All answers
Automation & MCP

How do you build guardrails so an AI assistant can only take specific, allowed actions on a database?

51:24From the June 25 call · Cash's AI-Built Real Estate Accounting Platform Demo

The Kestrel AI assistant runs through an API and is given very limited, proactive-permission access to only the firm's own data and only the specific actions the firm allows -- described as an 'allow list' model ('you can only do these things') rather than a blocklist model ('don't do this'). This is enforced through an MCP (Model Context Protocol) server, which acts as the contract between the AI and the database, defining exactly what it can do, how, and when. Because of this, prompt-engineering attacks or attempts to get the assistant to do something outside its scope (the example given: asking it to teach you how to bake a cake) simply don't work -- it will just decline. This approach was described as a huge benefit for guardrails and reproducibility.

The full answer is members-only

Membership is free. Apply and get this answer, the recording, and the rest of the library.

Apply to join

Already a member? Sign in

How do you build guardrails so an AI assistant can only take specific, allowed actions on a database? · The AI Lab for Accountants