Duly Noted

On one hand, I’m happy that there is now a standard for exposing databases to more applications. But nobody should trust an application with unfettered database access, whether it is via MCP or the system’s regular API. And it remains good practice only to grant minimal privileges to accounts. Restricting accounts is especially important with unmonitored agents that may start going wild all up in your database.

_{Quote Citation: @andy_pavlo, “Databases in 2025: A Year in Review // Blog // Andy Pavlo - Carnegie Mellon University”, January 04, 2026, https://www.cs.cmu.edu/~pavlo/blog/2026/01/2025-databases-retrospective.html}