Identity Gating

Standard database users were never built to tell humans, applications, and AI agents apart. Safe Boundary adds an identity layer in front of your database that verifies every caller, gates access by role, and traces every query back to the real actor, engineer, service, or agent.

Humans

Force SSO with short-lived credentials

Engineers, analysts, and operators authenticate through your existing identity provider on the first connection of the day. The proxy verifies the token, maps the user to a virtual database identity, and opens the session, no shared password, no long-lived secret on disk.

Sessions are bound to the verified human and expire when the IdP says so. Offboarding in the IdP removes database access automatically; revoking a token takes effect on the very next query.

Standard device flow

Engineers authenticate through Okta, Azure AD, Google Workspace, or any OIDC provider, same flow they already use for everything else.

Short-lived credentials

Tokens expire in minutes, not months. A leaked credential is worthless by lunch; revocation takes effect on the next query.

No password to share

No connection string carries an embedded password. The proxy issues a session bound to the verified human identity.

Virtual users

One virtual identity per actor

Safe Boundary issues a virtual username and password for every human, every application, and every AI agent that connects. The shared service account disappears from the query path, and so does the question "who actually ran this?".

One identity per AI agent

Every LLM agent, chatbot, support assistant, research bot, connects with its own virtual username and password. The audit log shows exactly which agent ran which query.

One identity per application

Background workers, cron jobs, internal dashboards, and API services each get their own virtual user. Shared app_user disappears from the query path.

One identity per human

Even when humans are bound to SSO, they get a stable virtual user that maps to their verified identity, so policies and audit records carry across sessions.

Virtual identities are issued, rotated, and revoked from a single control plane, no database user creation, no GRANT changes, no DBA ticket.

Roles

Role-level rules, not user-level rules

Every virtual identity is assigned to one or more roles. Block, rewrite, and audit rules live on the role, so onboarding a new engineer, agent, or service is one assignment, not a policy rewrite.

Block, rewrite, audit

Define which SQL patterns are blocked, which are rewritten, and which are simply logged, at the role level. Every virtual identity inherits its role’s rules.

Per-role throttling

Cap query rate per role. A research agent on a tight loop is throttled before it saturates connections; the customer-facing app stays responsive.

Time-of-day and day-of-week gates

Block writes outside business hours. Restrict batch jobs to off-peak windows. Prevent maintenance roles from touching production on weekends.

Tightening or revoking one role does not affect the others. Promote and demote identities between roles in real time.

Burst protection

Burst protection per agent

A stuck retry loop, a fan-out into parallel subagents, or a self-generated query script, every common agent failure mode looks the same to the database: a flood from one identity. Safe Boundary caps query rate and concurrent connections per agent at the proxy layer. The misbehaving identity is throttled; everything else keeps flowing.

Runaway loop containment

Autonomous agents occasionally retry forever, published incidents have logged 14,000+ redundant tool calls before token quotas stopped the loop. Safe Boundary throttles the offending identity at the proxy long before that, and lets the rest of your traffic through untouched.

Concurrency caps, not just QPS

LLM inference caps a single agent at a few queries per second, but parallel tool calls and subagent fan-out turn that into dozens of concurrent connections in minutes. Set a per-identity ceiling on parallel queries, not just rate, and connection storms stop at the proxy.

Burst smoothing for batch jobs

Pipelines and batch agents fan out into thousands of parallel queries during a run and can starve interactive workloads. Set a per-identity ceiling for batch agents and keep latency steady for the human-facing app sharing the same database.

Predictable database cost

A misbehaving LLM agent in a tight loop can burn through your database compute budget overnight. Per-agent rate limits cap query volume before it shows up on the invoice, without affecting human users or production traffic.

Attribution

Every query traced to a real actor

The audit log is broken down by virtual identity and role. You can see exactly which human, application, or agent ran a query, what role they held at the time, and which rule fired, without instrumenting any application code.

Filter every query, block, rewrite, and mask event by virtual identity or role

Compare query patterns across humans, applications, and AI agents in one feed

Replace shared credentials with verified identity for every human, application, and AI agent.

Free for 1 database. No credit. No Time limit. Full AI SQL Injection prevention.