents but moving them into production is far more complex. AI agents are increasingly acting as autonomous insiders, capable of accessing data and taking actions without direct human oversight. This introduces new risks around privacy, regulatory compliance, and unintended exposure of sensitive data. The challenge is no longer just what agents can do, but what they should be allowed to do, and whether they can be trusted to consistently operate within the boundaries of user authorization.
Today, we are excited to announce the availability of Oracle Deep Data Security in Oracle AI Database 26ai, a new approach to securing data access in the era of AI agents. Oracle Deep Data Security helps improve security and privacy by enforcing the end user’s authorization model directly in the database even when AI agents query data on the user’s behalf.
The Privileged Access Problem
Traditional applications often use highly privileged database connections because they serve many end users, with the application layer taking responsibility for restricting end users to their authorized data. This works because queries are predefined and tightly controlled, and developers can verify the authorization logic embedded in the application.
AI agents inherit the same highly privileged connection model with full access, but they are bound neither by predefined queries, nor by the responsibility of enforcing authorization. Like insiders with broad access, AI agents autonomously determine which queries to run, which path to take, and how to complete tasks without guaranteed alignment to user authorization. Worse, they can be influenced to generate unintended queries, potentially exposing unauthorized data.
In addition, many new applications are being vibe coded. Even if organizations don’t let agents directly access the data, vibe coded applications can’t be trusted to implement security perfectly.
With hundreds of AI agents now acting on data, the risk of sensitive data leakage has increased dramatically.
The solution to these problems is simple: enforce the user’s authorization model consistently regardless of how the data is accessed, whether through AI agents, regular or vibe-coded applications, or analytics. This is exactly what Oracle Deep Data Security delivers.
How Oracle Deep Data Security Solves the Problem
With Deep Data Security, user and agent identity, along with the execution context, can be propagated to the database at runtime. Declarative SQL policies determine what data at row, column, or cell level is visible for that user request and what actions are allowed. The results returned are limited to the data that the user is authorized to see.
Consider a simple Human Capital Management (HCM) scenario. An employee such as Emma may be authorized to view only her own HR record, including her personal fields. Her manager, Marvin, may be authorized to view his own HR record and those of Emma and his other reports, but not sensitive fields such as their SSN or home addresses. If an AI agent, application, or SQL tool queries the same HR data on behalf of either user, the database enforces the same end-user authorization rules before returning results. The access path may change, but the authorization boundary does not.
Instead of relying on the application tier to filter results after the fact, the database enforces authorization directly at the source. Even if the agent or the application take an unexpected path, generate a new query, or behave differently from what was intended, the database still applies the same authorization rules before any data is returned. Even for existing applications, Deep Data Security can provide the second line of defence. This is “security at the source” in action.
Deep Data Security also helps simplify how teams build and maintain AI-enabled applications. By centralizing enforcement in the database, there is no need to duplicate per-user data filtering logic and security policies across applications, services, and agents. Data access authorization rules can be updated centrally as applications and agents evolve, rather than being implemented and maintained in multiple places.
Analyst Perspectives on Deep Data Security
Many analysts have recognized that this is a critical architectural shift. Here’s what they’re saying:
Steve McDowell of NAND Research said “Oracle Deep Data Security introduces identity-aware, fine-grained access control enforced at the database layer rather than the application layer. It applies policies based on user identity, roles, and context across relational, vector, and lakehouse data sources. For enterprises deploying AI agents, this matters because agents operating autonomously on live data can otherwise access records far beyond any single user’s authorization. Deep Data Security enforces the boundary at the data source based on the original user’s access rights. This is a big step up from application-layer controls that are hard to enforce consistently across rapidly evolving agentic workflows, and which were not designed to combat AI-driven attacks.”
Alexei Balaganski, Lead Analyst and Chief Technology Officer at KuppingerCole Analysts observed that “It is tempting to assume that existing controls can simply be extended to protect data in the agentic AI age. Just add a few more APIs, tighten permissions, introduce additional validation layers, and everything should work as before. In practice, this approach no longer scales…unfortunately, in cybersecurity, optimism and hope are not sustainable strategies. This is where enforcing governance at the data layer becomes the most sensible approach. Oracle’s introduction of Deep Data Security illustrates this direction by embedding fine-grained authorization directly into the database. Policies are defined in terms of identity, roles, and context and applied at the level of rows, columns, or even individual data elements.”
Ron Westfall, VP and Practice Leader for Infrastructure and Networking at HyperFRAME Research, stated “Integrated directly into Oracle AI Database, Oracle Deep Data Security provides a database-native authorization framework that enforces precision access controls for users and AI agents. The system uses declarative SQL policies to isolate security logic from the application layer, creating a critical safeguard that prevents subverted AI agents from accessing unauthorized data during prompt injection attacks. By embedding user identity and runtime context, such as OAuth 2.0 tokens, directly into the database engine, Oracle ensures a unified security posture and a comprehensive audit trail for every data interaction.”
Taken together, these perspectives reinforce the same conclusion: in the agentic era, data security must be applied at the source, in the database itself, before any data is returned.
Security at the Source, Your Only Safe Choice
Oracle Deep Data Security in Oracle AI Database 26ai enables organizations to enforce end-user authorization models at scale in production environments. By applying highly granular access rules directly within the database, organizations can move AI agents from experimentation to production without relying on agents themselves to protect sensitive data.
In the agentic era, speed without control is risk. Enforcing security where the data resides allows organizations to deploy AI with confidence, ensuring every data access stays within the defined boundaries.
Ultimately, the only way to fully trust data privacy enforcement in the AI era is to implement it at the source—within the database.
Resources
Oracle Deep Data Security at Oracle.com
https://www.oracle.com/security/database-security/features/deep-data-security/
Oracle Deep Data Security Technical Report
https://www.oracle.com/a/ocom/docs/security/deep-data-security-technical-brief.pdf
Oracle Deep Data Security FAQ https://www.oracle.com/a/ocom/docs/security/deep-data-security-faq.pdf
Try Deep Data Security LiveLabs FastLabs
Lab 1: Getting Started with Oracle Deep Data Security
https://livelabs.oracle.com/ords/r/dbpm/livelabs/run-workshop?p210_wid=4393
Lab 2: Identity-Driven Data Access with Microsoft Entra ID and Deep Data Security
https://livelabs.oracle.com/ords/r/dbpm/livelabs/run-workshop?p210_wid=4396