{"ID":2857682,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.09567","arxiv_id":"2510.09567","title":"Safe, Untrusted, \"Proof-Carrying\" AI Agents: toward the agentic lakehouse","abstract":"Data lakehouses run sensitive workloads, where AI-driven automation raises concerns about trust, correctness, and governance. We argue that API-first, programmable lakehouses provide the right abstractions for safe-by-design, agentic workflows. Using Bauplan as a case study, we show how data branching and declarative environments extend naturally to agents, enabling reproducibility and observability while reducing the attack surface. We present a proof-of-concept in which agents repair data pipelines using correctness checks inspired by proof-carrying code. Our prototype demonstrates that untrusted AI agents can operate safely on production data and outlines a path toward a fully agentic lakehouse.","short_abstract":"Data lakehouses run sensitive workloads, where AI-driven automation raises concerns about trust, correctness, and governance. We argue that API-first, programmable lakehouses provide the right abstractions for safe-by-design, agentic workflows. Using Bauplan as a case study, we show how data branching and declarative e...","url_abs":"https://arxiv.org/abs/2510.09567","url_pdf":"https://arxiv.org/pdf/2510.09567v1","authors":"[\"Jacopo Tagliabue\",\"Ciro Greco\"]","published":"2025-10-10T17:18:36Z","proceeding":"cs.AI","tasks":"[\"cs.AI\",\"cs.DB\"]","methods":"[]","has_code":false}