Agents are altering data security needs, Oracle responds
Traditional strategies that protect infrastructure systems are not enough with agents autonomously accessing data and threat actors using AI to discover new vulnerabilities.
On the data security news scale, what Oracle did recently registers relatively low.
Data security breaches can have wide-ranging drastic consequences such as exposing millions of people's personal information, while vendors revealing product development plans is about serving the needs of customers and trying to make a profit.
Nevertheless, what Oracle revealed on June 18 was related to potential major problems.
In response to how agentic AI is changing data security needs, Oracle is making certain data security capabilities for Oracle AI Database free into early 2027, and others available at a 90% discount for one year. Among them are the tech giant's Database Lifecycle Management Pack, Exadata Management Pack and Database Security Central.
While valuable for Oracle customers, enabling broader access to data security capabilities at the data layer does not represent innovation that could alter the competitive landscape. But it does highlight the significance of new data security threats emanating from the growing use of autonomous AI agents.
Because agents autonomously query, analyze and act on data at greater scale and speed than humans, they can expose security gaps or create new ones that didn't previously exist. In addition, AI is enabling attackers to search for vulnerabilities and automate attacks at a greater speed than in the past.
"[Increased security] is critical as AI is being used by attackers, so you need to use AI to defend as well -- to even out the field," Holger Mueller, an analyst at Constellation Research, told TechTarget.
Matt Aslett, an analyst at ISG Software Research, similarly noted that as enterprises move agents out of the controlled environments of pilot projects and into production, a different level of data security is needed.
"Security approaches are evolving to [meet] new potential risks and challenges that come with autonomous agents," he told TechTarget. "New security capabilities and policies are required to protect enterprises at every layer of the stack, but are especially critical at the data layer [to] mitigate the impact of any vulnerabilities further up the stack."
Threat exposure on the rise
AI agents are transformative.
Security approaches are evolving to new potential risks and challenges that come with autonomous agents. New security capabilities and policies are required to protect enterprises at every layer of the stack, but are especially critical at the data layer.
Matt AslettAnalyst, ISG Software Research
Capable of querying and analyzing data on an exponentially greater scale than humans, they can increase the overall knowledge of entire organizations. And by autonomously executing business processes, they can markedly improve an enterprise's efficiency.
Now, as model capabilities have advanced and some organizations have successfully connected agents with the context they need to be accurate, a growing number of enterprises are moving agents into production environments where human oversight is less stringent than during the testing process.
As they do, they are unwittingly creating new data security holes by exposing sensitive information to unauthorized users, applications and other agents. Meanwhile, just as enterprises can use agents to become better informed and more efficient, so can threat actors.
To defend against rising data security risks, organizations need to improve protections on their data itself rather than in the operating systems historically protected by security capabilities, according to Vipin Samar, Oracle's senior vice president of database security.
"Traditional security models focused heavily on applications, operating systems and network perimeters," he said. "Those controls remain important, but they are no longer sufficient in a world where AI-enabled attackers can quickly find paths to sensitive data. Security has to move closer to the data."
Specifically, as agents and other AI tools become more sophisticated, enterprises need controls that enforce identity, context and data-sensitivity policies at the data layer, Samar continued.
"That is what allows organizations to apply consistent protections, regardless of which application, user or AI agent is accessing the data," he said. "Putting security at the data layer makes it much harder to bypass and helps reduce the visible attack surface. We believe this security-at-source model will change how enterprises think about where critical security controls should be enforced."
Aslett similarly pointed out that existing data security strategies were for traditional business intelligence and machine learning projects rather than agentic AI systems and need to be altered.
"As AI becomes part of everyday workflows, the risk surface expands beyond traditional controls," he said. "Enterprises now need visibility into how employees prompt and rely on AI systems, how autonomous agents execute tasks, and where sensitive data is introduced, transformed or exposed. Existing security models were not designed for probabilistic systems that generate, infer and act."
The Oracle response
With frontier models improving and traditional data security strategies becoming obsolete, Oracle is responding by making its current security capabilities available to all its database customers.
"[AI] significantly reduces the time customers have before vulnerabilities are exploited," Samar said. "We want customers to gain full visibility into their security posture and improve it immediately, because threats are now emerging at greater speed and scale," he said
The following products are now available for free through Feb. 28, 2027:
Database Lifecycle Management Pack to patch -- update, fix, close security vulnerabilities and improve performance -- database and grid infrastructures.
Exadata Management Pack to patch Exadata infrastructures.
Data Safe to assess security, monitor activities and protect data.
Database Security Central to enable customers to manage their own security assessments, activity monitoring and data protection.
In addition, GoldenGate, GoldenGate Veridata and Real Application Testing are being offered at a 90% discount through May 31, 2027.
GoldenGate and GoldenGate Veridata help users do patching work with minimal downtime, while Real Application Testing enables customers to do assessments before putting applications into production so they can be deployed with greater confidence.
Collectively, Oracle's data security capabilities provide the appropriate level of protection against new threats posed by agents, according to Mueller.
"This is the right level and process to do it," he said. "It's automated in the software."
However, protection against an organization's own code if they unwittingly import or create something malicious remains a potential gap, Mueller continued.
"Not only Oracle, but the whole industry struggles securing the software supply chain with dependency on potentially malicious code in their own code, such as coming from open source," he said. "That is something that needs to happen, and is, partially. Google is leading here, and again you need AI to make sure your code dependencies are safe."
Free … for a time
Regarding the decision to make certain capabilities free or discounted for a temporary period, Samar acknowledged that there is the potential for Oracle to attract new data security customers by providing what amounts to a trial period. However, "the immediate purpose is to remove barriers to stronger security at a time when AI is increasing urgency," he said.
Aslett similarly suggested that, while there is a profit motive, Oracle is also enabling its database users to better understand their changing data security needs.
"Oracle is providing its customers with an opportunity to assess their current security posture and ensure their database infrastructure and policies are up to date with the latest patches and potential risks without being impeded by licensing and cost concerns," he said.
Mueller, meanwhile, noted that although other vendors -- including IBM and Microsoft -- are also offering capabilities designed to help database administratorsward off new threats, Oracle is helping pace the market with its data security tools.
"They are all moving to agents to help database administrators, [but] Oracle has a lead due to the autonomous work that helps agents and administrators already," he said. "The trust challenge, especially, is lower with Oracle since administrators were using their autonomous automations even before we knew about agents."
Eric Avidon is a senior news writer for Informa TechTarget and a journalist with more than three decades of experience. He covers analytics and data management.
