AUSTIN, Texas--(BUSINESS WIRE)--Mar 11, 2026--
Liquibase, the leader in Database Change Governance, today released the 2026 State of Database Change Governance Report, new research on how enterprises are managing database change as AI becomes embedded across production systems, analytics, and delivery pipelines. The report finds that AI interaction with enterprise databases is now widespread, while governance automation and consistent enforcement have not kept pace with the speed and scale of change.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260311497754/en/
Methodology: Survey findings are based on a 2026 Liquibase survey of 426 respondents across its global community, reported in aggregate. The report also includes anonymized product telemetry observations from tens of thousands of database and data platform installations across Liquibase Secure customers and Liquibase Community users.
For CIOs, the issue is not that AI touches production data. The issue is whether the organization can prove control at the database layer when change is frequent, environments are heterogeneous, and AI introduces new pathways for change and access. At AI scale, manual governance struggles to keep up. That is where risk compounds and then surfaces as data quality failures, audit friction, and outcomes leaders cannot explain.
“AI raises the standard for control. It adds new automation and new actors, and it does it right where trust is won or lost: the database,” said Pete Pickerill, Co founder, Liquibase. “If governance isn’t enforced and measurable, you’re operating with an unmanaged risk surface. The result is data quality issues, audit friction, and outcomes leaders can’t explain. This report maps the gap and the practical path teams are taking to close it.”
Key findings from the 2026 survey
AI interaction: 96.5% of respondents report at least one AI or LLM interaction with their production databases, including analytics and reporting, training pipelines, internal copilots, and AI-generated SQL.
Change velocity: 68.1% deploy database changes weekly or faster, including 10.8% deploying multiple times per day and 18.8% deploying daily.
AI-era risk: 64.3% cite data quality issues as a top AI-related risk, and 46.5% cite ungoverned AI-generated SQL as a key concern.
Estate complexity: Organizations report an average of five database and data platform types, and 29.1% manage ten or more database types.
Governance gap: Only 28.1% report database change governance that is standardized and consistently enforced, while 42.3% remain at Ad hoc or Emerging. Only 7.7% report fully automated governance using policy as code with real-time enforcement.
Why this matters now
The report highlights a widening operating gap. Enterprises are shipping database change continuously across diverse platforms, while governance often depends on documentation, manual review, and fragmented evidence. In an AI era, those approaches do not scale. As AI automations and AI-generated changes increase, the cost of inconsistent enforcement rises, and the blast radius of a single unmanaged change expands across downstream analytics and AI systems.
Audit pressure compounds the challenge. The report finds 95.3% of respondents undergo multiple compliance or database audits per year, with more than one in five facing seven or more audits annually.
What Liquibase Secure customer behavior shows at AI scale
(Based on anonymized Liquibase Secure product telemetry, separate from the survey results.)
Governance is the default: 99.25% of Liquibase Secure sessions run with governance enabled, a necessary baseline as AI increases the volume of proposed change.
Standardization enables automation: Nearly 86% of observed changelog activity is in XML and YAML, supporting machine-readable change definitions that AI-scale delivery can validate and enforce.
Controls must exist before CI: About 90% of sessions run outside CI, reinforcing that as AI accelerates change, governance has to shift left into the developer workflow.
Adoption starts with proof: Reporting is among the most exercised capabilities, reflecting early demand for audit-ready traceability as AI makes decisions harder to defend without evidence.
A practical roadmap and scorecard for CIOs
Beyond the survey findings, the report provides a staged operating model for moving from ad hoc database change to standardized, enforced, and observable governance, without slowing delivery. It also introduces a CIO-ready scorecard that pairs reliability metrics (MTTD and MTTR) with coverage metrics for automated controls, audit evidence, and AI-governed change, so leaders can measure progress and risk reduction over time.
Availability
The 2026 State of Database Change Governance Report is available now.
About Liquibase
Liquibase empowers teams to deliver mission-critical applications, data products, and AI initiatives by automating and governing database change. We are the company behind Liquibase Community, a project with deep open-source roots that has been downloaded more than 100 million times and is trusted by thousands of teams worldwide.
Liquibase Secure, built on that proven community foundation, is the only enterprise platform that unifies DevOps, security, and compliance at the database layer. It enables organizations to deliver applications and data products with velocity, safety, and confidence. Trusted by the world’s most innovative and highly regulated enterprises, Liquibase Secure powers the last mile of application and data delivery.
Learn more at www.liquibase.com. Follow us on LinkedIn and X.
Most AI risk discussions focus on models, but this survey shows that the real exposure lies in the data and schema layer. Nearly two-thirds of respondents cited data quality issues, almost half worried about ungoverned AI-generated SQL, and many flagged regulatory non-compliance and schema drift disrupting pipelines. Database change governance directly targets these problems by validating changes early, enforcing consistent standards across platforms, and generating evidence as part of routine delivery. Without these controls in place, confidence in truly “AI-ready” schemas remains limited.
Long security lines snaked into baggage claim areas and parking garages at some U.S. airports this weekend, a possible indicator of more widespread travel problems as the latest government shutdown drags on.
That kind of disruption, while not yet widespread, is not a concern that typically surfaces at San Francisco International Airport, the largest of nearly two dozen U.S. airports where screening checkpoints are staffed by private contractors under a little-used federal program that allows airports to outsource security screenings while maintaining TSA oversight.
Because contractors' pay comes from a federal contract, it often continues even when the government shuts down.
“The money’s already been allocated, the payments have already been made, and that continues without interruption,” SFO spokesperson Doug Yakel told The Associated Press. “That is a very nice place to be.”
The contrast draws attention to a long-running debate in the aviation industry: Can private contractors operating under TSA oversight provide a stopgap — and shield airport security operations from the political impasses that can disrupt U.S. air travel?
Some aviation experts see the TSA screening program as a potential model for keeping security lines moving with fewer disruptions during shutdowns. At SFO, that system helped maintain screening operations during last year's record 43-day shutdown, Yakel said.
But critics caution that privatization is not a silver bullet and could introduce new risks. The union representing federal screeners argues that moving operations to private companies could erode job protections and reduce pay and benefits for workers already facing high turnover amid demanding conditions.
Established in 2004, TSA’s screening partnership program allows airports to use private security companies chosen by the federal government to run checkpoints while TSA retains authority over procedures and oversight. The agency says private screeners receive the same security background checks as their federal counterparts.
The program “provides needed relief to staffing shortages brought on by a government shutdown," TSA said in a statement to AP.
In addition to SFO, other participating airports include Kansas City International Airport, Atlantic City International Airport and Orlando Sanford International Airport.
The vast majority of the nation’s roughly 400 commercial airports, meanwhile, rely on federal screening officers employed directly by TSA. During shutdowns, those workers must continue reporting for duty even though they stop getting paid — a dynamic that has historically led to higher absenteeism and slower-moving checkpoints the longer a shutdown lasts.
The current partial shutdown affects only the Department of Homeland Security, which includes TSA. Democrats in Congress refused to fund the department over objections to its immigration enforcement tactics. The lapse marks the third shutdown in less than a year to leave TSA workers temporarily without pay — and once the government reopens, to have to wait for backpay.
Those disruptions can ripple through the travel system, cascading problems across already crowded flight schedules. The strain is especially acute this time of year as airlines and airports brace for what they expect will be one of the busiest spring break travel seasons on record.
Aviation security expert Sheldon Jacobson, whose research contributed to the design of TSA PreCheck, said the program’s success at SFO, a large international airport, shows that privatization “is something that needs to be explored.”
SFO is among the top 15 busiest airports in the U.S. when measured by passenger traffic. A major hub for international travel, it is the second-busiest airport in California behind Los Angeles International Airport.
“It’s operated just as well as any other airport,” Jacobson said, adding that SFO’s multiple concourses and status as a hub for United Airlines demonstrate that even large-scale operations can be managed effectively under this model. “If SFO is the litmus test for delivering this privatized product, then many other airports can do it, too.”
Jacobson noted that most airports currently using the program are smaller, but “the scale issue should not be a limiting factor,” and he called for a broader conversation on how such options could deliver government services efficiently and benefit travelers.
“Of course TSA would have oversight. It’s not like they’re freewheeling on their own,” he said of privately contracted screeners. “We might as well use a government shutdown that affects air travel as an opportunity to begin that discussion.”
The American Federation of Government Employees, which represents TSA officers, has long opposed privatization.
“We will never advocate for any privatization of any federal employees. We don’t believe that’ll work,” Johnny Jones, secretary-treasurer of the TSA union’s bargaining unit, said in a brief phone call this week.
In a blog post on its website, the union argues it could weaken accountability for aviation security — one of the reasons Congress chose to federalize airport screening after the Sept. 11 attacks.
The union also warned that private companies could face pressure to cut costs in ways that affect training, staffing levels and employee benefits. Relying on contractors, the union says, could create inconsistencies between airports if different companies operate checkpoints across the country, potentially complicating oversight of a system designed to maintain uniform national security standards.
“We have to remember the TSA was created in the wake of 9/11 when there were no security standards or very minimal security standards,” said airline industry analyst Henry Harteveldt, president of Atmosphere Research Group. “The TSA came around, they established very stringent airport screening security requirements, which exist to this day.”
Others say there are simpler ways to address the shutdown problem.
Industry groups — including the U.S. Travel Association, Airlines for America and the American Association of Airport Executives — are urging Congress to pass legislation that would ensure aviation workers are paid regardless of the government's funding status.
“Every time Washington fails to fund the government, these essential workers pay the price. So do travelers. So does the economy,” Geoff Freeman, U.S. Travel Association's president, said in a statement. “That is why America’s travel industry has come together, because this workforce is too important, and the stakes are too high, for this to keep happening.”
Republican lawmakers have pushed in recent years to dismantle the agency entirely. Last year, two GOP senators introduced the “Abolish TSA Act,” which would phase out the agency and transfer oversight to a new office charged with aviation security. Supporters of the long-shot legislation say privatized screening could be more efficient and less vulnerable to shutdowns.
TSA leadership has signaled an openness to discussion. Speaking at a House Appropriations subcommittee hearing last year, Ha Nguyen McNeill, a senior official performing the duties of TSA administrator, said “nothing is off the table” regarding potential privatization.
“If a new privatization scheme makes sense, then we’re happy to have that discussion to see what we can come up with,” McNeill said. “It's not an all-or-nothing game.”
At SFO, officials say its screening model was adopted more than 20 years ago for reasons unrelated to government shutdowns. But with shutdowns in recent years growing longer and more disruptive, the airport says its arrangement has revealed an unintended benefit: fewer staffing disruptions at checkpoints.
“The benefits, I think, are compelling,” Harteveldt said. “The real issue is making sure that any vendor, any partner to the TSA, upholds the strict standards that TSA has established and works with TSA to ensure that screening remains efficient and finds ways to make it even better.”
Associated Press video journalist Haven Daley contributed from San Francisco.
A Covenant Aviation Security Private Security Services agent checks in a passenger at a security gate at San Francisco International Airport in San Francisco, Friday, Feb. 27, 2026. (AP Photo/Jeff Chiu)
Covenant Aviation Security Private Security Services agents check in passengers at a security gate at San Francisco International Airport in San Francisco, Friday, Feb. 27, 2026. (AP Photo/Jeff Chiu)
A Covenant Aviation Security Private Security Services agent checks the identifcation of a passenger at a security gate at San Francisco International Airport in San Francisco, Friday, Feb. 27, 2026. (AP Photo/Jeff Chiu)
Covenant Aviation Security Private Security Services agents check in passengers at a security gate at San Francisco International Airport in San Francisco, Friday, Feb. 27, 2026. (AP Photo/Jeff Chiu)
A Covenant Aviation Security Private Security Services patch is shown on an agent at San Francisco International Airport in San Francisco, Friday, Feb. 27, 2026. (AP Photo/Jeff Chiu)
