Frequently asked questions: How Do AI Functions Access Governed Data?
Q1: How do AI functions securely connect to governed enterprise data?
AI functions do not access raw database tables directly. Instead, they interact with data through an abstraction layer controlled by modern data governance platforms.
The standard approach uses API-led connectivity, Data Catalogs, or Unified Semantic Layers (like Databricks Unity Catalog or Starburst AIDA). When an AI function requests information, it must pass through these platforms, which authenticate the request, verify the AI's permissions, and ensure the data matches compliance rules before delivery.
Q2: What architectural patterns are used to provide governed data to AI?
Organizations typically use three primary architectural patterns to feed governed data into AI models and functions:
- Retrieval-Augmented Generation (RAG): The AI uses semantic search to pull relevant chunks of data from a governed vector database at runtime to ground its answers, ensuring it doesn't hallucinate.
- Governed Data Products / Data Mesh: Data is packaged by specific business teams into "data products" that have built-in metadata, quality standards, and access control policies, making it ready for AI consumption.
- Centralized Data Lakehouse: Structured and unstructured data are pooled into an architecture where unified governance engines dynamically monitor and enforce access controls across both data analysts and machine learning models.
Q3: How are access controls enforced when an AI function queries data?
Security policies are enforced using two distinct layers:
- Design-Time Governance (Static): Restricts what data can be used to train the AI model in the first place, ensuring proprietary code or protected health information (PHI) is completely masked or excluded.
- Runtime Policy Enforcement (Dynamic): Evaluates access at the exact moment the AI function runs. If a user queries a customer-service AI agent, a runtime governance layer intercepts the data pull, masks sensitive fields (like credit card numbers), and restricts the context window based on the user's specific role and permissions.
Q4: Why can't we just give AI functions open access to data repositories?
Giving an AI function unrestricted, global access to enterprise repositories creates an enormous security risk known as unintended decision input and data leakage.
AI models and agents are highly context-sensitive. If you feed an AI function too much unvetted data, it might leak confidential company data to unauthorized users, absorb private user conversations into its permanent memory, or make flawed operational decisions based on stale or irrelevant records.
Q5: How do tools like the Model Context Protocol (MCP) help AI access governed data?
The Model Context Protocol (MCP) is an open standard that allows AI models to safely connect to external data sources and tools via secure, standardized protocols. Instead of creating custom, fragile code pipelines for every database, MCP acts like a secure proxy. It allows an AI function to safely request context or trigger downstream workflows across distributed enterprise applications while respecting the underlying access controls and data boundaries of those systems.
Govern the data your AI consumes — at design time and runtime
