AegisAI is the identity layer between AI agents (Copilot, Joule, Claude, ChatGPT, Gemini) and Databricks. Per-user identity propagation. Databricks's own access controls stay in charge. Every decision HMAC-audited.
⧉ IN ACTIVE DEVELOPMENT: 14-day sprint to LIVE state. Workspace OAuth integration, Unity Catalog grant honoring, lakehouse-level identity propagation.
⧉ PILOT-ELIGIBLE Q3 2026: Available during customer pilot engagements. We build against your Databricks workspace in parallel with the customer's pilot.
Databricks Free Edition is the sandbox we develop against. Once connector is LIVE, it's reusable across customer workspaces with config only.
Databricks' Unity Catalog is the modern lakehouse permission model — workspace grants, catalog grants, schema grants, table grants, row filters, column masks. Service-account integration bypasses all of it. Your data platform team spent two quarters on Unity Catalog. The AI assistant should respect those quarters, not undo them.
Databricks supports per-user token authentication via OAuth user-to-machine flow. AegisAI propagates the calling user's identity to the Databricks REST API. Unity Catalog grants fire against the actual user. Notebook permissions still apply. The audit log shows the actual analyst, not a shared integration token.
Workspace, catalog, schema, table, and view grants all fire against the calling user. No new permission work.
Unity Catalog row filters and column masks apply per-user, exactly as the data team designed.
Notebook-level permissions and cluster access controls still apply. The AI assistant cannot access notebooks the user can't.
Databricks audit log shows the actual user, not an integration token. Compliance teams stay happy.
Federation queries to external warehouses (Snowflake, BigQuery) work — each federated source gets the propagated identity.
Works in front of Genie spaces and AI/BI dashboards with per-user grant enforcement.
Three patterns enterprises try when AI meets Databricks. Only one survives an audit.
| Capability | Service-account integration | Generic API gateway | AegisAI |
|---|---|---|---|
| Per-end-user audit attribution | ×Integration account at best | ×Token logged, identity lost | ✓Databricks sees the actual user |
| Databricks native permissions enforced | ×Bypassed by broad scope | ×Gateway is at wrong layer | ✓Databricks's IAM is sole arbiter |
| Tamper-evident audit chain | ×Logs only | ×Logs only | ✓HMAC hash chain, re-walkable |
| Fail-closed on infra outage | ×Depends on app code | Partial | ✓Redis / Postgres down → deny |
Yes. AegisAI talks to the workspace REST API, the SQL endpoint, and the lakehouse API. Per-user identity propagates to all three.
AegisAI does not use a shared PAT. It uses per-user OAuth tokens or service principal on-behalf-of flows so each user's identity reaches Databricks.
Yes. Genie spaces respect Unity Catalog grants, and AegisAI ensures the user identity reaches Genie so grants apply correctly.
Yes. Databricks' system.access.audit table will show the actual user identity, matched to AegisAI's HMAC audit row by trace_id.
Delta Sharing recipient identity is enforced by Databricks. AegisAI doesn't change that — it ensures the user's identity is what hits the share.
30-minute architecture call. We open the operator console and run real queries through your stack — see the audit chain tick up in real time.
