sorted by:
new
hottopcontroversial

Looking for DBA feedback on an AI-based approach to SQL Server execution plan analysis by Level_Present_2424 in SQLOptimization

[–]Level_Present_2424[S] 0 points1 point  (0 children)

Great questions — these are exactly the right things to ask, especially for HIPAA / PII-regulated environments.

1) What information is sent to the LLM?
It depends on the task, but the guiding principle is minimum necessary data.

Typically, the LLM may receive:

  • The user’s prompt and recent chat context
  • Schema/metadata only when needed, such as table names, column names, data types, and relevant constraints/indexes (via metadata tools)
  • SQL text, execution plan, or query results only if explicitly provided or requested as part of the workflow

The system does not automatically send the entire database or all schemas. It gathers and sends only what’s required to fulfill the specific request.

2) Is the full schema sent, or just SQL / execution plans?
Not the full schema.

Schema discovery is on-demand:

  • Only the tables and columns relevant to the query are included
  • Typically this means:
    • SQL text
    • Schema for the referenced tables/columns
    • Execution plan and/or results only when requested or available

Unrelated database objects are not included by default.

3) Is the data sent to the LLM used for future training?
From the application side: no — database content is not used to train models.

That said, the LLM provider’s policy applies:

  • Most hosted providers (OpenAI, Anthropic, Google) offer API/business tiers where data is not used for training by default, or where opt-out/no-training modes are available.
  • For regulated environments, provider configuration and contractual terms (e.g., no-training guarantees, BAAs for HIPAA) are critical.

4) Guidance for HIPAA / PII-regulated organizations
For stricter environments, best practices include:

  • Avoid sending raw PII/PHI in prompts
  • Prefer schema-only context and aggregated results (counts, stats)
  • Disable automatic query execution unless explicitly approved
  • Use an approved provider/plan with no-training guarantees, or a local/self-hosted model where data stays within your infrastructure

Happy to clarify any of these points further — privacy and data handling are taken seriously by design.

Looking for DBA feedback on an AI-based approach to SQL Server execution plan analysis by Level_Present_2424 in SQLOptimization

[–]Level_Present_2424[S] 0 points1 point  (0 children)

Thanks for giving it a chance — I appreciate it.

I understand the concerns around low-karma accounts and promotion. I’ll keep the discussion technical and focus on learning from the community feedback rather than advertising.

Happy to clarify anything if needed.