That's true, you could implement this through a couple options:
Check the SQL query returned from the AI for keywords like "Drop" or "Delete" and don't run it if it contains those
Make sure the user you're connecting to the DB only has read permissions
You'd probably want to implement both actually, so that you don't have to rely on authentication exceptions.
If the AI is asked to create a Delete or Update SQL Statement, It may be best to not run directly.