Deep Data Security
Agentic AI systems increasingly interact with production databases to read and write data. Excessive agency, prompt injection, and other security risks can allow guardrails to be bypassed, and expose confidential and privacy related data a user is not authorized to access.
Oracle Deep Data Security addresses this by enforcing fine-grained, database-layer authorization for agentic AI, analytics, and enterprise applications. Built into Oracle AI Database 26ai, it applies controls on data based on user identity and runtime context. With declarative SQL policies, developers can enforce row, column, and cell-level control limiting end users to authorized data—even if the application or agentic AI layer gets subverted or makes a mistake.
Why Oracle’s data-centric security matters for Agentic AI
AI is moving from responses to actions. Learn why governance and security must evolve with it in this KuppingerCole analyst perspective.
Why Deep Data Security
Mitigate AI risks
Agents and applications often connect through highly privileged service accounts to serve a broad user base, creating excessive agency and amplifying the impact of prompt injection or inadvertent errors.
Deep Data Security enforces least-privilege access for end-users and agents to mitigate the risks of large-scale data exfiltration and unauthorized transactions.
Control agent access
Agentic AI shifts data access and actions from fixed application flows to dynamic, agent-driven decisions. This removes the safety of fixed flows and requires strict guardrails with enforceable, auditable boundaries.
Deep Data Security enables agents to act within the end user’s or their own privileges. Centralized auditing helps provide accountability.
Decouple authorization from application logic
AI-generated (“vibe-coded”) and traditional applications may contain flawed authorization logic that exposes sensitive data. Access rules embedded in code are also difficult to change.
Deep Data Security uses database managed declarative SQL policies to help keep controls consistent and enable rapid updates.
Enforce access across workloads
Agents can analyze database schemas and directly execute SQL, bypassing application-level controls. These controls can also be circumvented through other access paths.
Deep Data Security enforces policies in the database for consistent access across applications, analytics, and agentic workloads.
How it works
1. Define authorization policies
Developers and security teams define declarative authorization policies in SQL. A policy specifies which operations end users and agents can perform on rows, columns, or individual cell values identified by a SQL predicate.
Policy example: Managers can view all columns except SSN and update salary for their direct reports.
2. Propagate identity and runtime context
End users, agents, applications, and roles are managed in IAM systems such as Microsoft Entra ID or OCI IAM. When an agent or application connects and executes SQL, OAuth2 tokens issued by IAM are used to pass the end-user and agent identity, roles, and other claims to the database.
3. Establish the runtime security context
Verified claims establish the security context in the database. The security context is an extensible, in-memory JSON document that includes user, environment, and application attributes sourced from IAM, application logic, or the database. Beyond identity and system-managed values, it can include organization, location, or other information required to enforce access.
4. Enforce policies during SQL execution
During SQL execution, policies are evaluated and enforced transparently by the database engine, so only authorized rows, columns, and cell values are returned. Unauthorized cell values are masked as NULL by default. SQL functions can be used to apply other masking formats.
Deep Data Security features
Deep Data Security is a declarative data access control system in Oracle AI Database 26ai. It is architected to simplify and modernize access control, enabling organizations to safely deploy agentic AI at scale while addressing security and privacy requirements.
Row, column, and cell-level security
Enforce least-privilege access at the granularity agentic AI and modern applications require—down to individual cell values on specific rows. Apply policies across relational tables/views, JSON duality views, and vector embeddings used in RAG workflows.
Declarative, SQL-native policies
Centrally manage authorization with declarative SQL policies to decouple access control from application logic and keep controls consistent as applications and agents evolve. Version, test, and deploy policy updates through CI/CD as policy-as-code.
Database-enforced authorization
Enforce controls consistently across applications, analytics, and agent workloads. Define workload-specific rules and exemptions for legacy applications as needed.
Identity- and context-aware access
Use verified identity and runtime context to determine what data end-users and agents can access, what operations they can perform, and under what conditions.
IAM integration
Manage end-users, roles, agents, and applications in IAM to strengthen security posture and centralize identity governance, without provisioning end-users in the database.
Identity propagation
Provide end-user and agent identity to the database at runtime, so access decisions and audit records reflect the actual user or agent, and not a shared service account.
Dynamic masking
Dynamically mask data based on cell-level authorization decisions; resistant to inference attacks that attempt to reveal restricted data by varying query filters.
Controlled privilege elevation
Execute sensitive operations with temporarily elevated privileges, scoped to approved workflows to help prevent agents from performing unrestricted database reads and writes, and minimize the use of highly privileged service accounts.
Authorization APIs
Check privileges at the row and individual cell level using SQL functions, so applications can tailor user interfaces and workflows based on what each user is authorized to do.
Centralized auditing
Audit end-user, agent, and administrative actions to support accountability, investigation, and compliance.
Discover the security features of Oracle AI Database 26ai
Resources
Analyst reports
-
KuppingerCole
- Agentic AI and Data Access Control as the New Security Perimeter (HTML) Omdia
- Architecting Trusted Agentic AI: How Oracle AI Database Powers Secure, Scalable, and Open AI Applications Optimized for Business Data (PDF) Wintercorp
- Oracle AI Database and Agentic AI: Secure, Practical Agentic AI for the Enterprise (PDF) Constellation Research
- Oracle Scales and Secures Your Transactional Workloads in the AI Era (PDF)
- How Oracle Maximum Availability Architecture Provides New Levels of Previously Unseen High Availability for Oracle AI Database (HTML) dbInsight
- Oracle AI Database 26ai: Putting Agents & Data on the Same Page (PDF) Futurum
- Oracle Redefines Mission-Critical Tiers as AI Workloads Demand Always-On Data (HTML) Hyperframe
- Oracle Transforms the Database into an Active AI Operating System (HTML)
- Oracle Reinvents Mission-Critical Infrastructure: Unifying Continuous Availability, AI-Ready Security, and Quantum Resilience (HTML) NAND Research
- Oracle Brings Mission-Critical Availability To The Agentic AI Era (HTML) Nucleus Research
- Oracle AI Database drives 87 percent faster data refresh (PDF)
AskTOM Oracle Database Security Office Hours
AskTOM Office Hours offers free, open Q&A sessions with Oracle Database experts who are eager to help you fully leverage the multitude of enterprise-strength database security tools available to your organization.
LiveLabs FastLab: Identity-Driven Data Access using Oracle Deep Data Security
This workshop introduces Oracle Deep Data Security, a new capability in Oracle AI Database 26ai that enforces fine-grained, identity-aware authorization directly in the database.
Learn how to define declarative security policies using Data Grants and enforce row-, column-, and cell-level access controls based on end-user identity and runtime context.
Explore how Oracle Deep Data Security helps secure agentic AI, analytics, and enterprise applications by ensuring that users and AI agents can access only the data they are authorized to see, even when executing dynamic SQL.
Introducing Oracle Deep Data Security: AI-aware data access control in Oracle AI Database 26ai
Roger Wigenstam, Distinguished Product Manager, Deep Data Security, OracleAs organizations move agentic AI into production, maintaining safe and auditable access to enterprise data becomes challenging. Agents can make mistakes or be manipulated into executing SQL that exposes sensitive data or modifies protected records, creating security, privacy, and compliance risk. That risk is amplified as agents and applications connect to databases with highly privileged service accounts on behalf of their end-users. This often requires broad access and increases the risk that any exploit or misstep can lead to large-scale exfiltration or unauthorized access. To help address these challenges, we are introducing Oracle Deep Data Security, a next-generation data access control system in Oracle AI Database 26ai.
Featured database security blogs
- April 8, 2026Introducing Oracle Database Security Central: Taking Control of Database Security Across Your Fleet
- January 26, 2026Oracle AI Database 26ai achieves Common Criteria certification and completes laboratory testing for FIPS 140-3
- January 26, 2026Both is better – Oracle AI Database 26ai adds hybrid-mode quantum-resistant support
- December 10, 2025 Oracle Key Vault is now available on Oracle Database Appliance
- Continue readingSee all
Get started with Oracle database security
Try Deep Data Security FastLab #1
This workshop introduces Oracle Deep Data Security, a new capability in Oracle AI Database 26ai that enforces fine-grained, identity-aware authorization directly in the database.
Learn how to define declarative security policies using Data Grants and enforce row-, column-, and cell-level access controls based on end-user identity and runtime context.
Explore how Oracle Deep Data Security helps secure agentic AI, analytics, and enterprise applications by ensuring that users and AI agents can access only the data they are authorized to see, even when executing dynamic SQL. Try Deep Data Security now
Try Deep Data Security FastLab #2
This workshop builds on Deep Data Security FastLab #1 by adding enterprise identity integration with Microsoft Entra ID.
Emma and Marvin no longer authenticate with database passwords. They sign in with their Microsoft Entra ID credentials, and Oracle Database reads their identity and app roles from their OAuth token to automatically activate the matching Deep Data Security data roles.
The result is centralized, identity-driven data access control without application code changes, proxies, or middleware. Oracle Database enforces access directly in the database, restricting users to only the data they are authorized to see, regardless of the SQL statement they run.