As AI systems begin acting on data — not just reading it but writing, deciding, and transacting — the question of where integrity lives stops being theoretical.
The application layer was never a real security boundary. It relied on well-behaved callers following intended paths. Agents are not well-behaved callers by construction. They reason, compose, and act across tools and contexts. The assumptions that held when every write was human-initiated no longer hold.
This series is about what the database must become when the writes are no longer human: the constitutional layer that enforces business rules, controls state transitions, owns the audit trail, and simply refuses what the application layer cannot prevent.
Start with
The Agent at the Gate
.

The application layer has long been the practical gatekeeper for enterprise data. Agents weaken that assumption and put pressure back on the database boundary.

Agentic access breaks the link between end-user identity, query scope, authorisation and audit. The database needs to know more than a service account.

Agents can create plausible, structurally valid, semantically wrong data at scale. Integrity needs controlled write surfaces and database-enforced invariants.

Sagas and eventual consistency were designed for bounded failure modes. Non-deterministic agents force us to re-examine transaction boundaries.

Object storage should not be the default for governed enterprise content. It creates separate security, recovery, audit and consistency boundaries.