Data Flow Control: Data Safety Policies for AI Agents

2026-06-04 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Data Science & Analytics, Cybersecurity & Data Privacy · Depth: Advanced, quick

Summary

Data Flow Control (DFC) is a new framework designed to enforce data safety policies for AI agents operating within database management systems (DBMS). Addressing the critical issue that AI-generated SQL queries, while semantically correct, can violate regulatory, privacy, or business constraints, DFC provides a declarative method to guarantee policy enforcement over tuple-level data flows. The framework formalizes data safety using aggregate predicates over provenance monomials. A key component, Passant, is a portable query rewriting layer that enforces DFC policies without materializing provenance. Passant demonstrates near-zero overhead (~0%) and superior performance compared to alternative methods across five diverse DBMS engines: DuckDB, Umbra, PostgreSQL, DataFusion, and SQLServer. This open-source initiative aims to integrate data safety directly into data infrastructure, moving beyond prompt-based or post-hoc checks.

Key takeaway

For AI Architects designing systems where agents generate SQL queries, Data Flow Control (DFC) offers a critical solution to ensure data safety beyond mere query correctness. You should evaluate integrating DFC's open-source framework, particularly Passant, into your data infrastructure to declaratively enforce regulatory, privacy, and business constraints directly within DBMS queries. This approach moves data safety from unreliable prompts to robust, infrastructure-level guarantees, preventing unintended data exposure or misuse by AI agents.

Key insights

Data Flow Control (DFC) enforces data safety policies for AI agents by integrating policy enforcement directly into DBMS query processing.

Principles

• Data safety requires policy enforcement within data infrastructure.
• Policy language must be optimizer-invariant and efficient.
• Provenance monomials enable formalizing data safety.

Method

Passant, a portable query rewriting layer, enforces DFC policies by rewriting queries to include aggregate predicates over provenance monomials, avoiding provenance materialization.

In practice

• Use DFC to prevent AI agents from violating data policies.
• Deploy Passant with DuckDB, Umbra, PostgreSQL, DataFusion, or SQLServer.
• Integrate open-source DFC for direct data safety enforcement.

Topics

• Data Flow Control
• AI Agents
• Data Safety Policies
• DBMS Query Rewriting
• SQL Security
• Provenance Monomials

Code references

• dataflowcontrol/data-flow-control

Best for: CTO, VP of Engineering/Data, Director of AI/ML, Data Engineer, AI Architect, AI Security Engineer

Related on AIssential

• Data Flow Control: Data Safety Policies for AI Agents — Data Flow Control (DFC) enforces tuple-level data safety policies directly within DBMS queries, ensuring compliance beyond mere correctness.
• Data Flow Control: Data Safety Policies for AI Agents — Data Flow Control (DFC) embeds data safety policies directly into DBMS queries for AI agents, ensuring compliance without performance overhead.
• Branches, Diffs, and SQL: How Dolt Powers Agentic Workflows — Dolt provides Git-style version control for SQL databases, enabling row-level branching, merging, and diffing for data and schema.
• The Data Agent Stack - Part 1: What Is a Data Agent? — A data agent is a governed analysis loop that proves answers, not just generates SQL, by integrating context and validation.
• Data science in 2026 — we’re all managers — Automation in data science shifts focus to managing coding agents, necessitating robust risk mitigation and framework-driven development.
• Xebia: Why AI agents fail without the right data foundation — AI agents require a robust, well-cataloged data foundation to perform accurately, lacking human fallback for data ambiguities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.