QueryBearLog in
Back to blog

Introducing QueryBear: Secure Database Access for AI Agents

Spencer Pauly
Spencer Pauly
5 min read
Introducing QueryBear: Secure Database Access for AI Agents

Your AI agents need data. But giving them raw database access is terrifying.

Today we're launching a new direction for QueryBear: a secure gateway between your AI agents and your database. Connect your Postgres or MySQL database, configure security rules, and get an MCP endpoint your agents can use — with every query validated through 7 layers of defense before a single row leaves your server.

The problem

AI agents are getting good at writing SQL. Claude, GPT, Cursor — they can all generate valid queries against your schema. But there's a gap between "can write SQL" and "should be trusted with your production database."

Give an agent raw credentials and you're one prompt injection away from DROP TABLE orders. Or a SELECT * that pulls 2 million rows and crashes your app. Or a query that reads password_hash from your users table and sends it to a third-party API.

The current options aren't great:

  • No access: Your agents can't use your data. You copy-paste manually.
  • Raw credentials: Your agents have full access. You pray nothing goes wrong.
  • Build your own proxy: You spend weeks building middleware that validates queries, enforces timeouts, strips sensitive columns... and you still miss edge cases.

What QueryBear does

QueryBear sits between your AI agent and your database. Your agent sends SQL through our MCP server. We validate, secure, and execute it. Your agent gets results. Your data stays safe.

7 layers of security

Every query passes through a defense-in-depth pipeline:

  1. SQL Static Analysis — We parse every query into an AST using node-sql-parser. Only SELECT statements pass. Multi-statement injection (like COMMIT; DROP TABLE) is blocked at the parser level.

  2. Table & Column Validation — Every table referenced in the query is checked against your allowlist. Columns marked as private are stripped automatically.

  3. Query Rewriting — Row limits are enforced by rewriting the AST. If your limit is 1,000 rows and the query asks for 10,000, we rewrite it.

  4. EXPLAIN Dry Run — Optionally, we run EXPLAIN before execution to estimate cost. Queries that would scan millions of rows are rejected before they touch your data.

  5. Database-Level Timeout — We set statement_timeout (Postgres) or max_execution_time (MySQL) at the database level. This kills runaway queries server-side — not just in our app code.

  6. Read-Only Transaction — Queries execute inside BEGIN TRANSACTION READ ONLY. Even if a write somehow passes static analysis, the database itself rejects it.

  7. Audit Logging — Every query is logged: original SQL, rewritten SQL, execution time, row count, status, and which API key was used.

How it works

  1. Connect your database — Add your Postgres or MySQL credentials. We encrypt them with AES-256-GCM and map your schema automatically.

  2. Configure security — Toggle read-only mode, choose which tables your agents can see, mark sensitive columns as private, set row limits and query timeouts.

  3. Point your agent — Get your MCP endpoint and API key. Add two lines to your Claude, Cursor, or custom agent config.

That's it. Your agent can now query your database safely.

Connect Claude to Your Database in 2 Minutes

Here's the complete setup:

Step 1: Sign up and connect your database

Go to querybear.com and create an account. Add your database connection — paste a connection string or fill in the fields manually.

Step 2: Configure security

In your connection settings, you'll see:

  • Read-only mode (on by default) — Only SELECT queries allowed
  • Max row limit — Default is 1,000 rows per query
  • Query timeout — Default is 10 seconds
  • Table visibility — Choose which tables your agent can access
  • Column privacy — Mark sensitive columns as private

Step 3: Get your API key

Go to the API Keys page in your dashboard. Create a new key — you'll see it once, so save it somewhere safe.

Step 4: Configure Claude Desktop

Add this to your Claude Desktop MCP config:

{
  "mcpServers": {
    "querybear": {
      "url": "https://mcp.querybear.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Replace YOUR_API_KEY with the key from Step 3.

Step 5: Ask Claude about your data

Claude now has three tools:

  • run_query — Execute SQL against your database (validated through all 7 security layers)
  • view_schema — See your tables, columns, types, and relationships (minus private fields)
  • ask_database — Ask in plain English and get results

Try it: "Show me the top 10 customers by revenue this month."

What's next

This is our MVP. We're shipping fast and iterating based on what you need. Coming soon:

  • More database support (Snowflake, BigQuery)
  • Team API key management
  • Usage analytics and cost tracking
  • Custom security policies per API key

We'd love your feedback. Try it out and let us know what you think.

QueryBear

Want to try what I'm building?

Ask your database in plain English with permissions and auditing built in.

Learn more about QueryBear