Deep Data Security
Agentic AI systems increasingly interact with production databases to read and write data. Excessive agency, prompt injection, and other security risks can allow guardrails to be bypassed, and expose confidential and privacy related data a user is not authorized to access.
Oracle Deep Data Security addresses this by enforcing fine-grained, database-layer authorization for agentic AI, analytics, and enterprise applications. Built into Oracle AI Database 26ai, it applies controls on data based on user identity and runtime context. With declarative SQL policies, developers can enforce row, column, and cell-level control limiting end users to authorized data—even if the application or agentic AI layer gets subverted or makes a mistake.
Discover the security features of Oracle AI Database 26ai
Why Deep Data Security
Mitigate AI risks
Agents and applications often connect through highly privileged service accounts to serve a broad user base, creating excessive agency and amplifying the impact of prompt injection or inadvertent errors.
Deep Data Security enforces least-privilege access for end-users and agents to mitigate the risks of large-scale data exfiltration and unauthorized transactions.
Control agent access
Agentic AI shifts data access and actions from fixed application flows to dynamic, agent-driven decisions. This removes the safety of fixed flows and requires strict guardrails with enforceable, auditable boundaries.
Deep Data Security enables agents to act within the end user’s or their own privileges. Centralized auditing helps provide accountability.
Decouple authorization from application logic
AI-generated (“vibe-coded”) and traditional applications may contain flawed authorization logic that exposes sensitive data. Access rules embedded in code are also difficult to change.
Deep Data Security uses database managed declarative SQL policies to help keep controls consistent and enable rapid updates.
Enforce access across workloads
Agents can analyze database schemas and directly execute SQL, bypassing application-level controls. These controls can also be circumvented through other access paths.
Deep Data Security enforces policies in the database for consistent access across applications, analytics, and agentic workloads.
How it works
1. Define authorization policies
Developers and security teams define declarative authorization policies in SQL. A policy specifies which operations end users and agents can perform on rows, columns, or individual cell values identified by a SQL predicate.
Policy example: Managers can view all columns except SSN and update salary for their direct reports.
2. Propagate identity and runtime context
End users, agents, applications, and roles are managed in IAM systems such as Microsoft Entra ID or OCI IAM. When an agent or application connects and executes SQL, OAuth2 tokens issued by IAM are used to pass the end-user and agent identity, roles, and other claims to the database.
3. Establish the runtime security context
Verified claims establish the security context in the database. The security context is an extensible, in-memory JSON document that includes user, environment, and application attributes sourced from IAM, application logic, or the database. Beyond identity and system-managed values, it can include organization, location, or other information required to enforce access.
4. Enforce policies during SQL execution
During SQL execution, policies are evaluated and enforced transparently by the database engine, so only authorized rows, columns, and cell values are returned. Unauthorized cell values are masked as NULL by default. SQL functions can be used to apply other masking formats.
Deep Data Security features
Deep Data Security is a declarative data access control system in Oracle AI Database 26ai. It is architected to simplify and modernize access control, enabling organizations to safely deploy agentic AI at scale while addressing security and privacy requirements.
Row, column, and cell-level security
Enforce least-privilege access at the granularity agentic AI and modern applications require—down to individual cell values on specific rows. Apply policies across relational tables/views, JSON duality views, and vector embeddings used in RAG workflows.
Declarative, SQL-native policies
Centrally manage authorization with declarative SQL policies to decouple access control from application logic and keep controls consistent as applications and agents evolve. Version, test, and deploy policy updates through CI/CD as policy-as-code.
Database-enforced authorization
Enforce controls consistently across applications, analytics, and agent workloads. Define workload-specific rules and exemptions for legacy applications as needed.
Identity- and context-aware access
Use verified identity and runtime context to determine what data end-users and agents can access, what operations they can perform, and under what conditions.
IAM integration
Manage end-users, roles, agents, and applications in IAM to strengthen security posture and centralize identity governance—without provisioning end-users in the database.
Identity propagation
Provide end-user and agent identity to the database at runtime, so access decisions and audit records reflect the actual user or agent, and not a shared service account.
Dynamic masking
Dynamically mask data based on cell-level authorization decisions; resistant to inference attacks that attempt to reveal restricted data by varying query filters.
Controlled privilege elevation
Execute sensitive operations with temporarily elevated privileges, scoped to approved workflows to help prevent agents from performing unrestricted database reads and writes, and minimize the use of highly privileged service accounts.
Authorization APIs
Check privileges at the row and individual cell level using SQL functions, so applications can tailor user interfaces and workflows based on what each user is authorized to do.
Centralized auditing
Audit end-user, agent, and administrative actions to support accountability, investigation, and compliance.
Resources
AskTOM Oracle Database Security Office Hours
AskTOM Office Hours offers free, open Q&A sessions with Oracle Database experts who are eager to help you fully leverage the multitude of enterprise-strength database security tools available to your organization.
Introducing Oracle Deep Data Security: AI-aware data access control in Oracle AI Database 26ai
Roger Wigenstam, Distinguished Product Manager, Deep Data Security, OracleAs organizations move agentic AI into production, maintaining safe and auditable access to enterprise data becomes challenging. Agents can make mistakes or be manipulated into executing SQL that exposes sensitive data or modifies protected records, creating security, privacy, and compliance risk. That risk is amplified as agents and applications connect to databases with highly privileged service accounts on behalf of their end-users. This often requires broad access and increases the risk that any exploit or misstep can lead to large-scale exfiltration or unauthorized access. To help address these challenges, we are introducing Oracle Deep Data Security, a next-generation data access control system in Oracle AI Database 26ai.
Featured database security blogs
- January 26, 2026Oracle AI Database 26ai achieves Common Criteria certification and completes laboratory testing for FIPS 140-3
- January 26, 2026Both is better – Oracle AI Database 26ai adds hybrid-mode quantum-resistant support
- December 10, 2025 Oracle Key Vault is now available on Oracle Database Appliance
- December 9, 2025Keep your Oracle Audit Vault and Database Firewall (AVDF) Deployment Up to Date
- Continue readingSee all