The riskiest AI database workflow is not a bad SELECT.
It is a write that looks reasonable.
Update the customer status.
Fix the subscription record.
Mark these invoices as reviewed.
Some writes are legitimate.
That does not mean the model should approve them.
The model should propose, not decide
An AI agent can help prepare a change:
- inspect context
- draft the SQL or API call
- explain the expected side effect
- identify related records
- produce a dry-run summary
But approval should live outside the model loop.
If the same system that generated the change also decides it is safe, the approval gate is mostly theater.
Show the diff before approval
A useful approval request should include:
- exact operation
- affected entity IDs
- before and after values
- estimated row count
- policy rule that requires approval
- rollback or compensation path
- audit identifier
Approval is not a substitute for scope.
Writes still need tenant scope, role separation, type validation, and deterministic execution.
Longer version: Approval gates for AI database writes
The practical rule:
The model can prepare the change. Infrastructure and humans decide whether it runs.
Top comments (0)