Data scientists using AI agents to accelerate analysis, generate pipelines, or automate feature engineering face a unique risk profile: agents with access to raw datasets can exfiltrate PII, rack up cloud compute costs, or overwrite production data files without guardrails. SafeClaw by Authensor provides deny-by-default action gating that intercepts every file read, file write, shell command, and network request an AI agent attempts. Install with npx @authensor/safeclaw and define your data-specific policy in minutes.

Data Science Agent Risks

AI agents in data science workflows operate on datasets that frequently contain sensitive information — customer records, financial transactions, medical data, or proprietary business metrics. The specific risks include:

• Data exfiltration — agents sending dataset contents to external APIs, logging services, or LLM providers as part of their context window
• PII exposure — agents reading raw data files containing personally identifiable information and including that data in generated code or outputs
• Uncontrolled compute — agents spawning GPU training jobs, large Spark clusters, or calling paid API endpoints without cost awareness
• Dataset corruption — agents writing to source data files, overwriting cleaned datasets with intermediate results, or modifying parquet/CSV files in place
• Credential leakage — agents reading database connection strings, S3 credentials, or API tokens from notebook configs

SafeClaw Policy for Data Science Workflows

# safeclaw.yaml — data scientist policy
version: 1
default: deny

rules:
  - action: file_read
    path: "data/raw/**"
    decision: deny
    reason: "Block agent from reading raw PII datasets"

- action: file_read
    path: "data/processed/**"
    decision: allow
    reason: "Processed/anonymized data is safe to read"

- action: file_write
    path: "notebooks/*/.ipynb"
    decision: prompt
    reason: "Review generated notebook cells"

- action: file_write
    path: "data/**"
    decision: deny
    reason: "Block agent from modifying any data files"

- action: file_write
    path: "src/*/.py"
    decision: prompt
    reason: "Review pipeline code before write"

- action: shell_execute
    command: "python *"
    decision: prompt
    reason: "Review Python scripts before execution"

- action: shell_execute
    command: "pip install *"
    decision: prompt
    reason: "Review package installations"

- action: network_request
    destination: "*"
    decision: deny
    reason: "Block outbound network from agent"

- action: file_read
    path: "*/.env"
    decision: deny
    reason: "Block credential file reads"

The critical distinction here is the split between data/raw/ (denied) and data/processed/ (allowed). This enforces a data governance boundary — agents can only work with anonymized or aggregated datasets, never raw source data containing PII.

Preventing Expensive Compute Incidents

Data science agents commonly attempt to run training scripts or data processing jobs that consume significant compute resources. SafeClaw's shell_execute gating with decision: prompt ensures you review every Python invocation before it runs. This is especially valuable when agents generate scripts that call cloud APIs:

  - action: shell_execute
    command: "aws *"
    decision: deny
    reason: "Block direct AWS CLI usage"

- action: shell_execute
    command: "gcloud *"
    decision: deny
    reason: "Block direct GCP CLI usage"

Audit Trail for Data Governance

Every action attempt is recorded in SafeClaw's hash-chained audit log. For data scientists working under GDPR, HIPAA, or internal data governance policies, this provides proof that no agent accessed restricted datasets. The audit trail is local-only, tamper-evident, and exportable for compliance reporting. SafeClaw is MIT-licensed, backed by 446 tests, and works with both Claude and OpenAI agents.

Related pages:

• Data Exfiltration via Network Requests
• GDPR Compliance for AI Agents
• Data Analysis Agent Recipe
• HIPAA Agent Safeguards