AI agents are powerful, but they introduce a serious new risk: they act as autonomous insiders with broad database access. Traditional application-layer security can’t keep up. Oracle Deep Data Security changes that by enforcing end-user authorization directly inside the database — even when AI agents, vibe-coded apps, or analytics tools query data on a user’s behalf.
Now available in Oracle AI Database 26ai, Deep Data Security brings true “security at the source” to the agentic era.
The Problem: Privileged Access in the AI Era
Most applications use highly privileged database connections. The app layer is supposed to filter data for each user. But AI agents don’t follow predefined queries — they generate their own. This creates massive risk of unauthorized data exposure, especially with prompt injection or unexpected agent behavior.
Even vibe-coded or rapidly evolving applications can’t be trusted to enforce security perfectly every time.
How Oracle Deep Data Security Solves It
Deep Data Security lets you propagate the real end-user identity and context (via OAuth tokens or direct authentication) into the database at runtime. Declarative data grants then enforce row-level, column-level, and cell-level access based on who the user is — not on what the application or agent asks for.
The database automatically rewrites every query to apply the correct authorization rules before any data is returned. This works consistently whether the request comes from a traditional app, an AI agent, or a direct SQL query.
Real-World Example: Human Capital Management (HCM)
Consider an HR table containing sensitive employee data (SSN, salary, phone number, etc.).
- Emma (employee) should only see her own record.
- Marvin (her manager) should see his own record plus his direct reports, but not SSN or home address.
With Deep Data Security, both users (or any AI agent acting on their behalf) can query the same table. The database automatically returns only the data each person is authorized to see — no application code required.
Key Capabilities
- End users (distinct from schema users) authenticate directly to the database
- Data roles + data grants define precise row/column access using predicates
ORA_END_USER_CONTEXT.usernameresolves the current user’s identity at runtime- Works for AI agents, traditional apps, analytics tools, and direct SQL
- Centralized policy management — no duplication of security logic across layers
Getting Started (FastLab Highlights)
Oracle provides a complete LiveLab to explore Deep Data Security in minutes. Here’s the core flow:
- Create end users (Emma and Marvin)
- Define data roles (HRAPP_EMPLOYEES and HRAPP_MANAGERS)
- Create data grants with predicates like:
or manager lookup logicWHERE upper(user_name) = upper(ORA_END_USER_CONTEXT.username) - Connect as each user and run queries — the database enforces boundaries automatically
Even if an AI agent generates unexpected SQL, the results are still correctly restricted.
Analyst Perspective
Leading analysts agree this is a critical shift for the agentic era:
“Oracle Deep Data Security introduces identity-aware, fine-grained access control enforced at the database layer… This is a big step up from application-layer controls that are hard to enforce consistently across rapidly evolving agentic workflows.” — Steve McDowell, NAND Research
Conclusion
In the age of autonomous AI agents, security at the application layer is no longer enough. Oracle Deep Data Security moves enforcement to the database — where the data lives — giving you consistent, trustworthy, and auditable protection regardless of how data is accessed.