CedarDB co-founder Lukas Vogel on why AI agents are forcing a long-overdue conversation about where enforcement actually lives. AI agents can now write and execute SQL. That changes everything about how you think about data security.
For decades, permission checks lived in the application layer. That worked fine when applications were deterministic. But agents generate queries dynamically, decide what actions to take, and move fast. If enforcement lives above the database, eventually something gets through that shouldn’t.
The answer isn’t a better prompt. It’s moving enforcement back to where it belongs: the database itself.
Lukas sat down with Shane Snider at Data Center Knowledge to talk through why this problem is real, why it’s not actually new, and what it means for teams building agentic applications today.
“Prompts don’t enforce business rules. Databases do.”
“If you want to give an agent access to the bottom of the stack, permissions have to live at the bottom of the stack.”
CedarDB was built from scratch for exactly this. No legacy assumptions, no workarounds. Row-level security and role-based access control enforced at the database layer, transactions and analytics in one engine, and a Postgres interface your agents already know how to use.
Read the full interview at Data Center Knowledge.
Want to see how CedarDB handles enforcement for agentic workloads? Book a demo.
