Data Agent Guardrails

Runtime authorization for data agents. Prevent unauthorized queries, protect PII, enforce record limits, and control schema access without modifying your agent's code.

Data agent securityAI data access controlData pipeline guardrails

Start free Learn about guardrails

Why data agents need guardrails

Data agents autonomously query databases, transform datasets, and move information between systems. This creates significant risk: a single malformed query can expose sensitive records, corrupt production data, or violate compliance requirements. Veto intercepts every database operation before execution, validating queries against configurable policies that enforce access controls, PII protection, and data governance rules.

Risks in autonomous data agents

Data agents with direct database access can cause significant damage without proper controls. Unlike traditional applications with fixed queries, agents generate dynamic SQL and data operations based on natural language requests, making them unpredictable and hard to secure.

Unauthorized queries

Agents may query tables they shouldn't access, exposing salary data, credentials, or other sensitive information.

PII exposure

Bulk exports and unrestricted SELECT queries can leak thousands of customer records in seconds.

Data exfiltration

Agents may export data to unauthorized destinations, bypassing DLP controls and compliance requirements.

Quick start

Wrap your data tools with Veto's protect() function. Define policies that validate queries, restrict access, and enforce limits.

from veto import protect, VetoClient

# Wrap your data tools with Veto protection
data_tools = protect([
    {
        "name": "query_database",
        "description": "Execute SQL queries against the data warehouse",
        "parameters": {
            "type": "object",
            "properties": {
                "query": {"type": "string"},
                "database": {"type": "string"},
            },
        },
    },
    {
        "name": "export_data",
        "description": "Export data to external formats",
        "parameters": {
            "type": "object",
            "properties": {
                "format": {"type": "string"},
                "records": {"type": "number"},
                "destination": {"type": "string"},
            },
        },
    },
    {
        "name": "modify_schema",
        "description": "Alter database tables and columns",
        "parameters": {
            "type": "object",
            "properties": {
                "table": {"type": "string"},
                "operation": {"type": "string"},
            },
        },
    },
])

# Initialize client for policy evaluation
veto = VetoClient(api_key="veto_live_xxx")

Real-world scenarios

Guardrails for the most common data agent use cases. Each scenario addresses specific risks that emerge when agents interact with databases and data pipelines.

Query validation

Validate every SQL query before execution. Block dangerous operations (DROP, DELETE, TRUNCATE), restrict table access based on user role, and enforce query patterns that prevent injection attacks. Log all queries for audit trails.

PII protection

Detect and redact personally identifiable information in query results. Enforce row-level security for tables containing SSNs, medical records, or financial data. Require approval for queries that access sensitive columns.

Record limits

Enforce maximum record counts for queries and exports. Prevent agents from pulling entire tables or exporting large datasets without approval. Rate-limit query frequency to prevent abuse and resource exhaustion.

Schema restrictions

Block schema modifications from agents. Require DBA approval for ALTER, CREATE, and DROP operations. Prevent agents from changing table structures that could break downstream systems or corrupt data integrity.

Common policies for data agents

Pre-built policy patterns for the most common data security requirements. Customize these rules for your organization's data governance standards.

Query filtering

Block DELETE, DROP, TRUNCATE operations
Restrict SELECT on sensitive tables
Enforce WHERE clauses on large tables
Validate JOIN patterns

Access control

Role-based table access
Department-level data isolation
Time-based access windows
Environment restrictions

Data protection

PII detection and masking
Export destination whitelisting
Record count limits
Column-level encryption

Audit and monitoring

Full query logging
Access pattern analysis
Anomaly detection alerts
Compliance reporting

Related use cases

Financial Agents

Transaction limits, approval workflows, SOX compliance

Healthcare Agents

PHI protection, HIPAA compliance, EHR access

Enterprise Agents

SSO, audit trails, multi-tenant isolation

Legal Agents

Document access control, client confidentiality

Frequently asked questions

How do guardrails prevent SQL injection from data agents?

Veto intercepts queries before they reach the database and validates them against policy rules. You can block patterns that indicate injection attempts, require parameterized queries, or enforce query structure rules. The guardrails operate independently of the agent's query generation logic.

Can guardrails detect PII in query results?

Yes. Veto can analyze query results for PII patterns like SSNs, credit card numbers, email addresses, and phone numbers. You can configure automatic redaction, masking, or approval requirements when PII is detected. This protection applies even when the agent didn't explicitly request sensitive data.

How do record limits work with paginated queries?

Guardrails track cumulative record access across a session. Even if an agent makes multiple paginated queries, the total record count is enforced. You can set per-query limits, session totals, or time-window quotas. When limits are approached, the agent receives configurable warnings or blocks.

Can I use different policies for different databases?

Yes. Policies can target specific tools or include context-based conditions. Create separate policies for production vs. development databases, or configure different rules for different data warehouses. The policy engine evaluates all applicable rules for each tool call.

How do guardrails integrate with existing data governance tools?

Veto complements existing governance infrastructure. It can enforce policies defined in your data catalog, integrate with identity providers for role-based access, and export decision logs to SIEM systems. The guardrails layer adds runtime enforcement to your governance policies.

Protect your data from autonomous agents.

Start free View Python SDK