How to Block an AI Agent from Accessing My Database

SafeClaw by Authensor blocks AI agents from accessing your database by denying network connections, database CLI commands, and credential file reads through deny-by-default action gating. No database connection can be established unless you explicitly allow it in your policy. Install with npx @authensor/safeclaw and your data stays protected from the moment the agent starts.

Why Database Access Is a Critical Risk

Databases contain your most sensitive data — user records, payment information, authentication tokens, and business logic. An AI agent with database access can run destructive queries (DROP TABLE), exfiltrate data, modify records, or accidentally corrupt your schema. Even read-only access is dangerous if the agent can view personally identifiable information.

Most AI agents connect to databases by reading connection strings from .env files or running CLI tools like psql, mysql, or mongosh. SafeClaw blocks all of these vectors.

Step 1: Install SafeClaw

npx @authensor/safeclaw

Zero dependencies, MIT licensed. Works with Claude, OpenAI, and any agent framework.

Step 2: Block Database CLI Tools

# safeclaw.policy.yaml
rules:
  - action: shell.execute
    command_pattern: "psql *"
    effect: deny
    reason: "Block PostgreSQL CLI access"

- action: shell.execute
    command_pattern: "mysql *"
    effect: deny
    reason: "Block MySQL CLI access"

- action: shell.execute
    command_pattern: "mongosh *"
    effect: deny
    reason: "Block MongoDB shell access"

- action: shell.execute
    command_pattern: "mongo *"
    effect: deny
    reason: "Block legacy MongoDB shell"

- action: shell.execute
    command_pattern: "redis-cli *"
    effect: deny
    reason: "Block Redis CLI access"

- action: shell.execute
    command_pattern: "sqlite3 *"
    effect: deny
    reason: "Block SQLite CLI access"

Step 3: Block Connection String Files

Agents often read .env files to find database URLs. Block access to files containing connection strings:

rules:
  - action: file.read
    path: "**/.env"
    effect: deny
    reason: "Environment files contain database credentials"

- action: file.read
    path: "**/.env.local"
    effect: deny
    reason: "Local env files contain database credentials"

- action: file.read
    path: "**/.env.production"
    effect: deny
    reason: "Production env files are strictly off-limits"

- action: file.read
    path: "**/database.yml"
    effect: deny
    reason: "Rails database config contains credentials"

- action: file.read
    path: "*/knexfile."
    effect: deny
    reason: "Knex config contains database connection details"

Step 4: Block Network Connections to Database Ports

For agents that might attempt direct network connections:

rules:
  - action: network.connect
    port: 5432
    effect: deny
    reason: "Block PostgreSQL connections (port 5432)"

- action: network.connect
    port: 3306
    effect: deny
    reason: "Block MySQL connections (port 3306)"

- action: network.connect
    port: 27017
    effect: deny
    reason: "Block MongoDB connections (port 27017)"

- action: network.connect
    port: 6379
    effect: deny
    reason: "Block Redis connections (port 6379)"

Step 5: Allow Safe Database Operations (Optional)

If your agent needs to run migrations or seed scripts, create narrow exceptions with human approval:

rules:
  - action: shell.execute
    command_pattern: "npm run db:migrate"
    effect: allow
    conditions:
      - human_approval: required
    reason: "Allow pre-approved migration script with human review"

- action: shell.execute
    command_pattern: "npm run db:seed"
    effect: allow
    conditions:
      - human_approval: required
    reason: "Allow pre-approved seed script with human review"

Step 6: Verify and Audit

Run simulation mode to test your rules:

npx @authensor/safeclaw --simulate

Then check the hash-chained audit trail:

npx @authensor/safeclaw audit --filter "reason:database"

Every blocked database access attempt is logged with the full command, timestamp, and a tamper-proof hash chain linking it to previous entries.

Defense in Depth

SafeClaw's multi-layer approach means an agent cannot simply find a creative workaround. It cannot read the credentials, it cannot run the CLI tools, and it cannot open network connections to database ports. All three vectors are blocked simultaneously.

SafeClaw is open-source with 446 tests and works with both Claude and OpenAI providers.

Related Pages

• How to Prevent AI Agents from Accessing AWS Credentials
• Scenario: Agent Exfiltrated Database
• How to Stop AI Agents from Opening Network Ports
• Deep Dive: Network Policies for AI Agents
• How to Prevent AI Agents from Reading Dotfiles