Snowflake to Acquire Natoma to Bring Governed Agentic Access to the Enterprise

The promise of AI agents is compelling: systems that no longer just answer questions, but make decisions and take actions on your behalf, across every application, inbox and workflow your business runs on. 

For individuals, this is already a productivity force multiplier. For enterprises, the need for strong governance and security has made that vision feel unattainable.

In practice, the people who are experiencing that magic today are mostly doing it outside of IT's purview. They've been connecting their own model context protocol (MCP) servers and plugging agents into data sources without approval, creating exactly the kind of shadow AI risk that keeps CISOs up at night: proprietary data potentially flowing to unvetted models or agents accessing systems they should not access. 

Agents behave differently than human users. They can explore paths, call APIs and attempt workflows in ways that require clear boundaries and oversight.

Enterprises need a way to give their people the magic of agentic productivity while maintaining a single point of control over what those agents can access and do. 

That's why today we announced our intent to acquire Natoma.

Why Snowflake and why Natoma

For more than 13,300 enterprise customers, Snowflake has long been where they manage their most critical data because they trust the policy enforcement, security and access controls engrained in our platform. Now, as AI agents become capable of acting on that data, not just querying it, we're bringing the same rigor to how those agents operate. 

Natoma addresses this directly. 

Their platform is a centralized MCP gateway that enforces identity, policy and audit at the tool-call level. For actions routed through Natoma, the platform provides visibility into who requested the action, what permissions they have and whether the action is allowed. This extends accountability to the new surface area of actions, tool calls and cross-application workflows. Following close, the integration of Natoma's capabilities into Snowflake will enable customers to connect Cortex Agents to the enterprise applications they use daily, securely and at scale.

Beyond the technology, the team behind Natoma has built and sold companies to Okta and Google and brings deep expertise in identity governance. They move fast, they understand compliance and they've built a product that balances usability for non-technical users with the governance and control expectations of enterprise security teams. 

What this will mean for Snowflake customers

With Natoma’s capabilities Snowflake’s AI agents come alive. It brings one of the key elements of the agentic enterprise, the enterprise applications your teams consistently rely on, into Snowflake's control plane.

After integration, Cortex Code and Snowflake Intelligence will become a single interface for getting your daily work done. Summarize your calendar, send emails, open tickets, find that document buried somewhere across your file storage, update a CRM record, query your enterprise data, all from one place, with governance and security controls built in. All the granular controls over who can do what, per tool and per action, will be easier to deploy and manage across organizations.

And all of that context flowing in from your enterprise applications enriches the Snowflake data you already trust, fueling smarter AI actions with richer organizational context. Snowflake becomes the foundation for data and action workflows, with the right governance and controls in place.

Internally, we've already been living this. We deployed Natoma across our organization, and the results have been immediate: it summarizes my unread emails, searches across Slack and Google Drive when I can't remember where something was shared and surfaces what I need without context-switching across five different tools.

But experiences like that only work at enterprise scale if they come with the right security model behind them. The more capable agents become, the more identity matters.

Setting boundaries without slowing anyone down

I think about agent identity in a specific way. It's like giving your credit card to an intern and saying "go handle this for me," but with the ability to set a spending limit and restrict exactly which stores they can visit. Agent identity provides accountability and boundaries for systems that are genuinely creative at exploring paths, ensuring they stay within the boundaries you intended.

The end state, once Natoma is fully integrated, should feel invisible to the user. An admin flips a switch, and their people don't have to do anything differently. They simply notice that the AI tools they're already using can suddenly access far more information on their behalf, all within a governed environment. The security team isn't blocking access; they're enabling it. 

That's security becoming an enabler, rather than a blocker. That's the standard we're building toward, and Natoma is the next major step.

This is just the beginning

This intended acquisition continues the work we started with AI Guardrails prompt injection protection earlier this year: building toward a broader portfolio for secure enterprise AI that protects and enables at the same time.

To the Natoma team, I visited your Boston office recently and came away impressed by a group of people who care deeply about user experience, move with real urgency and fit seamlessly into how we work. I'm looking forward to closing this acquisition and seeing what we can build together, and I'm excited for our customers to experience what you've created.

More to share at Snowflake Summit 26. Stay tuned.

Closing of this acquisition is subject to customary closing conditions.

_{Forward-Looking Statements}

_{This post relates to a pending acquisition of Natoma by Snowflake. This release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, regarding the anticipated benefits of the acquisition, and the anticipated impacts of the acquisition on our business, products, financial results, and other aspects of our and Natoma’s operations. These forward-looking statements are subject to known and unknown risks, uncertainties, assumptions, and other factors that may cause actual results or outcomes to be materially different from any future results or outcomes expressed or implied by the forward-looking statements. These risks, uncertainties, assumptions, and other factors include, but are not limited to: the effect of the announcement of the acquisition on the ability of Snowflake or Natoma to retain key personnel or maintain relationships with customers, vendors, developers, community members, and other business partners; risks that the acquisition disrupts current plans and operations; the ability of the parties to consummate the acquisition on a timely basis or at all; the satisfaction of the conditions precedent to consummation of the acquisition; our ability to successfully integrate Natoma’s operations; our and Natoma’s ability to execute on our business strategies relating to the acquisition and realize expected benefits and synergies; and our ability to compete effectively, including in response to actions our competitors may take following announcement of the acquisition. Further information on these and additional risks, uncertainties, and other factors that could cause actual outcomes and results to differ materially from those included in or contemplated by the forward-looking statements contained in this release are included under the caption “Risk Factors” and elsewhere in our Quarterly Reports on Form 10-Q, Annual Reports on Form 10-K, and subsequent filings and reports we make with the Securities and Exchange Commission from time to time. Moreover, both we and Natoma operate in a very competitive and rapidly changing environment, and new risks may emerge from time to time. It is not possible for us to predict all risks, nor can we assess the impact of all factors on our business or the acquisition, or the extent to which any factor, or combination of factors, may cause actual results or outcomes to differ materially from those contained in any forward-looking statements we may make. Forward-looking statements speak only as of the date the statements are made and are based on information available to us at the time those statements are made and/or our management's good faith belief as of that time with respect to future events. Except as required by law, we undertake no obligation, and do not intend, to update these forward-looking statements to reflect events that occur or circumstances that exist after the date on which they were made.}