Starburst CISO Explains Federated Query Security Controls
Starburst appointed Paras Malhotra as Chief Information Security Officer, effective June 2026, per a BusinessWire announcement and trade coverage from ITPro and EfficientlyConnected. Malhotra joins from Datadog, where he was senior director of information security, after nearly a decade at AWS including principal manager for Security Assurance. In an interview with Help Net Security, Malhotra described how Starburst evaluates access policy once at the federated query engine, above native source permissions, before a query reaches underlying systems, and said the program tracks vendor risk across more than 200 partners and connectors. He also described treating AI agents that query data, including those using AIDA and reaching data via MCP endpoints, as scoped service accounts with short-lived credentials and accountable owners. Editorial analysis: these controls map to practical patterns for governing autonomous agents and limiting lateral data access in federated architectures.
What happened
Starburst appointed Paras Malhotra as Chief Information Security Officer, effective June 2026, reported by ITPro and announced via BusinessWire. Malhotra leads information security, governance, risk and compliance, and product security across Starburst's SaaS and on-premises offerings. He joins from Datadog, where he was senior director of information security, and previously spent nearly a decade at AWS, including principal manager for AWS Security Assurance.
Federated query controls
In an interview with Help Net Security, Malhotra described how Starburst layers access control at the query engine, above native source permissions. He said every query passes through a single policy evaluation before it reaches the underlying source, with source-level permissions acting as an additional enforcement layer. He also said the governance program tracks vendor risk across more than 200 partners and connectors.
Governing AI agents
Malhotra described treating AI agents that generate queries, including those using AIDA and reaching data through MCP endpoints, as scoped service accounts with short-lived credentials and accountable owners. Per the interview, the approach is intended to preserve auditability and limit blast radius, and includes defenses against prompt injection when translating natural language into SQL.
Editorial analysis - why it matters
Federated query engines inherit diverse access models from object stores, warehouses, and relational systems, which makes consistent authorization hard. Treating autonomous agents as service accounts with short-lived credentials and explicit owners is an industry pattern that reduces an agent's effective blast radius and improves traceability. A single, centralized policy evaluation also reduces the chance of mismatched permissions between the federation layer and underlying sources. As enterprises wire LLM agents into live data through emerging interfaces like MCP, these controls address recurring operational risks around third-party connectors and autonomous access.
What to watch
- •Whether Starburst publishes technical guidance on MCP endpoint scoping, credential rotation, and audit logging.
- •Customer or partner signals on agent lifecycle management and connector vetting.
- •Third-party evaluations or compliance attestations of the layered access-control model.
Scoring Rationale
A single-vendor CISO appointment paired with a substantive interview detailing concrete, transferable controls for federated-query and AI-agent governance (centralized policy evaluation, scoped service-account credentials, MCP endpoint scoping). Genuinely useful to practitioners hardening agentic data access, but a personnel-plus-thought-leadership story rather than a major industry event, so it sits in the solid-but-not-landmark band.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
