# How to Prevent Your AI Agent Deleting Your Production Database OAuth2 scopes as practical guardrails for AI agents. 2026-04-28 !\[Illustration representing guardrails between AI agents and production database operations.\](https://graphcentric.com/media/blog/ai-agent-production-database/ai-agent-database-guardrails.jpg) _A GenAI illustration for the article about OAuth2 scopes and production database guardrails for AI agents._

A number of us will have heard horror stories of AI agents doing terrible things to production IT systems. It is timely to point software developers and architects toward a mature standard that can provide practical guardrails.

OAuth2 is a standard for allowing untrusted apps, called clients, to act on behalf of a user. It was originally conceived as a way to avoid giving phone apps your password to a website. OAuth2 has a concept called access token scope, which allows a user to limit what an application is allowed to do on their behalf.

Phone applications are not to be trusted, and neither are AI agents, so the standard offers an ideal approach. The ability to delete a production volume could require a scope such as `prod:delete-volumes`. A user may have that scope but choose not to grant it to an AI agent performing routine maintenance.

GraphCentric achieves access control by limiting what can be done inside the platform to a sequence of SPARQL updates. Each update is expressive enough to check the bearer token scope associated with the request and refuse to proceed if the request lacks sufficient permission.

I believe OAuth2 scope gives us the kind of enforceable guardrails we need as we scale agentic AI in enterprise environments. At least it is a good start.
## Quoted ## Bibliography 1. \[OAuth 2.0\](https://oauth.net/2/) ## Further Reading - \[Link Relations: Why the Original Web Already Knew About AI Agents\](https://graphcentric.com/blog/link-relations.html) ## Image Provenance - Provider: TODO - Model: TODO - Prompt: TODO: original generation prompt