Search papers, labs, and topics across Lattice.
This paper introduces SessionBound, a novel framework that transforms approved enterprise tasks into short-lived, budgeted, and auditable database sessions for AI agents, addressing the critical authorization challenges in enterprise AI applications. By implementing a control plane that manages task templates, approvals, and budgets, and a runtime that enforces strict execution boundaries, SessionBound ensures that AI-generated SQL queries remain within safe operational limits. The approach was validated through a PostgreSQL prototype, demonstrating effective performance with a 24-scenario validation suite despite some overhead compared to raw PostgreSQL execution times.
SessionBound ensures that AI agents can generate SQL freely while strictly enforcing operational boundaries, significantly mitigating authorization risks in enterprise environments.
Enterprise AI agents are useful for internal analysis, audit, compliance review, and operational investigation, but they create a difficult authorization problem. A manager or data owner may approve a business task, while the agent later generates open-ended SQL below the application layer. Existing systems help identify agents, delegate authority, govern data products, or enforce database policy, but they do not directly turn an approved enterprise task into a bounded database execution context. SessionBound fills this gap. It turns approved enterprise tasks into short-lived, budgeted, and auditable database sessions for AI agents. A control plane defines task templates, accepts task applications, records approvals, assigns budgets, and issues signed task tokens. A database runtime, SessionBoundDB, binds a token to a session and enforces safe views, row scope, denied fields, operation limits, query budgets, disclosure budgets, and receipts. The database does not rely on an LLM to decide whether a query is safe. The agent may generate SQL freely, but each attempt must stay inside the approved boundary. A PostgreSQL prototype passed a 24-scenario validation suite. Microbenchmarks show p50 SessionBound execution around 1.4--1.5 ms versus raw PostgreSQL p50 around 0.052--0.074 ms on small synthetic queries: high relative overhead, but low absolute latency.