Oracle is introducing Oracle Deep Data Security, shifting enforcement to where the data lives along with making controls explicit, inspectable, and reusable across applications.
Oracle Deep Data Security embeds fine-grained authorization directly in Oracle AI Database 26ai, aligning access control with the data it protects. Rather than relying on application logic or external enforcement services, it applies consistent, declarative policies within the database across all workloads, including AI agents, analytics tools, and enterprise applications, according to Oracle.
Features include:
- Reduced AI data-leakage risk. Unauthorized rows and columns never reach the AI layer, not because the application was careful, but because the database enforced the boundary.
- Faster development. Teams reuse database-enforced controls instead of rebuilding authorization logic in every service, prompt, or UI component.
- Explainable AI responses. Every response can carry a clear record of the identity claim, mapped role, and data grant that shaped the answer, which is a key requirement in regulated industries.
Building on Oracle’s established technologies, including Oracle Virtual Private Database (VPD) and Oracle Real Application Security (RAS), Oracle Deep Data Security modernizes access control with a fully declarative, SQL-native model. It extends beyond traditional row and column security to include cell-level authorization, enabling precise control over individual data values within each row. Policies evaluate identity and context at runtime, so only verified users and agents access authorized data.
With a secure-by-default posture, Oracle Deep Data Security denies access unless a policy explicitly grants it. When a user has multiple roles and policies, they are automatically combined using OR logic at runtime, reducing role sprawl and duplication.
Identities and roles stay in IAM systems, so there is no need to provision end users directly in the database. With Oracle AI Database 26ai client drivers such as JDBC or python-oracledb, OAuth2 tokens are passed to the database on every SQL execution. The database validates the tokens and blocks unauthorized connections. Once claims are verified, they establish the end-user security context used for policy enforcement, and IAM-provided roles and attributes feed into data grant evaluation.
Oracle Deep Data Security also supports controlled privilege elevation, allowing sensitive operations to run only through trusted application logic. This reduces reliance on shared, highly privileged accounts and limits exposure to misuse or injection attacks.
Oracle Deep Data Security gives enterprises a practical path to scale generative AI on sensitive operational data without weakening the governance model that already protects the business. By separating authorization logic from application code, it helps organizations apply consistent access controls across agentic AI, analytics, and enterprise applications, regardless of how SQL is generated or executed.
For more information about this news, visit www.oracle.com.