How Skyflow ends the false choice of block or unblock for Agent data

For years, enterprise security ran on a simple principle: if a system or user shouldn’t have access to sensitive data, you block it; if they should, you unblock it. That binary worked well enough when the things accessing data were predictable: applications, databases, and human employees following defined workflows.

But AI Agents are none of those things. They’re autonomous, non-deterministic, and they need access to your most sensitive data to be useful. Block them, they’re useless. Unblock them, and you risk losing control over what they can access and how they act.

“The blocking-unblocking cycle is over,” says Anshu Sharma, cofounder and CEO of Skyflow, a runtime AI data control platform protecting sensitive customer data for companies ranging from two-person startups to Walmart and Visa. “We know we have to unblock these Agents. The question is how.”

“All hell broke loose”

“The first generation of large language models was…basically talking to Wikipedia,” says Sharma. It was a very sophisticated search interface with a limited security surface.

“The second generation of Agents, turns out, is not about finding out what the capital city of Iran is,” he says, “but it’s actually about finding out, when does my lease expire, and can an Agent go ahead and create a document that extends my lease?”

That shift from retrieval to action transforms the risk profile. Agents are calling APIs, connecting to databases, writing records, and triggering workflows. And to do any of that meaningfully, they need access to the most sensitive data an organization holds. But unlike a human employee, they don’t always follow predictable paths to get it.

“All of this mess is uncontrolled because the Agents are fundamentally non-deterministic.”

Legacy security systems were not built to handle this.

And the consequences of getting it wrong are already materializing. In March 2026, an autonomous OpenClaw Agent breached McKinsey’s internal genAI platform, Lilli, gaining read-write access in under two hours. It used basic, well-known software vulnerabilities in endpoints designed for humans, not Agents, revealing the weaknesses in traditional defense.

“The moment we went from the generative aspect of LLMs…to the work aspect of Agents, everything changed,” says Sharma. “All hell broke loose.”

Read on: How Skyflow is building the trust layer for Agents

Legacy tools like data loss protection engines, traditional firewalls, and data security posture management platforms were built on a binary assumption that no longer holds, says Sharma. “Either you are a bad actor, and you should not have access at all, or you’re a good actor, and then you have the keys to the kingdom.”

Take an airline that wants to build an Agent: It needs a customer’s frequent flyer number, credit card number, email address, and phone number. A firewall either blocks everything and renders the Agent useless, or it lets everything through and creates unacceptable risk. Neither is a viable outcome.

What customers want now, says Sharma, is granular visibility and a genuine control layer — something the old architecture could never provide. “They want to know exactly what an Agent does. What can it see? What can it read? What can it update?”

Give Agents what they need, and nothing else

Skyflow’s approach centers on what it calls a polymorphic engine.

“We basically don’t block or unblock data,” says Sharma. “We actually transform it.” The platform creates polymorphic projections, which are targeted, task-specific representations of sensitive data — it fulfills precisely what the task requires and nothing else. That means an age verification check doesn’t need a user’s date of birth; it just needs confirmation that the user is over 21.

“One of the myths in the security industry is what I call the ‘either or’ fallacy: Either I can protect the data, or I can use the data.”

This requires security controls that operate in real time, at the moment of each Agent action, rather than traditional static policies that run on a weekly scan cycle. “Since your Agents are now runtime and non-deterministic, the security platform…needs to behave like that,” says Sharma. “We built Skyflow with that premise from day one.”

Hardware won’t solve data sovereignty

Beyond the immediate Agent security problem, Sharma warns that there is a longer-term regulatory challenge that most enterprises aren’t prepared for.

Data sovereignty requirements, which require that personal data be stored and processed within national borders, are becoming increasingly common. The obvious response is to build local infrastructure in every market you operate in, but that’s not practical or affordable for most businesses, argues Sharma.

“[NVIDIA CEO] Jensen [Huang] wants you to buy a GPU cluster in every country you operate in. Now maybe that’s feasible for the largest oil company in the world, but it’s not going to be feasible for the third-largest airline operating in 37 countries. There is no way in hell a third-largest airline is going to have 37 GPU clusters just because you want to be able to rebook your flight.”

“Instead of trying to replicate everything I do, why don’t I just protect the sensitive data?”

Skyflow’s solution is to secure sensitive data at the source, locally, and send only anonymized, tokenized versions through the rest of the workflow. It’s compliance without a data center on every continent, says Sharma.

“If the data is locally resident and protected using our polymorphic engine, then you can actually serve customers in Saudi Arabia, Bahrain, and Qatar from the same data center.”

The future architecture

Ultimately, Sharma sees Skyflow’s role as building a privacy layer that makes secure enterprise AI accessible to everyone.

Blocking, unblocking, the sovereignty debate, the rogue Agent risk — these are all variations of the same underlying problem. Enterprises need to use sensitive data to make AI work without losing control. Skyflow is offering to do just that.

“If you’re building Agent tech applications, you don’t need to go pay $100M to Palantir,” he says. “You can work with Skyflow plus Databricks*, or Snowflake plus Anthropic* and OpenAI*. That’s the new architecture that’s open.”

*Editor’s note: Insight Partners has invested in Skyflow, Databricks, Anthropic, and OpenAI.