Data Flow Control: Data Safety Policies for AI Agents

2026-06-06 · Source: cs.AI updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Data Science & Analytics, Cybersecurity & Data Privacy · Depth: Expert, extended

Summary

Data Flow Control (DFC) is a framework designed to declaratively specify and guarantee policy enforcement over tuple-level data flows within database management system (DBMS) queries. Addressing the critical distinction between query correctness and data safety, DFC tackles regulatory, privacy, and business constraints that AI agents increasingly violate when generating SQL or orchestrating data analysis. The accompanying portable query rewriting layer, Passant, enforces DFC policies across five DBMS engines—DuckDB, Umbra, PostgreSQL, DataFusion, and SQLServer—achieving approximately 0% overhead and outperforming alternatives by orders of magnitude. This moves data safety from probabilistic prompts and post-hoc checks directly into data infrastructure.

Key takeaway

For Data Engineers and AI Architects building agent-driven data systems, Data Flow Control (DFC) offers a deterministic solution for data safety. You should integrate DFC's Passant rewriting layer to enforce regulatory, privacy, and business policies directly within your DBMS queries. This approach guarantees compliance with near-zero overhead, eliminating reliance on probabilistic LLM checks and ensuring "safe by default" data infrastructure. Consider adopting PGN for declarative policy specification.

Key insights

Data Flow Control (DFC) enforces tuple-level data safety policies directly within DBMS queries, ensuring compliance beyond mere correctness.

Principles

• Enforce data safety at the data layer.
• Govern data flows, not just access.
• LLMs Not Required.

Method

Passant, a query rewriting layer, enforces DFC policies by transforming base queries to evaluate policy aggregates inline during execution, avoiding provenance materialization. It uses Full-Push and Partial-Push strategies.

In practice

• Prevent non-privileged accounts from releasing unaggregated receipts.
• Ground agent-generated expenses to real receipts, preventing hallucination.
• Enforce tax laws, like 50% deduction limit for meals.

Topics

• Data Flow Control
• AI Agent Safety
• Database Policy Enforcement
• Query Rewriting
• Data Provenance
• Passant Framework

Code references

• dataflowcontrol/data-flow-control
• haneensa/lineage

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Scientist, AI Architect, Data Engineer

Related on AIssential

• Data Flow Control: Data Safety Policies for AI Agents — Data Flow Control (DFC) enforces data safety policies for AI agents by integrating policy enforcement directly into DBMS query processing.
• Data Flow Control: Data Safety Policies for AI Agents — Data Flow Control (DFC) embeds data safety policies directly into DBMS queries for AI agents, ensuring compliance without performance overhead.
• Data science in 2026 — we’re all managers — Automation in data science shifts focus to managing coding agents, necessitating robust risk mitigation and framework-driven development.
• Your LLM issues are really data issues — Inconsistent data and weak governance undermine analytics and ML, necessitating AI-ready data practices.
• The Data Agent Stack - Part 1: What Is a Data Agent? — A data agent is a governed analysis loop that proves answers, not just generates SQL, by integrating context and validation.
• DHITL: The Execution Gate Between AI Output and Real-World Impact in Data Engineering — DHITL is an execution governance system preventing bad logic from becoming real data in automated data pipelines.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.AI updates on arXiv.org.