2026-01-12 · Authensor

How to Gate Database Queries from AI Agents

SafeClaw by Authensor blocks database queries from AI agents by default, preventing unauthorized reads, destructive writes, schema modifications, and data exfiltration through database connections. Install SafeClaw with npx @authensor/safeclaw and every database operation — whether executed via shell clients or programmatic APIs — is denied and audit-logged until your policy permits specific query types.

Why Database Queries Are Dangerous When AI Agents Do It

An AI agent with database access can DROP TABLE, DELETE FROM users, UPDATE accounts SET balance=0, or SELECT * FROM secrets and exfiltrate the results. Database operations are often immediately committed and difficult to reverse. Agents construct SQL from natural language instructions, making them vulnerable to prompt injection that produces destructive queries. A data analysis agent asked to "clean up old records" might interpret that as DELETE FROM orders WHERE created_at < '2024-01-01' without a WHERE clause safety check. Even read-only access is dangerous if the agent can SELECT sensitive data and relay it through other channels.

The Exact SafeClaw Policy to Gate Database Queries

Add these rules to .safeclaw/policy.yaml:

rules:
  # Permanently deny destructive operations
  - id: deny-db-drop
    action: database.query
    match:
      query: "DROP "
    effect: deny
    audit: true
    message: "DROP operations are permanently denied for AI agents."


- id: deny-db-truncate
    action: database.query
    match:
      query: "TRUNCATE "
    effect: deny
    audit: true
    message: "TRUNCATE operations are permanently denied."



- id: deny-db-delete
    action: database.query
    match:
      query: "DELETE "
    effect: deny
    audit: true
    message: "DELETE operations require human execution."



- id: deny-db-alter
    action: database.query
    match:
      query: "ALTER "
    effect: deny
    audit: true
    message: "Schema alterations are blocked for AI agents."



# Gate write operations through approval
  - id: approve-db-update
    action: database.query
    match:
      query: "UPDATE "
    effect: approval
    audit: true
    approvers:
      - role: dba
    timeout: 300
    message: "UPDATE queries require DBA approval."



- id: approve-db-insert
    action: database.query
    match:
      query: "INSERT "
    effect: approval
    audit: true
    approvers:
      - role: dba
    timeout: 300
    message: "INSERT queries require DBA approval."



# Allow read-only queries
  - id: allow-db-select
    action: database.query
    match:
      query: "SELECT *"
    effect: allow
    audit: true



# Deny everything else
  - id: deny-db-all
    action: database.query
    match:
      query: "*"
    effect: deny
    audit: true
    message: "Database query not in allowlist."

Also block shell-based database clients:

  - id: deny-psql
    action: shell.exec
    match:
      command: "psql*"
    effect: deny
    audit: true
    message: "Direct psql access is blocked. Use gated database.query actions."


- id: deny-mysql-client
    action: shell.exec
    match:
      command: "mysql *"
    effect: deny
    audit: true
    message: "Direct mysql client access is blocked."

What Happens When the Agent Tries

When an agent attempts a DROP TABLE users query:

  1. SafeClaw intercepts the database.query action.
  2. The deny-db-drop rule matches DROP .
  3. The query is blocked. No SQL reaches the database.
  4. Audit entry:
{
  "timestamp": "2026-02-13T09:45:22Z",
  "action": "database.query",
  "query": "DROP TABLE users",
  "effect": "deny",
  "rule": "deny-db-drop",
  "agent": "data-agent-06",
  "hash": "f3a7c2...chain"
}

When the agent runs SELECT COUNT(*) FROM orders, the allow-db-select rule matches and the query executes, but the audit log still records it — providing a complete record of what data the agent accessed.

Restricting SELECT Queries

For environments with sensitive data, gate even SELECT queries:

rules:
  - id: deny-select-sensitive
    action: database.query
    match:
      query: "SELECTFROMusers*"
    effect: deny
    audit: true
    message: "Queries against the users table are denied."


- id: deny-select-secrets
    action: database.query
    match:
      query: "SELECTFROMsecrets*"
    effect: deny
    audit: true
    message: "Queries against the secrets table are denied."



- id: allow-select-analytics
    action: database.query
    match:
      query: "SELECTFROManalytics*"
    effect: allow
    audit: true



- id: deny-db-all
    action: database.query
    match:
      query: "*"
    effect: deny
    audit: true
    message: "Only analytics table queries are permitted."

Verification

npx @authensor/safeclaw simulate --action 'database.query' --query 'DROP TABLE users'

Expected: deny, rule: deny-db-drop



npx @authensor/safeclaw simulate --action 'database.query' --query 'SELECT * FROM orders'
Expected: allow, rule: allow-db-select

Related Pages

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw