When attackers can transfer from figuring out a weak spot to launching a full exploit in below half-hour, the previous safety playbook begins to look dangerously outdated. That compressed timeline is the uncomfortable backdrop to Oracle’s newest push to reframe its Oracle AI safety technique round one basic thought: defend the information itself, on the database layer, earlier than anything can attain it.
Key takeaways
- In line with the 2026 CrowdStrike International Risk Report, the typical assault breakout time is now 29 minutes, a 65% improve in pace since 2024, with AI-enabled adversary exercise up 89%.
- Oracle’s AI safety technique is constructed on three pillars: Safe at Supply, Safe at Pace, and Safe by way of Resilience, every focusing on a definite failure level in enterprise defenses.
- Key instruments together with the Database Lifecycle Administration Pack and Exadata Administration Pack can be found free till February 28, 2027, with GoldenGate and associated licenses discounted by 90% by way of Might 31, 2027.
- Oracle’s in-database controls — together with SQL Firewall, Database Vault, and Deep Information Safety — implement coverage on the engine degree, making them a lot tougher to bypass than application-layer alternate options.
- Oracle shed roughly 21,000 roles globally previously 12 months as the corporate realigns round AI infrastructure and cloud companies.
The AI-Accelerated Risk Atmosphere
The numbers are stark. The 2026 CrowdStrike International Risk Report places the typical assault breakout time — the window between an adversary gaining preliminary entry and transferring laterally by way of a community — at simply 29 minutes. That represents a 65% acceleration in comparison with 2024. In the meantime, AI-enabled adversary actions have surged by greater than 89%, as risk actors use the identical generative instruments enterprises are embracing to jot down exploit code, determine vulnerabilities, and scale campaigns at machine pace.
For safety groups, this successfully eliminates the buffer that handbook response processes as soon as relied on. However the risk atmosphere isn’t nearly quicker attackers. There’s a second, quieter stress constructing inside enterprise partitions.
AI brokers opening new assault surfaces
As organizations deploy AI brokers and AI-generated purposes, these methods typically work together straight with delicate databases by way of pathways that conventional entry controls have been by no means designed to manipulate. An AI agent performing autonomously on behalf of a person might carry that person’s credentials whereas accessing much more information than any human session would. If these pathways are overprivileged — and lots of are — attackers who compromise an agent or a credential achieve disproportionate entry immediately.
That is exactly the hole Oracle is positioning itself to shut. Moderately than counting on perimeter defenses or application-level controls that AI brokers can route round or that misconfiguration can quietly disable, the argument is that safety must reside the place the information truly lives.
Oracle’s Database-First AI Safety Technique
Oracle’s method facilities on embedding safety controls straight into the database engine — not layered above it. The logic is easy: any coverage enforced on the software layer may be bypassed by a special software, an API, or an autonomous agent connecting by way of a special methodology. A management contained in the database engine applies to each entry, no matter origin.
Three pillars of safety: Safe at Supply, Safe at Pace, Safe by way of Resilience
The technique is organized round three distinct operational challenges enterprises face when defending data-rich environments.
Safe at Supply addresses the place safety coverage is definitely enforced. Oracle’s place is that safety wants to sit down contained in the database, not in software code that varies by system or crew. This pillar covers Deep Information Safety, which applies fine-grained, identity-based authorization throughout relational, vector, and lakehouse information sources with out requiring information motion. It additionally consists of the In-database SQL Firewall, which blocks unapproved SQL execution on the engine degree in a means that can not be circumvented by way of software code, and Database Vault, which separates administrative duties to restrict what a compromised privileged account can truly entry or injury.
Safe at Pace tackles one of the crucial persistent operational failures in enterprise safety: sluggish patching. Traditionally, regression testing necessities and tight upkeep home windows have made patch deployment a months-long course of. As AI shortens attacker timelines, that delay turns into more and more pricey. Instruments below this pillar embody the free Database Lifecycle Administration Pack and Exadata Administration Pack, which centralize patch deployment throughout databases, grid infrastructure, and Exadata methods. Discounted licenses for GoldenGate, GoldenGate Veridata, and Actual Software Testing help validated switchovers between synchronized environments and pre-production testing of patches, lowering the chance {that a} routine replace breaks one thing in manufacturing.
Safe by way of Resilience accepts that prevention finally fails and focuses on restoration. Zero Information Loss Restoration targets restoration to the final transaction following ransomware or corruption occasions, with the goal of eliminating information loss fairly than merely minimizing it. The Globally Distributed AI Database makes use of Raft-based replication to keep up software availability by way of web site or infrastructure failures, whereas Oracle Most Availability Structure offers the architectural finest practices framework tying backup, replication, and catastrophe restoration collectively.
Why database-layer enforcement issues for AI workloads
The Deep Information Safety functionality deserves specific consideration within the context of agentic AI. By imposing identity-based authorization straight within the database — spanning relational, vector, and lakehouse sources — it ensures that an AI agent working on a person’s behalf can solely entry information that person is explicitly approved to see. The enforcement occurs on the level of information retrieval, not on the software layer, which implies no workaround by way of a special API or connection methodology modifications what the agent can attain. That’s a significant architectural distinction as enterprises more and more let AI methods question delicate information autonomously.
Short-term Pricing and Packaging Incentives
Oracle is pairing its technique with a time-limited pricing shift designed to scale back the procurement friction that has traditionally delayed safety funding. A number of instruments can be found without charge by way of February 28, 2027, together with the Database Lifecycle Administration Pack, the Exadata Administration Pack, and Information Secure — which handles database safety evaluation, delicate information discovery, and exercise monitoring. A future launch, Database Safety Central, with related centralized danger visibility capabilities, can also be included within the free providing.
By means of Might 31, 2027, Oracle is providing 90% reductions on one-year time period licenses for GoldenGate and GoldenGate Veridata, together with Actual Software Testing. The sensible objective behind these incentives is particular: get clients to automate patching workflows, implement identity-based information governance, and validate restoration processes earlier than the window closes. The capabilities constructed throughout this era are supposed to persist nicely past the promotional phrases.
The pricing transfer displays an acknowledgment that safety instrument adoption gaps aren’t at all times about willingness — they’re typically about value and complexity. Organizations which have deprioritized Oracle Database hardening because of procurement cycles or funds constraints now have a lower-friction path to implementing controls that many ought to have deployed already.
Aggressive Positioning and Business Context
Oracle competes straight with Microsoft and Amazon Internet Providers, each of which have constructed more and more complete safety and governance layers throughout their cloud platforms. Microsoft and AWS have leaned closely into identity-centric safety fashions that span databases, analytics, and AI workloads — a coherent method for organizations operating totally on these ecosystems.
Oracle’s differentiator is architectural management. As a result of the corporate builds the database engine, the administration aircraft, the safety controls, and the restoration stack, it will probably implement protections at layers that exterior overlay merchandise can not attain. Capabilities just like the SQL Firewall and Database Vault function contained in the database atmosphere, making them structurally tougher to bypass than monitoring instruments utilized above it. That’s a significant benefit — however one which applies primarily to Oracle Database environments, a boundary Oracle’s opponents will be aware.
The sphere additionally consists of specialised information safety posture administration distributors like Veeam, which concentrate on discovering delicate information, monitoring entry patterns, and imposing governance throughout heterogeneous environments that embody non-Oracle databases, cloud platforms, and SaaS purposes. These capabilities deal with the cross-platform sprawl that Oracle’s database-centric method doesn’t absolutely cowl, and signify a complementary layer in any enterprise’s safety structure fairly than a direct substitute.
What Oracle is basically betting on is that as AI brokers proliferate and work together with structured information at scale, the database turns into essentially the most strategically invaluable management level — extra sturdy than application-layer coverage, extra exact than network-level monitoring. Whether or not that framing captures sufficient of the enterprise safety dialog to shift aggressive positioning meaningfully depends upon how briskly AI-driven information entry patterns drive organizations to rethink the place their actual perimeter sits.
Price noting within the broader context: Oracle disclosed in its newest annual report that it shed roughly 21,000 roles globally over the previous 12 months — about 13% of its workforce — because it reshapes operations round AI infrastructure and cloud companies. The corporate recorded roughly $1.8 billion in severance and restructuring prices throughout that interval, a pointy improve from the $374 million recorded the prior 12 months. That restructuring is the organizational backdrop to an organization concurrently doubling down on AI-embedded safety and racing to construct out information heart capability for AI clients together with OpenAI and Meta.
FAQ
How rapidly can AI-enabled attackers exploit vulnerabilities?
In line with the 2026 CrowdStrike International Risk Report, AI-enabled attackers have compressed the typical assault breakout time to only 29 minutes, a 65% improve in pace in comparison with 2024, with AI-enabled adversary exercise up 89% total.
What’s Oracle’s core method to AI safety?
Oracle facilities its AI safety technique on data-first safety enforced on the database layer, making certain constant safety controls apply to each software, person, and AI agent accessing information — whatever the connection methodology used.
Which Oracle instruments are supplied free or discounted to assist with AI safety?
The Database Lifecycle Administration Pack and Exadata Administration Pack can be found free till February 28, 2027. GoldenGate, GoldenGate Veridata, and Actual Software Testing licenses can be found at a 90% low cost by way of Might 31, 2027.
What are the three pillars of Oracle’s AI safety technique?
The three pillars are Safe at Supply (data-layer controls together with SQL Firewall, Database Vault, and Deep Information Safety), Safe at Pace (automated patching and alter validation), and Safe by way of Resilience (zero information loss restoration, distributed replication, and catastrophe restoration structure).
Article produced with the help of synthetic intelligence and reviewed by the editorial crew.