Unlocking Snowflake AI: Query Everything with Cortex Agents

Executive Summary

Unlock the potential of Snowflake AI with Cortex Agents, ready for general availability. These AI agents can handle both structured and unstructured data, execute code, and interact with external systems via the Model Context Protocol (MCP). However, the identity risk from broad access permissions is significant, as demonstrated by recent research showing vulnerabilities that could lead to data exfiltration. Stay informed on secured data querying capabilities essential for modern organizations.

👉 Read the full article from P0 Security here for comprehensive insights.

Key Insights

Cortex General Availability

• Cortex reached general availability in November 2025, with follow-up features arriving in February 2026.
• Organizational deployment capabilities enhance query effectiveness on both structured and unstructured data.

Role of Cortex Agents

• Cortex Agents enable execution of code and interaction with external tools, expanding the functionality of Snowflake.
• Utilization through the Model Context Protocol (MCP) allows seamless data exchange with external systems.

Identity Risk Concerns

• The agent operates under the privileges of the initiating Snowflake user, posing identity security risks.
• Broad SELECT access without proper scoping can lead to potential overreach in data access, impacting security strategies.

Risks Highlighted by Research

• Researchers at PromptArmor revealed vulnerabilities like indirect prompt injections that can exploit cortex agents.
• These vulnerabilities can lead to malware execution leveraging cached credentials, emphasizing the need for tighter security measures.

👉 Access the full expert analysis and actionable security insights from P0 Security here.