Snowflake Data-Model-Agent Security Framework for AI Agents
Snowflake introduced a new Data-Model-Agent security framework to address the risks posed by AI agents executing tasks on behalf of businesses. This three-layer approach integrates security into the data, model, and agent layers, offering defense-in-depth for governed AI operations. The framework aims to provide enterprise-grade security, including distinct agent identities, tool governance, and prompt injection defenses, for organizations deploying AI agents.
- →Data layer enforces governance and access controls
- →Model layer protects against prompt injection and data exposure
- →Agent layer governs identity, tools, and actions with audibility
- →Day 2 security includes posture management and resilience
- →AI agents present new security challenges beyond traditional models
Features (4) ›
- Data layer enforces governance and access controls
This layer emphasizes foundational data security controls like role-based access, masking, encryption, and auditability. Snowflake's zero-copy architecture helps reduce data sprawl and maintain governance attached to the data, limiting opportunities for sensitive data leakage.
- Model layer protects against prompt injection and data exposure
Snowflake Horizon AI Guardrails are designed to defend against direct and indirect prompt injection attacks by adding a governance layer. Keeping AI close to governed enterprise data helps avoid unnecessary exposure to external model providers.
- Agent layer governs identity, tools, and actions with audibility
AI agents are given distinct, auditable identities to track machine actions. Tool governance through centralized gateways provides control and visibility into agent tool usage, while sandboxed environments offer isolation for code-generating agents.
- Day 2 security includes posture management and resilience
Snowflake Trust Center provides AI Security Posture Management and data movement policies. Capabilities like multi-party approval and WORM backups support continuous control, auditing, and recovery for AI workloads.
Notes (2) ›
- AI agents present new security challenges beyond traditional models
AI agents can query sensitive data, call tools, and execute tasks at scale, posing risks that traditional security models struggle to manage. Enterprise security is shifting from enabling human access to AI to ensuring AI agents operate safely and on behalf of the business.
- Snowflake's Data-Model-Agent Framework provides layered security
The framework organizes agentic AI security into three layers: the data layer (least privilege, masking), the model layer (protection from manipulation), and the agent layer (governing behavior, tools, and identity). This approach ensures security is built-in from the start, rather than bolted on.
https://www.snowflake.com/content/snowflake-site/global/en/blog/securing-the-agentic-enterprise