Snowflake Boosts Enterprise AI Security with Agent Identity and Guardrails

Snowflake

Jun 9, 2026

Snowflake is introducing new AI security innovations, including Agent Identity for auditability, Horizon AI Guardrails for prompt injection protection, and Data Movement Policies to prevent unauthorized data exfiltration. These updates aim to provide enterprises with the controls needed to securely deploy autonomous AI agents at scale.

Snowflake is enhancing its platform with new AI security capabilities designed to secure agentic AI deployments in the enterprise. Key additions include Agent Identity (public preview), which provides a distinct signal to identify actions performed by an AI agent, enabling auditability and near real-time access restriction. Horizon AI Guardrails (generally available) offer prompt injection defense, integrated into the Horizon Catalog.

Agent Identity: Public preview
Horizon AI Guardrails: Generally available
CoCo CLI Sandbox: Private preview
Data Movement Policies: Private preview
Data Exfiltration Detection: Private preview
Multi-Party Approval (MPA): Private preview

These innovations address the amplified security risks that come with autonomous AI agents making critical business decisions, such as malicious prompt injections and unauthorized data movement. The platform also introduces CoCo CLI Sandbox (private preview) for client-side isolation to mitigate data exfiltration and malicious code execution when AI systems run code.

Snowflake also provides Data Movement Policies (private preview) to prevent configured data movement from agents outside the Snowflake trust boundary. Additionally, Multi-Party Approval (MPA) (private preview) enforces a "four-eyes" rule for critical security operations, and new CoCo security skills simplify security administration through natural language.

HORIZON CATALOG The universal AI catalog; COMPUTE AND AI; SNOWFLAKE COMPUTE; EXTERNAL COMPUTE; EXTERNAL AGENTS; SQL; DATA SCIENCE AND ML; STREAMLIT APPS; SNOWFLAKE COCO; SNOWFLAKE COWORK; SQL API; REST API; ICEBERG REST CATALOG API; MCP; Snowflake Horizon Catalog Built on Apache Polaris; INTEROPERABILITY; CONTEXT; GOVERNANCE & SECURITY; Search; Lineage; Semantic Views; Data Quality; Access Control; Sensitive Data Protection; AI Security; AI Guardrails; DATA AND STORAGE; SNOWFLAKE MANAGED STORAGE; ICEBERG; SNOWFLAKE TABLES; EXTERNAL DATA; EXTERNAL METADATA; SECURITY & GOVERNANCE — Snowflake Horizon Catalog architecture diagram illustrating interoperability, context, and governance across compute, storage, and external AI agents.

View the full update on snowflake.com

Snowflake

@Snowflake1d ago

AI agents are entering the enterprise fast. So are new security risks. We're solving for that, with new AI security innovations built to help organizations secure the agentic enterprise at scale, including: • Agent Identity for auditability and near real-time access restriction • Horizon AI Guardrails for prompt injection protection • Data Movement Policies to help prevent unauthorized data exfiltration • Multi-Party Approval and Snowflake Backups for stronger ransomware resilience • AI Security Posture Management and Compliance Reporting in Trust Center • CoCo security skills for conversational security administration and remediation Learn more: https://t.co/wd8kvgGyOZ

416

View on X

Still wondering? A few quick answers below.

Agent Identity provides a recognizable signal that identifies actions performed by an AI agent on behalf of a user. This new context enables auditability of agent actions and allows for near real-time restriction of agent access to sensitive data.

Horizon AI Guardrails offer a zero-day style defense layer against prompt injection. They are integrated into the Horizon Catalog and are designed to prevent adversaries from crafting inputs that override a model’s system instructions to extract sensitive information or trigger unintended actions.

Data Movement Policies are designed to prevent configured data movement from Snowflake agents to outside the Snowflake trust boundary. These policies provide granular controls to protect sensitive data from unauthorized movement, helping to defend against data exfiltration.

Multi-Party Approval (MPA) directly mitigates the risk of insider attacks and accidental destructive actions by enforcing a “four-eyes” rule. This means two authorized administrators must approve critical security-sensitive operations, enhancing resilience against threats like excessive data destruction.

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Keep reading

v0 Launches Snowflake Integration to Build and Deploy Data Dashboards via Chat

v0 has released a public preview of its Snowflake integration, allowing users to query warehouse data and deploy full-stack applications directly to Snowflake infrastructure. This update transforms the generative UI tool into a functional data agent that bridges the gap between natural language prompts and enterprise-hosted analytics.

PerplexityMay 15

Perplexity Computer Connects to Snowflake to Automate Enterprise Data Science

Perplexity launched a Snowflake connector for its Computer agent, allowing users to query live data warehouses using natural language. The integration bypasses traditional SQL bottlenecks by automatically generating a semantic data map to translate business questions into accurate queries. This shifts the platform from a web-search tool into a proactive internal data science team.

Cloudflare Launches Outbound Workers to Secure AI Agent Network Access

CloudflareApr 13

Cloudflare Launches Outbound Workers to Secure AI Agent Network Access

Cloudflare introduced Outbound Workers for Sandboxes, a programmable proxy that lets developers inject credentials and enforce security policies at the network level. This allows AI agents to interact with sensitive services without ever having direct access to the raw authentication tokens.

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

NVIDIAMay 21

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

NVIDIA released a verification framework for agent skills that uses automated scanning and cryptographic signing to ensure AI instructions are safe and authentic. While previous security focused on isolating the agent's environment, this shift brings governance directly to the capabilities an agent learns and executes.

What is Agent Identity?

How do Horizon AI Guardrails protect against prompt injection?

What are Data Movement Policies?

What is Multi-Party Approval (MPA)?

Keep reading

v0 Launches Snowflake Integration to Build and Deploy Data Dashboards via Chat

v0 Launches Snowflake Integration to Build and Deploy Data Dashboards via Chat

Perplexity Computer Connects to Snowflake to Automate Enterprise Data Science

Perplexity Computer Connects to Snowflake to Automate Enterprise Data Science

Cloudflare Launches Outbound Workers to Secure AI Agent Network Access

Cloudflare Launches Outbound Workers to Secure AI Agent Network Access

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

Keep reading

v0 Launches Snowflake Integration to Build and Deploy Data Dashboards via Chat

v0 Launches Snowflake Integration to Build and Deploy Data Dashboards via Chat

Perplexity Computer Connects to Snowflake to Automate Enterprise Data Science

Perplexity Computer Connects to Snowflake to Automate Enterprise Data Science

Cloudflare Launches Outbound Workers to Secure AI Agent Network Access

Cloudflare Launches Outbound Workers to Secure AI Agent Network Access

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities