Your AI database agent should not concatenate SQL

The model can understand the question. It should not be trusted to assemble the final executable SQL string. That distinction matters when AI agents query production databases. The risky pattern is simple: user asks a question model writes SQL system runs the SQL Even when the model is usually correct, the failure mode is ugly: wrong table, wrong tenant, broad scan, unsafe filter, or a query that is syntactically valid but semantically wrong.