PREFIX dcterms: <http://purl.org/dc/terms/>
PREFIX gcs:     <https://graphcentric.com/schema/>
PREFIX rdf:     <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
PREFIX rdfs:    <http://www.w3.org/2000/01/rdf-schema#>
PREFIX schema:  <https://schema.org/>
PREFIX sh:      <http://www.w3.org/ns/shacl#>
PREFIX xsd:     <http://www.w3.org/2001/XMLSchema#>

<https://graphcentric.com/blog/ai-agent-production-database>
        rdf:type                    schema:Article;
        dcterms:description         "OAuth2 scopes provide a practical way to limit what AI agents can do on behalf of users in production systems. This article shows how a mature web standard can become an enforceable safety boundary before an agent gets anywhere near destructive operations.";
        dcterms:title               "How to Prevent Your AI Agent Deleting Your Production Database";
        gcs:furtherReading          <https://graphcentric.com/blog/ai-agent-production-database#further-reading-link-relations>;
        schema:alternativeHeadline  "OAuth2 scopes as practical guardrails for AI agents.";
        schema:articleBody          "<p>A number of us will have heard horror stories of AI agents doing terrible things to production IT systems. It is timely to point software developers and architects toward a mature standard that can provide practical guardrails.</p><p>OAuth2 is a standard for allowing untrusted apps, called clients, to act on behalf of a user. It was originally conceived as a way to avoid giving phone apps your password to a website. OAuth2 has a concept called access token scope, which allows a user to limit what an application is allowed to do on their behalf.</p><p>Phone applications are not to be trusted, and neither are AI agents, so the standard offers an ideal approach. The ability to delete a production volume could require a scope such as <code>prod:delete-volumes</code>. A user may have that scope but choose not to grant it to an AI agent performing routine maintenance.</p><p>GraphCentric achieves access control by limiting what can be done inside the platform to a sequence of SPARQL updates. Each update is expressive enough to check the bearer token scope associated with the request and refuse to proceed if the request lacks sufficient permission.</p><p>I believe OAuth2 scope gives us the kind of enforceable guardrails we need as we scale agentic AI in enterprise environments. At least it is a good start.</p>";
        schema:author               <https://graphcentric.com/people/22d4c93006d76289b4b7>;
        schema:citation             <https://graphcentric.com/references/oauth-2>;
        schema:dateModified         "2026-04-28"^^xsd:date;
        schema:datePublished        "2026-04-28"^^xsd:date;
        schema:description          "OAuth2 scopes provide a practical way to limit what AI agents can do on behalf of users in production systems. This article shows how a mature web standard can become an enforceable safety boundary before an agent gets anywhere near destructive operations.";
        schema:headline             "How to Prevent Your AI Agent Deleting Your Production Database";
        schema:image                <https://graphcentric.com/media/blog/ai-agent-production-database/ai-agent-database-guardrails>;
        schema:keywords             "AI agents, OAuth2, access control, scopes, production systems, SPARQL updates";
        schema:url                  <https://graphcentric.com/blog/ai-agent-production-database.html> .

<https://graphcentric.com/blog/ai-agent-production-database#further-reading-link-relations>
        rdf:type            schema:CreativeWork;
        schema:description  "A follow-on article about how agents can use typed links to navigate dynamic web systems and resource state.";
        schema:name         "Link Relations: Why the Original Web Already Knew About AI Agents";
        schema:position     1;
        schema:url          <https://graphcentric.com/blog/link-relations.html> .

<https://graphcentric.com/references/oauth-2>
        rdf:type            schema:CreativeWork;
        schema:description  "OAuth 2.0 is the authorization framework behind scoped delegated access for clients acting on behalf of users.";
        schema:name         "OAuth 2.0";
        schema:position     1;
        schema:text         "OAuth2 access-token scopes provide mature, enforceable permission boundaries for untrusted clients.";
        schema:url          <https://oauth.net/2/> .

<https://graphcentric.com/media/blog/ai-agent-production-database/ai-agent-database-guardrails>
        rdf:type               schema:ImageObject;
        gcs:genAiModel         "TODO";
        gcs:genAiPrompt        "TODO: original generation prompt";
        gcs:genAiProvider      "TODO";
        schema:caption         "A GenAI illustration for the article about OAuth2 scopes and production database guardrails for AI agents.";
        schema:contentSize     549494;
        schema:contentUrl      <https://graphcentric.com/media/blog/ai-agent-production-database/ai-agent-database-guardrails.jpg>;
        schema:description     "Illustration representing guardrails between AI agents and production database operations.";
        schema:encodingFormat  "image/jpeg";
        schema:height          784;
        schema:name            "AI Agent Database Guardrails";
        schema:width           1168 .

<https://graphcentric.com/people/22d4c93006d76289b4b7>
        rdf:type  schema:Person .