Notifications
Clear all
Topic starter
14/05/2026 6:57 pm
TL;DR: Snowflake Cortex agents inherit the privileges of the Snowflake role that invokes them, so over-scoped SELECT access and MCP-connected outputs can turn routine analytics into broad data exposure, according to P0 Security. The real control variable is identity scope, because agent behaviour follows permissions, not intent.
NHIMG editorial — based on content published by P0 Security: When your Snowflake AI agent can query everything you can query
Questions worth separating out
Q: How should security teams govern AI agents that inherit user or role permissions?
A: Security teams should treat inherited permissions as a privilege design problem, not a model problem.
Q: Why do autonomous agents increase the risk of over-privileged access?
A: Autonomous agents increase risk because they can use permissions continuously, at scale, and without human hesitation.
Q: What is the difference between least privilege for people and least privilege for agents?
A: For people, least privilege limits what a person can do during interactive use.
Practitioner guidance
- Implement purpose-built agent roles Create separate Snowflake roles for agents and limit each one to the exact tables, schemas, and operations the use case requires.
- Inventory MCP-connected data paths Map every external tool or workflow that can receive Cortex outputs through MCP, then classify each path for sensitivity, logging, and downstream control requirements.
- Apply lifecycle controls to agent identities Subject agent service accounts to the same review, rotation, and deprovisioning cadence used for other NHI types.
The programme implication is direct: security teams need an identity-first control plane for agents, not just monitoring around the data platform?
👉 Read P0 Security's analysis of Snowflake Cortex agent identity risk →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 6:57 pm
A few things worth adding from our research at NHI Mgmt Group.
Privilege inheritance is the central NHI risk in agentic data platforms. When an agent executes under a user or role with broad warehouse access, the security model quietly shifts from least privilege to borrowed privilege. That is acceptable for a narrow script, but not for an autonomous system that can answer, query, and act at machine speed. The practitioner lesson is to scope every agent identity as if it were a high-value NHI.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented any policies to govern AI agents, even though 92% agree governance is critical to enterprise security.
A question worth separating out:
Q: When should organisations treat agent output integrations as part of access governance?
A: They should do so whenever agent output can reach external tools, analytics layers, or downstream workflows. If data leaves the core platform through MCP or another integration, the access path extends beyond the original system. That path needs the same review, logging, and sensitivity controls as the source environment.
👉 Read our full editorial: Snowflake Cortex agents turn broad role access into data exposure
