Is it possible to connect an AI model directly to an external database, so that data can be retrieved using natural language prompts instead of manually writing SQL queries?
Hello ArunKumar,
If we are referring to data retrieval only, this can be achieved using the GetGroundingData action within the AI Agent’s logic flow.
You can serialize the required external database data and pass it to the system prompt along with the user prompt. For example, if a user types:“Get me all records whose salary is below 3000,”
In SQL terms, this would translate to:
SELECT * FROM Employee WHERE Employee.Salary < 3000.
Based on the grounding data (which contains the external database information) and the user prompt, the AI agent can interpret the request and filter the data accordingly. On the UI side, you may deserialize the response if needed. Alternatively, you can use Structured Output in the Call<Agent> action under the Structured Output tab to handle the response in a cleaner and more structured manner.
If you are referring to allowing the agent to directly write and execute SQL queries, this is not recommended. Doing so would effectively grant the agent permission to manipulate database operations, including write actions. Even with proper configuration and safeguards, there remains a slight risk of unintended behavior. Additionally, from a security perspective, the agent might generate queries without proper encoding or parameterization, potentially exposing the system to SQL injection vulnerabilities.
Thanks for your answer.
You’re welcome.
That's an interesting question and I think it's impossible for the reasons Sherif mentioned.
Yes, it is possible — but the recommended approach is not to give the AI direct database access. Instead, you let the AI generate SQL based on natural language, and your application executes it in a controlled and secure way.
A safe and scalable pattern looks like this:
Step 1 — System Prompt with Schema Context
Provide the AI with a system prompt that includes:
Database schema overview
Which tables to use for which types of questions
Clear rules and limitations
Example intent → SQL mappings
This helps the model reliably convert natural language into SQL.
* Example System Prompt
You are a SQL assistant. Convert user questions into PostgreSQL SELECT queries. Schema: Product(Id, Name, Price, Currency, Stock) Orders(Id, ProductId, Quantity, Date) Rules: ONLY generate SELECT queries NEVER generate INSERT, UPDATE, DELETE, DROP, or CREATE Use Product table for price/stock questions Use Orders table for sales/history questions Always return results as JSON Prefer jsonb_build_object/jsonb_agg Limit results when possible
Example:
SELECT jsonb_build_object(
'productId', p.Id,
'productName', p.Name,
'price', p.Price,
'currency', p.Currency,
'stock', p.Stock
)::text AS json_result
FROM {Product} p
LIMIT 1;
Step 2 — Tool / Action to Execute SQL
Instead of allowing the AI to run queries directly:
Create a tool/action in your app
The tool description tells the AI when to use it
The tool executes SQL on your backend
The tool returns JSON text
Example tool description:
ExecuteSQL Executes read-only SELECT queries Returns JSON text Rejects non-SELECT statements
In OutSystems, this can be an Advanced SQL action with a Text Output Parameter returning JSON.
Step 3 — Security & Governance (Very Important)
1. Restrict Query Types
Explicitly instruct the model to generate only SELECT queries. Block any write operations.
2. Limit Database Access
Use a DB user with:
Read-only permissions
Access only to required tables/views
No schema modification rights
3. Logging & Monitoring
Implement logging to track:
Which user asked which question
Generated SQL queries
Execution time
Returned results
This helps with:
Auditing
Debugging
Abuse detection
Performance monitoring
* Recommended Flow
User Question ↓AI generates SELECT SQL ↓Backend validates SQL ↓Execute via tool/action ↓Return JSON ↓AI formats response