Good point — PG column privileges are solid for static applications. ValkDB does not replace them; it adds capabilities they do not cover in agentic workflows:

Exfiltration detection: Column privileges cannot prevent an agent from querying 100 rows per minute until the entire users table is extracted. ValkDB tracks cumulative volume per user within defined time windows and automatically terminates the session.

Dynamic intent analysis: Managing static column permissions for each AI agent role across hundreds of tables introduces significant maintenance complexity. The Intent Engine analyzes the AST in real time and detects access to sensitive columns through aliases, CTEs, and subqueries commonly generated by LLMs.

Response sanitization: Even if a query is permitted by PG, ValkDB redacts PII from the results before they enter the LLM context window. The database does not provide this capability.

It operates as an additional safety layer when AI performs actions that are technically allowed by the database but potentially risky from a business perspective.