• PASS Europe comes to Frankfurt
• Stairway to Reliable Database Deployment Level 3 – Rehearsing Changesets Across Environments
• You Can’t Trust “Edit Query Text” in SSMS’s Execution Plans.
• From the SQL Server Central Blogs - Understanding Fabric MCP
• From the SQL Server Central Blogs - PowerShell Strikes Back: Know Your Quotes, Young Padawan
• Databricks Data Intelligence Platform: Unlocking the GenAI Revolution

• QUOTENAME Quote Parameters

Limit the Blast Radius

You still need DBAs (that know how to back up systems and test restores). If you think you don't, or if you manager does, then perhaps they ought to read this piece on how an AI agent deleted a production database. This wasn't the case of an agent just running around with sysadmin access to all resources, or a lack of tests that allowed bad code to flow through a CI/CD process.

This was a system design that had a hole in it. An API call to change infrastructure that could change both staging and production. Not something an AI set up, but humans did. A hole from both PocketOS and the API vendor that allowed the AI agent to make the same type of mistake we've seen humans make. A mistake of not double checking, not verifying, not following the rules of getting a second set of eyes, even a second set of virtual eyes, on the code.

Reading this, I can imagine this is how some of the AWS and Azure outages occurred over the last decade. Not the 2025/2026 AI inspired ones, but the 2010-2015 human mistakes that didn't expect a change to have such a far reaching blast radius,

You still need guardrails, for both humans and AIs. Don't get slack and assume either truly knows what they are doing and deserves rights everywhere. Don't assume that your guardrails were setup correctly. AI agents make great helpers. Use some read only ones to examine your setup and look for holes. If/When we get the next Claude Mythos model (or the equivalents from Google/OpenAI/etc.) have it look for precisely the types of holes that come from bad code that looks to reset, redeploy, or re-anything in your environment.

We separate out roles for different people to limit the blast radius of the mistakes we inevitably make. AIs aren't necessarily smarter or better than humans. Just faster. We need separate roles, separate rights, and governance for AI agents, precisely because they can make decisions faster than humans.

There's tremendous potential, but and tremendous danger in allowing anyone, or anything, too many rights in any organizations. RBAC, audits, and all the other things we implement to try and reduce the number of silly mistakes are still needed. At some point we're going to see amazing social engineered emails, messages, XSS, and other items that are designed to fool the AIs that look to help us.

We need to ensure we set good guardrails and limits when that starts to happen. Or we're going to lose control much quicker than expected.

PS If you want a fun and slightly scary read on how AI could go sideways, I enjoyed The Final System recently, which made me not want to deploy any sort of AI agent beyond tightly scoped ones with very, very limited rights.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums