Your AI database agent should not see every field it can query

A safe query can still return unsafe context. The SQL might be read-only. The role might be scoped. The table might be approved. But if the result includes raw emails, tokens, free-text notes, internal identifiers, or rows than the answer needs, the model now has sensitive material it did not need. AI database agents need result redaction before summarization, not after. Read-only does not mean safe-to-summarize Read-only access prevents writes. It does not decide which returned fields belong in model context.