AI Model Transparency

We believe in explainable AI. Here's exactly how VoxCore generates, validates, and scores SQL queries.

🤖 LLM & Prompt Engineering

🧠
Language Models
VoxCore uses state-of-the-art LLMs: Claude 3.5 Sonnet (default) or GPT-4 Turbo (optional). Both support 200K context windows for large schemas.
🎯
Prompt Architecture
Custom system prompts enforce safety constraints, SQL best practices, and data governance policies specific to your organization.
💾
Schema Injection
Your database schema is securely injected into the prompt context. LLM learns table names, columns, data types, and relationships.
Prompt Template Example
System Prompt
You are a SQL query generation assistant for [COMPANY]. Database: {database_type} Dialect: {sql_dialect} CONSTRAINTS: - Never access tables: employees, payroll, credentials - Use indexed columns for WHERE clauses - Limit result sets to 10,000 rows - Prefer CTEs over subqueries Available Tables: {schema_definition} User Request: {user_query} Generate safe, optimized SQL.

✓ SQL Validation

1
Syntax Validation
Parse SQL using dialect-specific parsers (TSQL, Snowflake, PostgreSQL). Invalid syntax is rejected immediately.
2
Semantic Analysis
Verify table/column existence, data type compatibility, and join conditions against your actual schema.
3
Injection Detection
AST analysis detects SQL injection patterns, malicious functions (xp_cmdshell, etc.), and suspicious operators.
4
Policy Enforcement
Cross-reference query against organization policies. Block access to restricted tables or sensitive columns.
5
Query Fingerprinting
Generate unique fingerprint for query type. Detect repeated patterns or known attack signatures.

📊 Risk Scoring Algorithm

0.0 - 0.15
LOW RISK
Safe to Execute
0.16 - 0.50
MEDIUM RISK
Review Before Execute
0.51 - 1.0
HIGH RISK
Blocked
Risk Scoring Factors
Factor Weight Example
SQL Injection Score 35% 0.0 = no injection patterns detected
Table Sensitivity 25% Accessing PII table = +0.3 risk
Policy Violations 20% Restricted column access = +0.25 risk
Operation Type 15% UPDATE/DELETE = +0.1, SELECT = 0.0
Anomaly Detection 5% Unusual query structure = +0.05 risk
Example Risk Calculation
Query: "Show revenue by region"
SQL Injection Score: 0.00 (no patterns) Table Sensitivity Score: 0.05 (public tables) Policy Check: 0.03 (minor column audit) Operation Type: 0.00 (SELECT only) Anomaly Score: 0.00 (standard pattern) ───────────────────────────────────── FINAL RISK SCORE: 0.08 (LOW) RECOMMENDATION: ✓ EXECUTE

⚙️ Prompt Controls & Configuration

🔒
Safety Guardrails
Configure forbidden operations (DROP TABLE, TRUNCATE), restricted tables (payroll, PII), and required audit fields.
📋
Organization Policies
Define data governance rules: who can access what tables, column-level restrictions, and compliance requirements.
🎓
Few-Shot Examples
Provide example questions and expected SQL to improve LLM accuracy for your specific database dialect and conventions.
Policy Configuration Example
Organization Policy
{ "restricted_tables": [ "employees", "payroll", "credentials" ], "restricted_columns": { "customers": ["ssn", "credit_card"], "orders": ["payment_method"] }, "max_result_rows": 10000, "require_where_clause": true, "forbidden_operations": [ "DROP", "TRUNCATE", "ALTER TABLE" ], "audit_required": true }

🛡️ Multi-Layer Validation

1️⃣
Pre-Execution Check
Before any query touches your database, VoxCore validates against 50+ security rules and your custom policies.
2️⃣
Query Timeout
Auto-kill long-running queries (default 30s). Prevents accidental full-table scans and resource exhaustion.
3️⃣
Result Sanitization
Mask PII in results before returning to user. Redact sensitive data based on user permissions.

🔄 VoxCore vs Traditional SQL Learning

Aspect Traditional SQL Tools VoxCore with LLM
Learning Curve 6-12 months to master SQL Natural language (30 seconds)
Security User discipline + access controls AI firewall + policy enforcement
Audit Trail Database logs (hard to parse) Automatic, user-friendly audit trail
Query Optimization Manual (requires expertise) AI suggests optimal indexes
Risk Scoring ❌ Not available Every query scored (0.0-1.0)
Governance Manual policy enforcement Automatic enforcement + blocking

🔐 Privacy & Data Security

🌐
No Data Storage
VoxCore never stores your data. Queries execute directly on your database. Results cached temporarily for performance only.
🔐
Encrypted Transmission
All queries and results transmitted via TLS 1.3. Database credentials stored encrypted in AWS Secrets Manager.
📝
Audit Logging
Every query logged with user, IP, timestamp, risk score, and result. Immutable audit trail for compliance (SOC 2, HIPAA).

Ready to See VoxCore in Action?

Test the AI SQL engine with your own database. See risk scores, governance, and audit trails in real-time.