Once you let LLMs generate SQL against real databases, traditional safeguards (read-only users, RBAC, views) start to break down in subtle ways:
• LLMs can infer sensitive data via aggregates and joins
• “Read-only” doesn’t prevent data exfiltration
• Regex masking fails without context
• It’s hard to audit why a query was run once it happens
We ended up building a guardrail layer that sits between the LLM and the database. Every query goes through:
• role-aware column redaction
• organization-scoped isolation
• query validation and policy enforcement
• full audit logging and telemetry
It supports multiple databases and works with both self-hosted and managed setups. The hosted version just went live, but the core design was driven by real production failures we hit along the way.
I’d love feedback from folks who’ve dealt with LLMs touching production data — especially what broke for you, or what you’d want enforced differently.
Happy to answer technical questions.
https://guardraillayer.com/