Reduce Risk and Time: Scaling Trust with Agentic AI

Maintaining security and compliance and reducing risk across Snowflake accounts is a continuous effort. The Snowflake Trust Center already streamlines the surfacing of security findings — the harder part is remediating them quickly and accurately, without increasing alert fatigue. Cortex Code now closes that gap with AI-guided remediation for Trust Center violations.

This blog post shows you how to:

• Get personalized, context-aware guidance for investigating Trust Center violations
• Remediate security risks faster through conversational interactions
• Track the full lifecycle of security findings directly in the Snowsight interface

Background: Trust Center findings and violations

Trust Center is Snowflake's centralized hub for monitoring and remediating security, compliance, privacy and governance risks. It continuously evaluates your accounts against predefined recommendations specified in scanners. When a scanner identifies a configuration that deviates from best practices, it generates a finding. A finding that represents a mitigatable risk is called a violation.

Until now, remediating violations required teams to manually interpret in-product instructions, understand the organizational context and execute remediation actions — a process that created friction and delayed resolution, especially for time- or resource-constrained admins.

Cortex Code: A conversational agent for remediation

Cortex Code, the AI coding agent for your data stack, now acts as a security agent. It delivers AI-guided remediation for Trust Center violations directly within Cortex Code for Snowsight, SnowWork or Cortex Code CLI.

When you encounter a violation in the Trust Center, you can launch a conversational chat with Cortex Code. It customizes the guidance based on the specific entities and configurations involved in your account. This reduces guesswork and the risk of misconfiguration — which is particularly valuable for admins who have been hesitant to act without first consulting data stewards.

Interactive, iterative remediation

Cortex Code doesn't present just a single instruction. Through a conversational flow, you can:

• Ask follow-up questions about a violation's impact and dependencies
• Request alternative approaches if the initial suggestion doesn't fit your policies
• Generate SQL statements for the recommended actions

Figure 2: Conversational flow.

Confident review and execution

The current Trust Center experience lets you run generated SQL straight from the interface while keeping you firmly in the driver's seat, empowering you to review changes against your own internal security processes and standards. We are evolving the Trust Center toward agentic posture management — where your stack may eventually self-remediate.

Streamlined finding management

Beyond AI-guided remediation, we've enhanced the Snowsight experience with simplified lifecycle actions for tracking, collaborating and progress reporting.

• One-click mute: Silence notifications for findings already being addressed or triaged as not applicable. Muted findings do not generate notifications, even if the scanner re-runs and updates the at-risk entities.¹
• Evidence and comments: Add context, external URLs or Jira tickets, or ownership details directly on a finding to build the audit trail required by compliance teams.

With these improvements, platform and security admins can:

• Remediate findings using Cortex Code or manual steps
• Change the finding state (for example, open → muted) to focus on what matters
• Add or edit comments for context and ownership tracking

Future releases will add support for changing severity and managing findings lifecycle across the organization via Org 2.0. The org account already aggregates and provides findings metadata across all your accounts.

Note: Currently, lifecycle management applies only to violation findings. Detection findings represent past events and are primarily investigatory; they may not have direct remediation steps. For now, you can still use Cortex Code to investigate detections and plan steps. A detection and lifecycle management experience is planned for a future release.

Bonus: Instant security posture reporting and configuration

Open Cortex Code chat and ask it to:

• Summarize the current Trust Center security posture
• Detail new violations reported in the last 30 days
• List all remediated violations over the past 90 days
• List the most common at-risk users or entities across all findings
• Help improve identity posture by addressing MFA findings
• Set up findings notification integrations

This turns a complex reporting task into a natural-language query, providing immediate visibility for executive reviews or compliance audits.