Introduction

AI agents are rapidly becoming the primary interface for enterprise applications, enabling users to retrieve information through natural language. However, this convenience introduces a critical security challenge: 

How do you ensure an AI agent accesses only the data the signed-in user is authorized to see?

Oracle Deep Data Security addresses this at the database layer. Built into Oracle AI Database 26ai, it enforces fine-grained authorization using trusted user identity, runtime context, and declarative SQL data grants. Even if an AI agent generates a broad query, the database limits the result to authorized rows, columns, and cell values.

With AI agents, the question is no longer just “Can the agent answer the question?” but “Can it be trusted to access only the right data?” Oracle Deep Data Security provides that assurance.

DDS_Security3

Why AI Agents Need Database-Level Authorization

Many AI applications connect to databases using a shared service account. While this simplifies application development, it creates a security gap: the service account often has broader privileges than the business user.

Without database-enforced authorization, an AI agent can unintentionally retrieve sensitive data such as salaries or Social Security Numbers even when the requesting user should never see them.

Deep Data Security moves authorization into the database itself, ensuring every query is evaluated using the authenticated end-user identity instead of the application’s database account.

Simple Demo Architecture

This Blog will help you to understand with simple Demo Architecture and it consists of four components:

  1. OCI IAM authenticates the end user. 
  2. A Python Flask AI application converts natural language into SQL. 
  3. Oracle AI Database 26ai executes the generated SQL. 
  4. Deep Data Security enforces authorization based on the authenticated OCI IAM identity.

Before Deep Data Security

In the baseline implementation, the AI application connects using a shared service account named AI_AGENT_BASELINE.

For Example:

Suppose both Alex (a manager) and Indira (an employee) ask exactly the same question:

Show me every employee salary and SSN.

The AI agent generates the same SQL statement for both users:

SQL> SELECT employee_id, first_name, last_name, job_code, department_id, ssn, phone_number, salary, user_name, manager_id FROM hr.employees ORDER BY employee_id;
Tbale_Before_DSS

Because the service account has unrestricted access, both users receive the complete HR table, including every employee’s salary and SSN.

The AI agent behaves correctly but the database has no knowledge of who actually requested the data.

AI Agent Return Result set: ALL Rows

Before_DDS

After Deep Data Security

The application still connects using a service account, but authorization is no longer based on that account.

Instead, Oracle AI Database validates the OCI IAM token, establishes the authenticated enduser context, activates the appropriate data roles, and applies SQL data grants during query execution.

The AI agent generates exactly the same SQL statement as before.

The difference is that the database now filters the result automatically.

Table_After_DSS

Same Prompt. Same SQL. Different Results.

Oracle AI Database produces different result sets because Deep Data Security evaluates the authenticated OCI IAM identity before returning data.

The AI agent does not need to understand security policies. The database already does.

AI Agent Return Result set:

After_DDS

Why Deep Data Security Is Different

Unlike traditional application security, Deep Data Security enforces authorization where the data resides.

This provides three independent security boundaries:

  • Identity Boundary : OCI IAM establishes the trusted user identity. 
  • Application Boundary : Oracle validates the OAuth client application. 
  • Data Boundary : SQL Data Grants enforce row-, column-, and cell-level access inside the database. 

Even if an AI agent generates an overly broad SQL statement, the database returns only authorized data.

Conclusion

AI agents should not be responsible for enforcing security policies. Their job is to answer questions and not determine who can access sensitive data.

Oracle AI Database 26ai Deep Data Security shifts authorization to the database layer, where it belongs. By combining OCI IAM identities with declarative SQL Data Grants, organizations can safely deploy AI-powered applications without risking data overexposure.

The result is simple: The AI agent can ask for everything. The database returns only what the user is authorized to see.

If you are interested in running the demo end to end, please refer to the step-by-step run book and Python agent code in the GitHub repository below. It includes the materials needed to reproduce this Deep Data Security AI agent demo on a compute instance along with Oracle AI Database 26ai.

https://github.com/kovurualex/Cyber-Security/tree/main/Scripts-to-Cyber-Security/Deep-Data-Security

Reference links :

https://www.oracle.com/security/database-security/features/deep-data-security

https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/understand-oracle-deep-data-security.html