Genledger Logo
Genledger
Back to blog
AI Engineering

AI agents need structured tools, not raw database access

Arvind Nedumaran

The pitch is compelling: connect your AI assistant to your database and let it answer any financial question in natural language. No more waiting for the data team. No more building dashboards. Just ask.

The reality is messier.

The raw access problem

When you give an LLM direct SQL access, you’re asking it to do three things simultaneously: understand the user’s intent, translate that intent into correct SQL against a schema it may not fully understand, and validate that the result makes sense financially.

It fails at all three more often than you’d expect. Schema ambiguity leads to wrong joins. Financial concepts like “revenue” mean different things depending on whether you’re talking about gross sales, net of refunds, or recognized revenue. And when the number looks plausible but is wrong, nobody catches it.

The security implications are worse. An unrestricted SQL connection means the AI can query anything the connection has access to — including data the person asking the question shouldn’t see.

Purpose-built tools

The alternative is to give AI agents structured tools with defined inputs, outputs, and guardrails. Instead of SELECT * FROM transactions WHERE..., the agent calls a reconciliation_report tool that:

  1. Accepts typed parameters (date range, location, source)
  2. Executes a vetted, optimized query path
  3. Returns structured results with match rates and confidence scores
  4. Respects the user’s access permissions
  5. Logs every invocation for audit

The agent doesn’t need to know SQL. It doesn’t need to understand your schema. It calls a tool, gets back structured data, and presents it to the user.

The MCP approach

This is why we built Genledger’s AI integration around the Model Context Protocol. Every operation — reconciliation, variance analysis, enrichment graph traversal — is exposed as a typed tool that any MCP-compatible AI assistant can call.

The tools enforce business logic that an LLM would have to guess at. “Reconcile these sources” handles partial matches, fee deductions, timing windows, and currency conversion. An LLM writing raw SQL would need to rediscover all of that from scratch every time.

The result: AI agents that give correct, auditable answers — because the hard financial logic lives in the tool, not in the prompt.

Genledger
 Genledger Logo (go home)

© 2026 Genledger AI.

Contact