You ship the AI implementationWe'll handle the data access
Ekaya is the open source governed data access interface that sits between your agents and production data — the enforcement and evidence layer that gets your implementation through security review, even where live LLM access is not allowed.
MIT's GenAI Divide report reports that most enterprise GenAI efforts deliver no measurable return when they are not integrated with real operations.
Gartner expects more than 40% of agentic AI projects to be canceled by the end of 2027 because of cost, weak value, or inadequate risk controls.
IBM's 2025 breach report found that nearly all organizations hit by an AI-related breach lacked proper AI access controls.
Inside Ekaya — Approved Queries
Production agents run from a reviewed query library, not a fresh SQL guess every time.
Every query an agent can run in production starts here: reviewed, approved, and tied to the exact SQL it executes. Pending and rejected queries are tracked the same way, so the approved set is always an accurate record of what agents are allowed to ask.
See the risks Ekaya controls
Why teams bring in Ekaya
The hard part starts when agents need production data.
Vibe-coding gets the prototype built; production access still has to satisfy security, residency, governance, and audit requirements. These four data-boundary risks are what Ekaya controls.
The agent has write access to production.
Replit's AI coding agent ran destructive commands against a live production database during an explicit code freeze, ignored instructions to stop, then misreported whether the data could be recovered.
Agents never hold raw credentials. Tools are scoped per Project, destructive and schema-changing operations are blocked by deterministic policy, and risky writes route to a human approval gate.
See howThe agent can reach more than it should.
EchoLeak (CVE-2025-32711, CVSS 9.3) used a single crafted email to turn Microsoft 365 Copilot against itself and exfiltrate internal data with zero clicks — and MCP tool poisoning has turned trusted tools into exfiltration paths across thousands of exposed servers.
Ekaya assumes the agent can be compromised. Each agent gets a scoped identity with least privilege — no aggregated credentials — and because agents reach data only through Ekaya, unsafe access is caught in the path, before data leaves.
See howThe answer is confidently wrong.
Naive text-to-SQL can silently return the wrong data: broken queries stay syntactically valid, so they run, return plausible results, and answer the wrong question. Schema hallucination — invented tables, columns, and joins — is a common production risk.
Agents work from a governed set of approved queries and an agent-shaped data model validated against the real schema at design time, instead of trusting one generated query. Every query path in production is defined and reviewable, so a wrong answer is caught before it becomes a decision.
See howYour data can't leave; their AI runtime can't come in.
Regulated and air-gapped organizations can't send records, prompts, schema metadata, or approvals to a third-party runtime. A pilot that depends on a live cloud model beside production data cannot ship.
Ekaya treats production data access as an air-gappable service. Full Build produces and reviews the artifact set; Sealed Runtime then enforces policy and serves approved queries entirely from those frozen artifacts, inside your boundary.
See howInline Data Detection and Response
Control in the path, not alerts after the fact.
Inline data detection and response (DDR) means the control sits in the access path itself. Agents reach production data only by going through Ekaya, so every query is evaluated against deterministic policy before it executes.
governed data access interface
In the path
Ekaya is the governed data access interface agents call into. There is no side door to production data, so there is nothing to catch up to after the fact.
Before the query runs
Block, mask, limit, or require approval happens inline, at the point of access — not in a report you read tomorrow.
The model assists; it never enforces
Detection can be smart, but the decision to allow, block, or mask is deterministic policy. A model can be wrong and the data is still safe.
Inside Ekaya — Schema Scoping
Agents see the tables and columns you select — nothing else.
Each Project's data model starts from an explicit schema selection. Tables and columns you leave out don't exist as far as the agent is concerned, so least privilege is the starting point — not a policy you retrofit after the first incident.
Every tool call, approval, query, model-facing decision, and write-back path is captured as a reconstructable timeline. Security and compliance teams can replay exactly who and what touched which data — an audit or incident review is evidence you already have.
Inside Ekaya — Ontology Extraction
Ekaya learns what your data means, so agents don't guess.
During Full Build, Ekaya reads the real schema and extracts the business meaning behind it — entities, relationships, and the domain model your agents answer from. Humans review and approve what it infers, so the agent-shaped data model is governed knowledge, not a hallucinated guess.
See how Sealed Runtime uses it
Sealed Runtime
Build with AI. Run production access without it.
Ekaya separates implementation from production operation. Full Build can use models to understand the data estate and shape the controls; Sealed Runtime serves the approved production path from frozen artifacts.
Use AI before production
Connect datasources, extract ontology, classify sensitive data, draft policies, configure applications, and prepare approved query paths during implementation and maintenance windows.
Freeze the operational artifacts
Review and promote the operational artifact set — datasource configuration, ontology, classifications, policies, and approved queries — into a frozen, versioned bundle.
Enforce from the frozen set
Production data access runs from the frozen set. Engine blocks, masks, limits, requires approval, and records audit events without live inference or runtime mutation.
Removed from production runtime
- No live LLM capability
- No outbound model calls
- No runtime metadata mutation
- No runtime query-path approval
Inside Ekaya — Model Configuration
Choose where inference runs — including inside your boundary.
Bring your own OpenAI-compatible keys, pick a community model, or run embedded AI so inference never leaves your environment. Credentials are encrypted and scoped per Project — and when you promote to Sealed Runtime, production runs with no live model capability at all.
Design partner program
If your AI implementation is ready for real data, Ekaya should be in the design review.
We work with teams that already have an agent, workflow, or customer demand and need the governed data path that gets it through production readiness.
Ekaya Engine is Apache-2.0 open source and available to design partners today.
What design partners get
- Security-review evidence: approval queues, query logs, policy decisions, and per-project audit trails.
- A Sealed Runtime path for production environments that cannot allow live LLM access.
- Direct access to the Ekaya team: design partners shape the roadmap and get the evidence pack their security review needs.