Snowflake outlines a three-layer security framework for AI agents that operate autonomously in enterprise systems, arguing that data governance, model protection, and agent oversight must be built in from the start rather than added later.

What happened: Snowflake has introduced its Data-Model-Agent security framework, which organizes agentic AI security into three layers: the data layer (enforcing least privilege, masking, and data movement controls), the model layer (protecting against prompt injection and manipulation), and the agent layer (governing agent identity, tools, and approvals). The framework includes Snowflake Horizon AI Guardrails to defend against prompt injection attacks, integration of Natoma for centralized MCP tool governance, and sandboxed environments for code-generating agents.

Why it matters: AI agents can query sensitive data, call tools, and execute tasks at scale and speed, creating new security risks that traditional security models cannot handle. Without distinct agent identity and tool governance, machine actions can be difficult to track and audit, and the security perimeter expands whenever an agent connects to external applications. Security teams now need to ensure agents operate safely and are limited to only the data and tools they require.

What to watch: Snowflake Trust Center provides AI Security Posture Management to identify vulnerabilities in AI workloads, and the platform supports multi-party approval and business justification for highly sensitive operations. The Natoma integration comes built in with more than 100 MCP servers and 10,000 tools, removing the need for employees to deploy shadow AI open source servers.