Defending Your Enterprise at the Speed of AI

The shift toward autonomous AI agents with the power to carry out critical business decisions is accelerating innovation, but it is also amplifying security risks across your data and AI estate. A recent Snowflake report reveals that 96% of businesses continue to struggle with critical hurdles, including data quality, skills gaps and legacy system integration. 

To successfully move AI projects into production, securing data is nonnegotiable. It requires careful consideration of how AI agents interact with your data and measures to defend against malicious prompt injections. Security leaders must constantly ask: "Is our platform built to govern production-grade AI and can it defend our enterprise at the speed of AI?"

At Snowflake, we are committed to providing native, proactive, enterprise-grade security capabilities for all your data and AI workloads. Our approach is designed to provide security leaders and platform architects/administrators the confidence they need to deploy agentic applications at scale while maintaining data integrity and supporting regulatory compliance.

Last week, we announced the intent to acquire Natoma to bring governed model context protocol (MCP) access to the enterprise. At Summit 2026, we’re announcing many enhancements to our security portfolio that focus on three core areas, all of which are vital to AI success and business growth:

• Agent security for managing agent identity and AI posture, including prompt injection protection 

• Data security focusing on sensitive data protection, data exfiltration protection and ransomware prevention

• Platform-level security with features like single sign-on (SSO)/provisioning, role-based access control (RBAC)/ABAC authorization and network security

Our AI security features complement and support Snowflake Horizon Catalog, which serves as a central control plane for consistent context, security and governance for AI over all your data, both inside and outside of Snowflake.

Let’s take a look at our latest innovations and how they help you deploy enterprise-grade AI agents securely by delivering AI-ready access controls, management capabilities and defense-in-depth for your entire data estate.

Controls to secure access for your agents

Agentic security requires a new set of security controls. When an agent oversteps its bounds due to a malicious prompt or a misconfiguration, the result can be catastrophic. We are introducing purpose-built controls to govern agent identity and interaction.

Agent Identity

Agent Identity (public preview) provides a recognizable, distinct signal that identifies actions performed by an AI agent on behalf of a user. This new context is what enables auditability, where every action taken by the agent is explicitly tagged and near real-time restriction on agent access to sensitive data.

We are scaling our latest security capabilities to third-party agents across the security ecosystem, empowering them to deliver advanced security solutions with Snowflake. 

Horizon AI Guardrails

Prompt injection has become one of the defining LLM security challenges. Adversaries craft inputs that override a model’s system instructions, allowing them to extract sensitive information or trigger unintended actions. Horizon AI Guardrails (generally available) offer a zero-day style prompt injection defense layer, integrated into the Horizon Catalog.

CoCo CLI Sandbox

When AI systems run code, a sandbox is essential to block data exfiltration and malicious code execution. CoCo CLI Sandbox (private preview) provides client-side isolation. This sandbox mitigates the risk of data exfiltration and malicious actions, enforcing strong isolation and resource limits for agent tools. 

Simplifying end user access 

To enable frictionless and secure scale of applications, we are simplifying user access and onboarding flows with Just-in-Time user provisioning and builder-initiated Request Access Workflows (both in private preview). Additionally, end users and administrators can now quickly resolve access control errors with guided, conversational troubleshooting using the Access Troubleshooter skill in CoCo.

Defense in depth for your AI data estate

AI's need for consistent access to data resources increases and accelerates the volume of demands for data access, making the risk of unauthorized data movement a top concern. Snowflake helps protect the entire AI data estate with layered, enterprise-grade protections designed to support the security demands of most regulated environments by targeting data residency, resilience and advanced threat vectors like ransomware and sophisticated data exfiltration attempts.

Data exfiltration protection

Snowflake offers a multi-layered approach to help defend against data exfiltration before it happens. Data Movement Policies (private preview) are designed to prevent configured data movement from Snowflake agents to outside the Snowflake trust boundary. They provide the necessary granular controls to protect sensitive data from unauthorized movement.

We are also delivering a new Data Exfiltration Detection (private preview) package via Snowflake Trust Center. These packages include anomaly detections that target unusual data transfer to internal and external stages, excessive data downloads via UI, and sensitive data fetch via an agent.

These detections are managed and triaged centrally via the Trust Center, supported by a comprehensive intelligence layer for monitoring and identifying unusual data movements across accounts, regions and networks.

Ransomware protection

Modern cyber threats require mitigation that goes beyond basic perimeter defense. The Snowflake platform is built to withstand destructive deletions and sophisticated ransomware attacks. Multi-Party Approval (MPA) (private preview) directly mitigates the risk of insider attacks and accidental destructive actions by enforcing a “four-eyes” rule (meaning it requires two authorized administrators to approve) on critical security-sensitive operations. It’s an important feature for regulated businesses looking to mitigate threats like excessive data destruction and unusual disabling of resilience controls.

For enhanced control, you can combine MPA with Tri-Secret Secure (TSS), enabling you to secure your AI data estate using encryption that combines Snowflake-managed keys and customer-managed keys.

Snowflake Backups, introduced earlier this year, provide a mechanism to capture immutable point-in-time backup of data and help to protect it from being altered or deleted by a threat actor — even one holding ORGADMIN or ACCOUNTADMIN privileges. This helps you make a clean recovery from ransomware, malicious DROP/DELETE or accidental corruption. 

To complement Backups, Snowflake is also enhancing its account replication approach with a new high-performance engine that enables customers to more consistently support stringent recovery point objective (RPO) needs for mission-critical workloads. This provides resilience against outages while enabling your security and governance policies to stay in sync across regions.

Security management for a trusted AI foundation

Snowflake’s latest enhancement makes security management simpler and more proactive, leveraging the power of AI to secure the platform itself and providing continuous visibility into your security posture.

AI security posture management

Security configuration requires continuous oversight. We are evolving Snowflake Trust Center into a premier in-product AI security (public preview) and compliance solution. Trust Center serves as a centralized AI security posture management platform. It provides a single pane of glass for security, compliance and governance, displaying findings from Snowflake, third-party vendors or your own custom detections.

By leveraging AI-guided security posture management, you can continuously detect, prioritize and remediate risks and misconfigurations with minimal setup. This includes proactive protections like malicious IP and leaked password detection to defend against account compromise and provide continuous monitoring and protection for your AI data estate.

Simplified security management via Snowflake CoCo skills

We are leveraging AI for security management, transitioning from manual, reactive defense to a proactive agentic posture. This is achieved by simplifying security management through out-of-the-box CoCo skills. CoCo skills empower security administrators to get more done by simply asking a question — no SQL knowledge required. Instead of navigating complex UIs or running manual scripts, you can use natural language to run critical security workflows. Currently available CoCo security skills include:

• Permissions analysis

• Security remediation

• Role hierarchies

• Network security

• Key and secret management

Innovation at the speed of trust

Capitalizing on the agentic era’s opportunities demands a robust security foundation. You can confidently deploy AI agents and innovate at scale by adopting a proactive, AI-ready security posture with enterprise-grade capabilities that are built in, not bolted on. As AI agents gain autonomy, Snowflake’s holistic platform helps ensure that they are bound by centrally managed data policies and advanced, AI-native defenses to help maintain the security and integrity of your most sensitive data.

Learn more about Snowflake solutions for AI security  

Start your AI transformation journey by trying Snowflake for yourself, and check out these resources for more details and next steps: 

• Learn about AI security at the Snowflake Security Hub 

• Get started with Snowflake Trust Center 

• Overview of Access Control

• Overview of AI Guardrails 

• How to simplify security with CoCo

• Learn about Snowflake’s new strong authentication hub

• Learn more about AI agent backup protection

This content contains forward-looking statements, including about our future product offerings, and are not commitments to deliver any product offerings. Actual results and offerings may differ and are subject to known and unknown risk and uncertainties. See our latest 10-Q for more information.