Introducing Akto + Snowflake: Secure and Govern Cortex AI Agents

Snowflake is no longer just a data warehouse. It's becoming the platform where enterprises build, deploy, and run AI agents.

With Snowflake’s Cortex, teams can now build agents that query structured data, run sentiment analysis, generate content, translate text, and orchestrate multi-step workflows - all from within Snowflake.

Snowflake's $200 million partnership with OpenAI has further accelerated this, bringing frontier LLMs directly into the platform. Over 9,100 customer accounts are already using Snowflake AI capabilities, and Snowflake Intelligence crossed 2,500 accounts within its first three months alone.

This is exactly the kind of rapid adoption that creates security blind spots.

Cortex AI agents interact with production data, call external APIs, and execute autonomously. They inherit permissions, access sensitive tables, and generate outputs that flow into downstream systems.

If something goes wrong, a misconfigured agent, a prompt injection, or an unintended data exposure, security teams need to know. And right now, most of them don't.

Today, we're introducing the Akto Snowflake Connector in Akto Argus, giving security teams complete visibility into Cortex AI agents running inside Snowflake.

Why Snowflake Cortex Needs Agentic Security

Cortex AI agents are powerful.

They can call built-in LLM functions like COMPLETE, SENTIMENT, and TRANSLATE directly in SQL. They can parse natural language queries into executable SQL through Cortex Analyst. They can retrieve unstructured data through Cortex Search for RAG-based workflows. And with Cortex Code, they can even generate and execute code autonomously.

This capability introduces significant security and governance risk.

The Data Exposure Problem

Earlier this year, security researchers demonstrated how Snowflake's CORTEX Search Service could unintentionally expose sensitive data within an organization. The issue stemmed from how the service handles owner-executed rights versus caller's rights; a user without direct SELECT privileges on a table could still access plaintext data through CORTEX Search, bypassing dynamic masking policies entirely.

This isn't a hypothetical attack. It's an architectural subtlety that leads to real data exposure when governance policies aren't perfectly aligned with how Cortex services execute queries.

The Visibility Gap

The more fundamental problem, though, is visibility. Most security teams today can't answer basic questions about what's happening with AI agents inside Snowflake:

• Which Cortex AI agents are deployed across the organization?

• What data are they accessing, and with what permissions?

• What prompts are being sent to these agents?

• What outputs are they generating?

• Are any agents calling external APIs or interacting with sensitive systems?

Security dashboards report that everything is secure, as they have zero visibility into what AI agents inside Snowflake are actually doing.

Without this visibility, security teams are operating in the dark. They can't assess risk, enforce policies, or respond to incidents they don't even know are happening.

Want to see what's running inside your Snowflake environment? Book a demo →

How Akto Secures Snowflake Cortex AI Agents

Akto's Snowflake connector operates as part of Akto Argus, our security product for homegrown AI applications. It connects directly to your Snowflake account and continuously monitors Cortex AI activity.

1. Discover Every Cortex AI Agent

Once connected, Akto Argus automatically discovers all AI agents built using Snowflake Cortex in your account. This includes agents using Cortex AI functions, Cortex Analyst configurations, Cortex Search services, and any custom agent implementations.

The result is a live, centralized inventory of every Cortex-based agent in your environment - how it's configured, what model it's using, and where it's deployed.

You can't secure what you can't see. This is the foundation.

2. Observe Agent Configurations and Activity

Akto captures agent execution data from the past 60 minutes on a continuous basis, giving security teams a rolling view of what Cortex agents are actually doing in production. This includes:

Agent configurations - model selections, parameters, and settings for every Cortex agent in your account. This is your baseline for understanding what's deployed and how it's configured.

Cortex function usage - Tracking of built-in Cortex AI functions like COMPLETE, SENTIMENT, TRANSLATE, and others across your environment.

Input data - the prompts, queries, and parameters being sent to agents. This is where you catch prompt injection attempts, unauthorized queries, and policy violations before they cause damage.

Output data - the responses agents generate. This is where you detect sensitive data exposure, PII leakage, and outputs that violate compliance requirements.

API interactions - external API calls made by agents during execution. This is where you identify agents reaching out to systems they shouldn't be talking to.

Performance metrics - execution time and resource consumption, giving you the operational context needed to distinguish between normal behavior and anomalies.

3. Enforce Guardrails Across Your Agent Fleet

With discovery and monitoring in place, Akto Argus lets security teams enforce guardrail policies directly on Cortex agent activity.

You can set up content and policy guardrails to control what agents are allowed to discuss or act on, sensitive information guardrails to prevent agents from exposing PII, credentials, or regulated data in their responses, language safety and abuse guardrails to block harmful or off-policy outputs, advanced code detection filters to catch agents generating or executing risky code patterns, custom guardrails tailored to your organization's specific compliance and security requirements.

Every guardrail violation is logged with full context, what was blocked, why, and which agent triggered it. Security teams can identify agents with excessive permissions, detect misconfigurations that don't align with organizational policies, and track changes to agent behavior over time.

See your Cortex AI security posture in one dashboard. Schedule a demo →

Getting Started: Five Minutes to Visibility

Setting up the Snowflake connector requires minimal effort. You'll need your Snowflake account URL, authentication credentials (username/password, OAuth token, or RSA key pair), and a running Akto Traffic Processor.

From there, the steps are straightforward:

1. Open Akto Argus → Connectors → AI Agent Security → Snowflake

2. Enter your Snowflake account URL

3. Select your authentication method and provide credentials

4. Optionally specify a warehouse, database, and schema to scope the connection

5. Enter your data ingestion service URL

6. Click Import

Akto immediately begins discovering agents and collecting execution data. No changes to your Snowflake configuration.

For authentication in production environments, we recommend RSA key pair authentication for the strongest security posture. Full setup instructions are available in our documentation.

Final Thoughts on Akto + Snowflake

The pattern is clear: every major data platform has AI Agents running inside it. Snowflake with Cortex. Databricks with Mosaic AI.

Each platform creates its own agentic surface area, and each surface area introduces risks that traditional security tools weren't designed to handle. As Snowflake itself puts it, running AI agents directly where governed data resides eliminates data movement, but it also means security must follow.

That's what Akto Argus is built for: unified security visibility across every platform where your organization runs AI agents. The Snowflake connector is the latest addition to a growing list that already includes AWS Bedrock, Databricks, Azure AI Foundry, LangChain, Vertex AI, and more.

If your data teams are building with Cortex, your security teams need visibility into what those agents are doing. This is the fastest way to get it.

Ready to secure your Cortex AI agents? Talk to us →