AI agents accessing production data
We are building an ai agent for a dental firm. So while building we face this issue of what the agents should actually see.
If anyone built similar systems or worked on this would you help like. I mean any insights or learnings.
The issue is actually there is no granular enforcement of what the agents should access. I even thought of building an standalone tool for this. But, need to complete the given current work fast.
7 comments
[ 3.6 ms ] story [ 28.0 ms ] thread1. In many businesses, different users of the agent should have different read/write permissions to data.
2. Log everything. There will be problems. You'll need to debug, attribute, defend yourself against accusations that the cockup was your fault, etc.
3. If you're just providing read-only then the more you can enforce that at all layers of the stack (e.g., read-only user in the database).
4. Don't give the agent direct SQL access to the database. Write functions in your favourite programming language, expose them as tools to the LLM.
5. Don't make your LLM do maths in its head, they're crap at it. I had some success giving the agent tools that fetch data from the database (where I control the SQL that runs) into a SQLite in agent memory, then the agent can run SQL against that database. Gives you a chance to put the data into an obvious, easy to query, format rather than whatever arcane historic chaotic state your main schema has evolved to).
Do we have to enforce some checks manually or is it not worth to worry(now it's read only right).
My use case is a short conversation to answer a question like “has all the time from this task been invoiced?” Or “what contributed to the size of this invoice!”. So my agent starts with empty SQLite, fetches the data into SQLite, writes queries to answer the question, then user can continue to interrogate but eventually shuts down.
I don’t have a perpetually running agent so I haven’t had to solve that problem.
What could go wrong? Delete production data. Corrupt production data. Show staff member info they shouldn’t have. Show customer info they shouldn’t have. Rely too much on the LLM doing the right thing, it doesn’t, and the agent presents the wrong information without knowing. Bugger up the security and anyone can use the agent to query production data. … Yeah, be cautious.