Synapsor Runner blocks AI agents from direct database access using semantic contracts
A developer has released Synapsor Runner, an open-source Apache-2.0 runtime that sits between AI model agents and databases like PostgreSQL or MySQL, preventing models from ever receiving direct SQL execution authority. Instead of exposing raw database tools, the system offers reviewed semantic capabilities — such as inspecting invoices or proposing credits — while keeping all commit and write authority entirely outside the model loop. The tool was tested with multiple LLM agents given adversarial prompts to read cross-tenant data or bypass budgets, resulting in zero unauthorized reads or writes, not because the models resisted but because boundaries were enforced server-side. Proposals generated by the model record intended changes without touching the source database, with approvals and writebacks handled externally after re-verification of scope, row version, and operation limits. The project also supports tiered auto-approval policies for low-risk changes and multi-approver workflows for higher-risk operations, all logged to a local SQLite or shared PostgreSQL ledger.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in