Your AI database agent should not remember tenant filters

The most dangerous database bug in an AI workflow is often a missing filter. The user asks a reasonable question. The model writes plausible SQL. The query runs. But the tenant boundary was optional, implicit, or buried in application code the agent never saw. That is why AI database agents need row-level security and scoped database roles. Not as a nice-to-have. As the floor. Do not make tenant filters a memory test If every query must remember WHERE tenant_id =., the boundary is already too weak. Prompts, tool descriptions, and schema context can help the agent choose better queries.