Hey Dev community, I'm excited to announce the launch of Pylar—a platform that lets you give AI agents safe, controlled access to your databases without the security risks.
One compromised agent can expose PII, financials, and sensitive data. Pylar sits between your databases and agents—sandbox the data you want exposed, compile it into agent-ready tools, and publish to any agent builder with one secure link.
The Problem with Agent Database Access
When you're building an AI agent that needs real data, giving it database access is the path of least resistance. Your agent needs customer data, analytics, or internal records, and frameworks make it easy to just plug in those credentials.
But production is a different story:
- What happens when your agent gets compromised through prompt injection?
- How do you ensure your agent only accesses the specific customer data it needs, not all customers?
- How do you prevent runaway queries that spike your database costs from $5K to $50K overnight?
- How do you audit what data agents accessed when your CISO asks during a SOC2 review?
- How do you give different agents different levels of access without creating separate database users for each one?
These aren't edge cases—they're fundamental requirements for any AI agent that's going to interact with internal databases with sensitive customer data.
When Salesforce's Agentforce was exploited earlier this year, the attacker got access to their entire CRM database. One compromised agent compromised their entire database. Traditional database security and permissions were built for humans, autonomous agents work differently, can be manipulated in various ways and work at machine scale causing massive risks.
What We Built
Pylar gives you four key capabilities:
1. Governed SQL Views
Create secure, scoped data views using our SQL IDE. These views are the only access level agents get—they never touch your raw database. You can join data across multiple databases (BigQuery, Snowflake, PostgreSQL and 100 other natively built integrations) in a single query. Agents can only query through your defined views, ensuring complete security and governance.
2. AI-Powered MCP Tool Creation
Turn your SQL views into MCP (Model Context Protocol) tools using natural language or manual configuration. Say "create a tool to fetch customer health scores" and Pylar configures it with necessary guardrails. Build multiple tools on a single view for different use cases. Pylar offers an environment to test tools before publishing to ensure they work correctly.
3. Framework-Agnostic Deployment
Publish once, connect to any agent builder. Get a single secure MCP server link and token, then paste it into Claude Desktop, LangGraph, Zapier, n8n, or any MCP-compatible platform. Update views or tools in Pylar, and changes reflect automatically everywhere—no redeployment needed.
4. Evals & Observability
See exactly how agents interact with your data. Track successful queries, identify errors, understand query patterns, and access full logs for debugging. Use insights to iteratively improve your views and tool configurations.
Why This Matters
AI agents are moving from demos to production. The difference between a hackathon project and a real product often comes down to handling data access correctly. We built Pylar because we kept hearing from developers that this was the hard part—not the LLM integration, not the prompt engineering, but the secure, governed access to structured data.
If an agent gets compromised, the blast radius is limited to what that specific agent needed, not your entire data warehouse. Database read replicas don't solve this—they just isolate query load, not security risk. Custom API wrappers work but create engineering bottlenecks. Security permissions for agents should be built differently than for humans. Pylar handles that for you.
Framework Support
Source Agnostic Data Layer
- Connect to all major data sources (warehouses, databases, SaaS tools)
- Built-in ELT for quick data transformation
- Support for Snowflake, Databricks, BigQuery, PostgreSQL, MongoDB, Amplitude, Salesforce, and 100+ sources
Agent Agnostic Execution Layer
- Publish packaged MCP servers to any agent framework
- Single secure header auth link for secure agent connections
- Framework-agnostic (works with Claude Desktop, LangGraph, n8n, Make, Zapier, etc.)
One MCP server, any framework. Your governance policies travel with the data, regardless of which agent builder your teams use.
Get Started
- Signup (14 day Free Trial)
- Documentation
- Talk to us
- Website
Happy to answer questions or give demos.
Top comments (0)