The gap between experimental AI and production AI is rarely caused by models. It’s an infrastructure problem — specifically, a lack of connected, governed infrastructure that can operate at the agentic enterprise’s new pace of business.
AI agents are redefining the way organizations secure, transform and serve their enterprise data. Data systems built for the cadence of human decision-making must evolve to meet the demands of agents that reason and act continuously across sensitive data at high speed, which means addressing three foundational elements:
Consistently governed data, no matter where it lives
Security designed for autonomous AI
High performance for all workloads
At Summit 2026, Snowflake unveiled a set of capabilities that answer each of these challenges by giving agents the right level of access to well-protected and easily understood data at a speed that allows them to take fast action — and allows you to deploy AI into production with confidence.
A trusted layer of context for AI
Your AI agents are only as good as the data they use for analysis and reasoning. And as agents speed up their queries and take on more autonomous actions, having consistent business logic and definitions across your data estate becomes a critical success factor. The metric "active customers" should return the same number whether it comes from a BI dashboard, a Snowflake Cortex AI agent or an analyst's SQL query. If business logic is scattered across tools and data outside of Snowflake, it may have inconsistent definitions — a semantic fragmentation problem that erodes trust and grows with every new agentic workflow.
Snowflake Horizon Context, a new capability in Snowflake Horizon Catalog, addresses this by embedding business logic into the platform, so every AI agent, BI tool and application inherits the same, consistent definitions. Business metrics, dimensions and relationships are defined once and enforced everywhere, with governance controls inherited automatically at the query engine level.
Unlike bolt-on semantic middleware, there’s no need for manual connections to every tool and query interface; Horizon Context out-of-the-box connectors mine context automatically from query histories, dbt models and BI logs, unlocking institutional knowledge and accelerating creation of semantic models.
You can then automate metadata enrichment with Semantic Studio (private preview) and Snowflake Semantic View Autopilot (generally available) to reduce the manual effort required to build and maintain a context layer. Whether you give Snowflake CoCo a SQL generation task or a higher-level data analysis task, it automatically retrieves the relevant context using Universal Search, a hybrid keyword and semantic search that uses signals like popularity to improve ranking, and access control policies to filter results.
To make the governed semantic foundation portable beyond Snowflake, Horizon Context taps into several Snowflake capabilities:
Out-of-the-box connectors: Connect to tools such as PostgreSQL, Microsoft SQL Server, Tableau, Microsoft Power BI and dbt that allow you to gather rich context — query logs, popularity, schemas and more — from many sources into one searchable catalog.
End-to-end column-level lineage: Lineage is key to understanding how data assets are related to one another. Horizon Context mines lineage information from Snowflake and external database query logs, BI systems and OpenLineage feeds, and stitches it all together to create a complete, end-to-end lineage graph.
Native Open Semantic Interchange (OSI) integration (private preview): Provides a vendor-neutral specification for metrics, dimensions and relationships, so business logic defined in Horizon Context can be read and understood across your ecosystem without translation.
Semantic Studio (private preview): Provides a visual modeling interface for building semantic views without writing SQL, making governance accessible to data teams and business analysts alike.
XMLA Endpoint for Semantic Views powered by AtScale (private preview soon): Will connect Power BI and Excel directly to the semantic layer, so enterprise BI users will be able to work from the same governed definitions as AI agents.
Advanced Semantics (private preview): Supports level-of-detail (LOD) calculations, composable definitions and user-defined materializations with automatic query rewrite.
Get more details about Horizon Context in our blog “Horizon Context: The Governed Context Layer for AI, BI and Apps.”
Along with the release of Horizon Context, Snowflake made enhancements to Horizon Catalog that underscore its role — and ease of use — as a central control plane for governance over your data estate inside and outside of Snowflake.
Just as Snowflake CoWork puts policy, classification and access controls within reach of every user, not just those fluent in SQL, new Intent-Driven Governance (private preview) capabilities convert plain-language templates into active Horizon Catalog policies. Business leaders and data practitioners can approve governance intent without having to learn Snowflake Governance primitives, and Snowflake automatically drives tag-based enforcement — including masking, access controls and data quality — across existing and future objects. The system continuously monitors for drift and generates detailed audit packages, directly tracing live configurations back to the approved human intent. In addition, agentic governance via new Snowflake CoCo skills (generally available) allows users to send natural language prompts to apply policies, fix bugs and monitor sensitive data across disparate resources.
Horizon Catalog now has full secure bidirectional read/write access from external engines (generally available), extending the policies you define in Snowflake universally to Apache Iceberg™ REST-compatible engines. Support for Apache Iceberg REST Scan Planning API (public preview) extends cross-environment enforcement to fine-grained data protections. Together, these capabilities enable customers to work off of a single governed copy of data that is securely accessible by every engine from Day 1, speeding execution for teams and agents by delivering an architecture ready to operate at the agentic enterprise’s pace of business. Learn more about how to securely standardize on a single governed data copy with Snowflake's Interoperable Lakehouse here.
Built-in AI agent security
Traditional access control was designed for humans who operate with known roles, predictable access patterns and auditable sessions. Agents flip the script: They operate continuously at machine speed and scale, and can be manipulated through prompts to act in nonintentional (or nefarious) ways. In many of today’s platforms, agents lack verifiable identity, scoped permissions and clear audit trails. That’s a big barrier to production deployment — in fact, over half the respondents in our “2026 ROI of Gen AI and Agents” report (56%) reported at least one challenge related to governance and compliance.
Snowflake is addressing this challenge head-on with a purpose-built agent security model that extends zero-trust principles to autonomous actors. Agent Identity (public preview) gives every agent a cryptographically verified identity before it accesses data in production. This new context supports auditability, creating a full chain of custody that can address the traceability requirements of compliance frameworks in highly regulated industries such as financial services, healthcare and the public sector.
Using these purpose-built controls to govern agent identity and interactions, you can scale AI agents and apps with greater confidence, knowing they are benefiting from Snowflake’s native security capabilities. That foundation is further reinforced by a defense-in-depth stack addressing some of the largest hurdles that stall AI projects:
Secure access for agents
AI Security Posture Management (public preview) supports continuous monitoring of agentic security posture, delivered through Snowflake Trust Center, with proactive anomaly detection across agent behavior.
Enterprise-grade defense-in-depth for your data estate
Prompt Injection Protection Phase 2 (generally available) provides LLM-driven, near real-time detection of zero-day injection and jailbreak attempts — a capability frequently requested in enterprise AI security evaluations.
Data Movement Policies (private preview) include platform-layer controls that help prevent unauthorized data exfiltration through agentic workflows and API connections, regardless of which tool initiates the transfer.
Multi-Party Approval (public preview) delivers “four-eyes” authorization that gates the highest-risk operations behind an explicit approval step before execution.
Data Exfiltration Trust Center Package (private preview) and Ransomware Protection monitor for common vectors for large-scale data compromise, including excessive data downloads via UI and anomaly detections that target unusual data transfer to internal and external stages.
Simplify user access to agents
Just-in-Time User Provisioning and Request Access Workflow (both in private preview) deliver tight controls over how identities receive access in the first place, reducing standing privilege across the platform.
For more details about Snowflake AI security enhancements, read our blog “Defending Your Enterprise at the Speed of AI.”
Governance and high performance, without trade-offs
Agents don’t tolerate delays. Any data access slowdown puts constraints on what autonomous agents can do, which may drive teams to push latency-sensitive workloads off governed platforms in favor of high performance. This workaround may reduce delays, but it also creates a separate infrastructure management burden — and increases governance risk.
New enhancements to the Snowflake compute portfolio are designed to make these trade-offs a thing of the past by delivering high performance for all your AI and data workloads while maintaining consistent governance and significantly reducing operational overhead. The result: Your teams can focus on strategic work instead of manual maintenance tasks.
Snowflake Adaptive Compute (generally available soon) addresses a core operational challenge of the fast-changing AI landscape: how to balance performance, ease of use and scalability when workloads are becoming more varied and less predictable.
Warehouses created using Adaptive Compute, known as Adaptive Warehouses, provide workload-aware compute that dynamically adjusts to demand without requiring manual sizing, cluster management or capacity planning. Snowflake handles the resource allocation and scaling and query routing against a shared pool of compute in your account, so configuration decisions that previously required dedicated tuning cycles can now happen continuously, without human action. That can substantially reduce operational overhead, especially for teams managing compute across multiple business units.
High performance remains a hallmark. Adaptive Compute incorporates the latest hardware and performance enhancements, demonstrating meaningful performance gains (based on TPC-DS and internal benchmarks) over standard Snowflake compute, both Gen1 and Gen2, across workloads:1
- Up to 1.6x faster for analytical workloads, such as exploratory analytics, data science and ad hoc analytics
- Up to 2.2x higher throughput (queries/hour) for highly concurrent operational analytics workloads
- Up to 3.5x faster execution for DML-heavy workloads such as data transformations, ingestion and data pipelines
Learn more about what makes Adaptive Compute different in our blog “Adaptive Compute Delivers High Performance That Evolves with Your Workloads.”
For workloads requiring near real-time data freshness alongside high analytical query performance, Interactive Analytics delivers streaming capabilities that previously required a separate infrastructure stack. Streaming Ingestion (in private preview) brings continuously ingested data into Interactive Tables with subsecond freshness and query performance with 1,000+ QPS concurrency, all within Snowflake's governance perimeter.2
Two additional releases bring this same performance and simplicity to transactional workloads. Postgres Data Mirroring (public preview soon) automatically replicates data from Snowflake Postgres to Snowflake Analytics, allowing teams to eliminate complex ETL and the glue code previously required to connect these two systems. You can get started in minutes by doing configurations through CoCo, Snowsight UI or SQL: just set it up and let your data flow seamlessly. And Hybrid Tables also see dramatic performance gains (based on internal benchmarks): up to 8x throughput improvement3 and 10x faster batch writes,4 alongside a cost efficiency improvement of 15% on average.5 This breakthrough allows customers to run more demanding workloads without needing to add an extra database.
For organizations operating these capabilities at scale, Snowflake Well-Architected Framework (WAF) standardizes best practices and guardrails to support a unified, enterprise-grade operating model for data and AI workloads. Team members can now access WAF through CoCo as a natural language skill. Team members can assess their architecture against the framework's pillars, identify gaps and implement best practices without specialized knowledge of every configuration surface in the platform.
Deploy enterprise AI with confidence
Snowflake’s new and enhanced capabilities underscore the value of a connected approach to context, governance and security that’s underpinned by scalable high performance that can intelligently respond to the dynamic nature of AI workloads. It’s a trusted architecture that moves enterprise AI from controlled pilots to production systems that organizations can depend on.
To learn more, please visit these resources:
Explore Horizon Context and other Horizon Catalog enhancements
Find out why context is key for trusted data agents
Learn about AI security at the Snowflake Security Hub and Trust Center
Check out the Adaptive Compute page and attend the Adaptive Warehouse session at Snowflake Summit 2026 on Wednesday, June 3, at 12:30 p.m. PDT
Discover the value of unifying workloads in our “Essential Guide to Transactional, Analytical and Hybrid Data”
Get details on the Well-Architected Framework
1 Measured against a combination of industry standard (TPC-DS) and homegrown benchmarks and compares Standard Gen1 instances to Adaptive Warehouses. Results measured in production deployment, using only publicly available customer-facing capabilities in May 2026.
2 Performance results based on interactive analytics workloads measured in January 2026 using a small interactive warehouse configuration.
3 Data based on benchmarks run using the Yahoo Cloud Serving Benchmark (YCSB) with a 100% read workload on Gen2 XS warehouse.
4 Data based on internal benchmarks for loading 50 GB into Hybrid Tables using a 2X-Large warehouse.
5 Data based on Snowflake estimates of average cost savings across customers, measured on real-world production credit consumption in February 2026.
This content contains forward-looking statements, including about our future product offerings, and are not commitments to deliver any product offerings. Actual results and offerings may differ and are subject to known and unknown risk and uncertainties. See our latest 10-Q for more information.
