Enterprise Data Concierge

The problem

Data democratization is a common goal, but most business intelligence (BI) tools remain too complex for the average business user. When a marketing manager wants to know "Which of our ad campaigns last quarter had the highest ROI among users who also read our technical blog?", they typically have to submit a ticket to the data engineering team.

Days later, they receive a static dashboard. If they have a follow-up question, the cycle repeats. The organization wants to empower users to converse with their data in natural language, generating insights, charts, and summaries instantly, without needing a SQL background.

Why these patterns

Agent-Native Lakebase replaces the fragile text-to-SQL pipelines of early gen-AI demos. Instead of trying to prompt an LLM to generate complex, joined SQL queries against a legacy data warehouse (which frequently fails), the lakebase provides a semantic layer. It exposes "Data Products" (e.g., Customer_360, Campaign_Metrics) that the agent can confidently interact with. The agent orchestrates the gathering of insights across structure (tables) and unstructured (blog text embeddings) data in a unified manner.

Zero Trust Agent Security is the absolute requirement for internal adoption. It is unacceptable for an HR agent to answer a question about executive salaries just because a junior analyst asked creatively. In a Zero Trust architecture, there is no "Agent God Mode." Every query the agent runs against the lakebase is execute using the user's identity token. If the user doesn't have permission to see the underlying rows, the agent doesn't see them either.

The MCP Gateway extends the concierge from a "read-only" oracle to a functional assistant. Once the user identifies a trend ("Ad spend is inefficient in Region B"), they can instruct the agent to "Pause that campaign in Hubspot" or "Draft a summary email to the regional director." The MCP Gateway handles the authentication translation from the internal chat interface to the external SaaS platforms.

What breaks without Zero Trust

The most common failure in enterprise internal AI is "Privilege Escalation via Prompt."

If you build an agent and give its backend service account read-all access to the database (intending to filter the results at the application layer), it is only a matter of time before a user tricks the LLM into returning unauthorized data.

Zero Trust prevents this fundamentally. The identity context is securely passed all the way down to the database execution layer. Even if the LLM goes completely rogue and writes a SELECT * FROM HR_SALARIES query, the database will reject it because the execution context is bound to the requesting user's limited permissions.

Operational considerations

Deploying an enterprise concierge is an exercise in managing expectations and access.

Continuous Identity Verification: Tokens expire. The system must gracefully handle scenarios where an agent is midway through a complex multi-step reasoning task and the user's session token expires, prompting for re-authentication rather than throwing a silent backend error.

Data Quality dictates Output Quality: If the underlying data in the lakebase is messy, duplicated, or lacking metadata, the agent will confidently generate incorrect insights. The semantic layer of the lakebase must be rigorously governed—an agent cannot fix bad data engineering.

Explainability of Queries: When the concierge presents a metric (e.g., "Total Revenue was $4M"), it must provide an inspectable trace of how it arrived there. The UI should allow a technical user to click "Show Work" to review the specific SQL queries or API calls the agent executed, building trust in the system's accuracy.