Delete entities from a collection based on filter expression. Args: collection_name: Name of collection filter_expr: Filter expression to select entities to delete
AI agents call milvus_delete_entities to permanently remove resources in MCP Server for Milvus — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
The tool permanently removes data from a Milvus collection based on specified filters. This is an irreversible destructive action that cannot be undone. While severity is not critical (since it's scoped to a single collection and requires a filter expression), the blast radius is significant if an AI agent constructs an overly broad filter or misunderstands the scope, potentially deleting large amounts of vector…
From the tool's definition Tool name contains 'delete' and description states 'Delete entities from a collection based on filter expression.' This is an irreversible data deletion operation.
Documented attack patterns abuse exactly the kind of access milvus_delete_entities gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Server for Milvus, and nothing reaches the server without passing your rules. This is the rule we recommend for milvus_delete_entities:
{
"version": "1",
"default": "deny",
"hide": [
"milvus_delete_entities"
]
}milvus_delete_entities disappears from the agent's tool list entirely, and any attempt to call it is denied. The rest of the server keeps working.
Free to start. No card required.
Delete entities from a collection based on filter expression. Args: collection_name: Name of collection filter_expr: Filter expression to select entities to delete. It is categorised as a Destructive tool in the MCP Server for Milvus MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the MCP Server for Milvus MCP server in PolicyLayer and add a rule for milvus_delete_entities: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches MCP Server for Milvus. Nothing to install.
milvus_delete_entities is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the milvus_delete_entities rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for milvus_delete_entities. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
milvus_delete_entities is provided by the MCP Server for Milvus MCP server (zilliztech/mcp-server-milvus). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 14 MCP Server for Milvus tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
14 MCP Server for Milvus tools catalogued and risk-classified — across an index of 42,500+ MCP servers.