Notifications

Clear all

SQL as an MCP interface for agents: what it changes for teams

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 2827

Topic starter 07/06/2026 8:36 pm

TL;DR: Datadog's MCP demo showed that agents complete observability investigations faster with SQL than with freeform tool chains, because structured queries reduce context-window bloat and keep aggregation at the data layer, according to WorkOS. The broader lesson is that AI agent interfaces need precision and scoping, not just more tool access.

NHIMG editorial — based on content published by WorkOS: Datadog: SQL Is the New Bash for AI Agents

Questions worth separating out

Q: How should security teams govern AI agents that query observability data through MCP?

A: They should treat the query interface as an access control boundary, not just an application feature.

Q: Why do structured queries reduce risk for non-human identities and AI agents?

A: Structured queries reduce risk because they replace multi-step tool improvisation with a single, reviewable request.

Q: What breaks when AI agents rely on freeform tools for investigation tasks?

A: What breaks is the chain of custody around intent, state, and result.

Practitioner guidance

Prioritise structured query surfaces for agent workflows Use SQL or similarly declarative interfaces for investigations, aggregation, and reporting tasks so agents are not forced to improvise across multiple tool calls.
Scope agent permissions to task-specific datasets Limit what an agent can query by environment, tenant, and data class before exposing observability or log platforms through MCP.
Log the full query and result path Capture the exact structured statement, the returned dataset, and the follow-up calls so investigations are auditable after the fact.

What's in the full article

WorkOS' full post covers the operational detail this post intentionally leaves for the source:

The side-by-side demo mechanics showing how the SQL agent and freeform agent behaved differently during the same investigation.
The Datadog execution architecture choices behind indexed SQL queries and agent-friendly aggregation.
The exact MCP tool patterns used for metrics, incidents, and monitors in the session.
The practical workflow implications for teams already exposing observability data to AI assistants.

👉 Read WorkOS' recap of Datadog's SQL-first MCP agent demo →

SQL as an MCP interface for agents: what it changes for teams?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

4,037 Topics

5,180 Posts

12 Online

109 Members

Latest Post: Identity consolidation at acquisition speed: what IAM teams should note Our newest member: Mr NHI Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies