MortarIQStart for free

Security · June 13, 2026

How MortarIQ scores AI readiness without reading your data.

By the MortarIQ Founder · 4 minute read

The most common reason an AI readiness check never happens is not budget or time. It is the security review. The moment a tool asks to connect to a production warehouse, a data leader has to ask what it can see, and for most tools the honest answer is “more than you would like.” MortarIQ was built to give a different answer. It scores your data estate for AI readiness from catalog metadata alone. It never runs a SELECT against your tables, and it never reads a row.

That constraint is not a limitation we apologize for. It is the design. A readiness assessment should tell you whether your data is documented, classified, fresh, and governed well enough to build AI on, and every one of those questions can be answered from the structure around your data rather than the values inside it. Here is what that means in practice, what a metadata-only scan can and cannot see, and why it is the method most likely to clear your security review instead of stalling in it.

What “metadata only” actually means

Your warehouse holds two very different things. There are the rows: the customer emails, transaction amounts, and health records your access policies exist to protect. And there is the metadata about those rows: table and column names, data types, descriptions, documentation coverage, freshness timestamps, declared relationships, masking policies, and classification tags. MortarIQ reads only the second kind.

Metadata is enough to answer the readiness question because readiness is a property of how your data is organized and governed, not of any single value. Whether a column is documented, whether a table was updated in the last week, whether anything is tagged as personal data, whether a masking policy is applied: all of that lives in the catalog. We can measure it without ever seeing the email address in the row beneath it.

The six factors of AI data readiness scored by MortarIQ: Clean, Contextual, Consumable, Current, Correlated, and Compliant

The six factors, scored from the catalog

MortarIQ grades your estate against the six factors of AI-ready data. Each one resolves to something measurable in metadata:

Clean. Completeness and typing signals, declared constraints, and the null and error patterns described in the schema.

Contextual. Documentation coverage. How much of your data carries a description a model or an engineer can rely on, instead of tribal knowledge.

Consumable. The structure, formats, and identifiers that decide whether data can feed RAG, training, or inference without a rebuild.

Current. Freshness enforced by infrastructure. When each table was last updated, and whether that is recent enough for the workload you are building.

Correlated. Declared relationships and lineage, so a value can be traced from source to the AI decision it informs.

Compliant. Classification and access. What is tagged as sensitive, what is masked, and whether governance is enforced rather than assumed.

You get a score, your single biggest blocker named in plain language, and a prioritized list of fixes with the estimated score gain for each. For the deeper version of the six factors, see Is your data ready for AI?

How the connection is locked down

Metadata-only is the contract. The access model is how we keep it.

Read-only connectors. You grant a metadata-viewer role, nothing more. There is no write path and no way to read row data, by construction.

Least privilege, fully auditable. We ask for the minimum access needed to read the catalog, and we publish the exact queries we run so your team can review them before approving anything.

Runs where you need it. For a warehouse behind a firewall, the CLI agent runs the same scan inside your own network, and your credentials never leave your machine.

Encrypted at rest. Saved connections are encrypted with AES-256-GCM, and the key is held outside the database.

Nothing trains a model. Your data is never used to train anything. Only the assessment results, the scores and the metadata they cite, go to the AI provider that writes your fix plan. Row values and credentials never do.

How a MortarIQ scan works: connect read-only metadata-viewer credentials, scan a schema in about a minute, get a prioritized fix plan

If you want the full data path, from your warehouse to where each piece of metadata goes and where it stops, the security page lays it out.

What metadata can and cannot tell you

Precision is the point, so here is the boundary. Metadata tells you whether a column is documented, but not whether the description is accurate. It tells you a table is tagged as containing personal data, but it cannot read the personal data to confirm the tag is complete. Some properties of data quality only show up in the values, and a metadata-only scan does not see them. We would rather say that plainly than pretend a catalog read is the whole story.

This is why MortarIQ produces readiness to produce evidence, never a certification. We map findings to frameworks like the EU AI Act Article 10, NIST AI RMF, ISO/IEC 42001 and 5259, GDPR, SOC 2, and HIPAA, so you can prepare the documentation an auditor or an enterprise buyer will ask for. We do not certify compliance, because no tool can, and any tool that claims to make you compliant in one click is describing something that should end a security review, not pass it. For the compliance angle in depth, see EU AI Act Article 10.

See where your estate stands, without exposing a single row.

Run a read-only, metadata-only scan and get your readiness score in minutes.

Get your readiness score

Frequently asked questions

Does MortarIQ read the data in my tables?

No. MortarIQ reads catalog metadata only: schema, descriptions, data types, freshness timestamps, declared relationships, masking policies, and classification tags. It never runs a SELECT against your tables and never reads a row. The assessment is built from the structure around your data, not the values inside it.

What access does MortarIQ need?

A read-only, metadata-viewer role with the least privilege required to read the catalog. There is no write path. MortarIQ publishes the exact queries it runs so your security team can review them before granting access.

Can MortarIQ scan a warehouse behind a firewall?

Yes. The CLI agent runs the same scan inside your own network, so a private or firewalled warehouse never needs to be exposed. Credentials stay on your machine and are never sent to MortarIQ.

Is my data used to train AI models?

No. Your data is never used to train models. Only the assessment results, the scores and the metadata they cite, are sent to the AI provider that writes your fix plan. Row values and credentials are never sent, and saved connections are encrypted at rest with AES-256-GCM.

Which data warehouses does MortarIQ support?

Google BigQuery, Snowflake, Databricks, PostgreSQL, Amazon Redshift, and Microsoft Fabric, plus the CLI for anything reachable from your own network.

Want to see it before you connect anything? Read a sample readiness report built entirely from metadata.

© MortarIQ
AboutBlogDocsFAQSecurityPrivacyTermsDPA

All product names, logos, and brands are property of their respective owners and are used for identification purposes only.