Wren AI SecuritySECURITY

Governed GenBI, from prompt to SQL.

Wren AI puts identity, semantic policy, query execution, and auditability in the path of every answer, whether the caller is a teammate, an embedded app, or an AI agent using MCP.

Policy point

Semantic layer

Metrics, relationships, joins, and permission rules live in the governed Wren AI context layer.

Every caller

UI, API, MCP

One control path applies to dashboards, embedded analytics, Slack, Teams, and agent clients.

Deployment

Cloud to air-gap

Run in Wren Cloud, your private cloud, your own infrastructure, or an air-gapped environment.

01Mechanisms

Security claims you can trace through the product.

Every security claim maps to a visible Wren AI mechanism: identity, semantic policy, execution controls, agent boundary, deployment boundary, and audit evidence.

02Security architecture

The control plane sits before the query runs.

Wren AI does not treat governance as a review step after an answer is produced. The request is resolved through identity, project permissions, semantic definitions, row and column controls, SQL validation, and audit logging before results reach the user.

OIDC and workspace roles identify who is asking.

The MDL semantic layer constrains metrics, joins, and business logic.

RLS and CLS are applied at query time before execution.

SQL and answer lineage are recorded for review.

03Agent governance

Expose data to agents without bypassing controls.

MCP makes Wren AI available to agentic tools, but the agent does not get a side door to the warehouse. Claude, Cursor, custom copilots, Slack, Teams, embedded apps, and API callers resolve through the same governed endpoint.

One MCP and API boundary for humans and agents.

Reusable skills and memory stay grounded in the semantic model.

Every agent request inherits project access and data controls.

Generated SQL remains inspectable instead of hidden in a black box.

04Data residency

Keep Wren AI inside the boundary you trust.

Use Wren AI as managed cloud, private cloud, self-hosted infrastructure, or fully air-gapped deployment. Connect to your existing warehouse and operational sources without rebuilding pipelines or migrating sensitive data into a new analytics silo.

Connect to 20+ data sources where they already live.

Bring your own LLM for tighter data and model control.

Project isolation keeps tenants and business units separated.

Audit logs help prove who asked what and which query ran.

05Control surface

Built for the review your data team actually runs.

Identity, permissions, semantic policy, query controls, deployment choice, and evidence, organized as controls your security team can inspect.

01

Identity and access

Connect Wren AI to your identity provider with OIDC, assign workspace and project roles, and keep access reviews aligned with existing enterprise governance.

02

Row and column controls

Apply row-level and column-level security in the governed query path so sensitive records and fields are filtered before users or agents receive results.

03

Semantic guardrails

Define metrics, relationships, calculated fields, and business terms once in MDL so prompts resolve through approved logic instead of improvised joins.

04

Auditability

Review activity logs, generated SQL, project usage, and answer lineage to understand who accessed data and how a number was produced.

05

Deployment control

Choose Wren Cloud, private cloud, self-hosted, on-prem, or air-gapped deployment based on your security and procurement requirements.

06

Agent-safe APIs

Serve the same governed context to Wren UI, embedded apps, Slack, Teams, APIs, and MCP clients without duplicating policy logic per channel.

Security walkthrough

Bring agentic analytics to security review.

Show your security, platform, and data teams how Wren AI keeps natural-language analytics inside a governed execution path.