Querona for AI#
Querona is a dynamic data layer for AI: it lets large language models (LLMs) and AI agents reach live, governed data across all your systems, without first copying or replicating it anywhere.
Why AI needs fresh data#
An LLM is only as good as the context it is given, and for most real questions that context has to be current. Consider the kind of questions users actually put to an AI assistant:
A banking assistant explaining why a payment did not clear needs the live transaction and its current status, the account balance and limits, and the rules in force at that moment.
A risk assistant profiling a client needs their latest account and card activity, the current internal score, and any open AML alerts.
A fleet manager checking that every vehicle is still covered needs live policy data — which vehicles are active, and when each policy lapses.
A model answering these from yesterday’s snapshot — or from data copied into a separate vector store or warehouse — is confidently wrong. The value is in the freshness, and freshness is exactly what copying destroys.
Serve live data to agents over MCP#
Querona exposes your data to AI through the Model Context Protocol (MCP) endpoint, alongside its SQL Server (TDS), REST and GraphQL endpoints. The flow is:
Connect the source systems — relational databases, REST and SaaS APIs, files, big data and more (see Connections).
Model what the agent may use as virtual tables, views and functions in a virtual database. For REST/OpenAPI sources, Querona auto-generates parameterized tabular functions from the API definition, so an operation becomes a function you can query with plain SQL.
Expose those objects automatically over MCP. The agent calls them at question time and gets an answer computed against the live sources — nothing was replicated.
Because Querona federates instead of ingesting, the agent always sees the current state of the underlying systems. There is no pipeline to keep in sync, and no second copy of sensitive data to secure.
The agent also never writes SQL against your systems. Over MCP it sees a fixed set of typed, governed operations — reads, aggregations, writes where the granted role permits, and calls to the functions you exposed — so its access is deterministic and stays inside the roles you granted. That removes the usual risk of a model hand-writing a query that is subtly, confidently wrong.
Governed like every other consumer#
Exposing operational data to an LLM is only safe if the same controls apply. Data reached over MCP passes through the same governance as data reached over SQL or a BI tool: row- and column-level security, dynamic data masking, pseudonymization, and access rules that depend on the user, group or role (see Data Security). The model only ever sees what the calling identity is allowed to see.
AI functions inside SQL#
Querona has also long offered AI scalar functions that call cloud AI models directly from T-SQL, so enrichment can happen as part of an ordinary query (see Functions). These predate today’s GenAI platforms and complement the MCP story: AI both consumes data from Querona and can be called from within it.
How this differs from copy-first AI stacks#
Most AI data plumbing begins by moving data — mirroring tables into a lake, loading a warehouse, or embedding everything into a vector store — and then points the model at the copy. Querona inverts that: the data stays where it lives, and the model reaches it on demand through a governed virtual layer. Copy only when there is a reason to (see Materialization); otherwise, serve it live.
See also
Open data endpoints — the REST, GraphQL and MCP endpoints
Data virtualization — the no-copy foundation this builds on
Data Security — security and governance applied to every consumer