We were toying around with an LLM-based data exploration system at work (ask question about data, let LLM pull and summarize data) and found gated APIs were much easier to manage than raw SQL.
We switched to GraphQL where you can add privilege and sanity checks in code and let the LLM query that instead of arbitrary SQL and had better results. In addition, it simplified what types of queries the LLM needed to generate leading to better results.
Imo connecting directly to SQL is an anti pattern since presumably the LLM is using a service/app account instead of a scoped down user account.