Snowflake Arctic and the Future of AI Governance If you’re reading this, then it’s certain you saw the news about Snowflake’s Arctic model launch. Machine learning and AI is the next natural step for the Snowflake Data Cloud. Not only because it’s a hot trend, but because the Snowflake story naturally leads you to AI. What makes machine learning better? Lots of data. Where are you putting more and more of your data? Snowflake. Of course, there’s no such thing as a free lunch. While your data scientists, developers, and all the other Snowflake enthusiasts in your orbit are rushing to see how they can start leveraging Arctic (and there are already ways popping out of the Snowflake teams as well), maybe you’re here because you have accountability for your organization’s data. You may have one very important question: how is Arctic going to affect my governance and security stance? We’re here to answer that question, and the answer is mostly good – if you’re going to do the right things right now.

The TL;DR on this is simple. Arctic is like every other thing that runs in the Snowflake Data Cloud. Nothing in Snowflake escapes the watchful eye of Snowflake governance policies. Nothing in Snowflake can skip past the network controls, security checks, encryption, or RBAC (Role-Based Access Control). The simplest way to understand this is that to use all this power in the Arctic LLM you have a list of simple, built-in Snowflake functions. You only have permission to use the AI stuff if you have permission to use those functions. And you only have permission to feed data that you are already allowed to access into those functions. Simple, right? End of the story, right? If that were the end, that would also be the end of this post. Honestly, I probably wouldn’t have bothered to write it if that were the case.

While it’s true that AI access is limited to the Cortex functions and that people will only be able to bring the data they already have access to into those functions, when you combine AI and the huge wells of data that Snowflake tends to have things may get weird. It’s not unusual for people (or services) to be over-provisioned. Just yesterday we were on the line with a prospect who was shocked to see ALTR’s real-time auditing picking up dozens of jobs running under the Snowflake SYSADMIN role. These queries running with too much privilege happened because lots of folks were granted this role through nesting to make it easier for them to get some data that had been put in a database that it probably shouldn’t have been in, and it was easier to grant the role than move the data. (This sort of security gap is exactly why this company is looking at ALTR in the first place!) With that SYSADMIN role, those users could have accessed tons of stuff they weren't supposed to. They didn’t (we know that because ALTR’s auditing would have caught them), but since they had the access, they could have. Humans tend to only query data they know they have access to. But what happens when AI takes the wheel?

Right now, the impact that AI’s power can have in Snowflake is limited. But just like having a model like Snowflake’s Arctic was the next natural step in the Snowflake story, there are more natural steps we can imagine. People are going to throw all the data they have at this thing to attempt to get amazing results. What happens when they have access to data they shouldn’t? What happens when they should have access to a table, but maybe there’s sensitive information in columns and there needs to be advanced data protection in place to make that data usable in the context of Cortex, Arctic, and AI in general? The machines won’t use the same approaches humans will (and vice versa). That’s why humans and AIs make such an effective team when things go right. But that also means these LLMs won’t limit themselves to only what they know. They will crawl through every scrap of data they have access to trying to find the right answer to get that good feedback we’ve programed them to seek. What happens when that machine is mistakenly given SYSADMIN role like the humans were? And, of course, people are going to build fully automated systems where the AI-powered machines will run all the time pushing these boundaries. Humans sleep, take time off, and eat a meal every now and then. What happens when your governance and security must be on watch 24/7 because they’re contending with machines that never step away?

The good news is that we’re only standing on the tip of this iceberg (pun intended). Most of this stuff is still a little while away. But as with everything else related to AI, it’s going to move fast. So now more than ever it's crucial that security and governance be integrated into the data and development pipelines and CI/CD approaches as well as automated as much as possible. Snowflake has all the controls you need to prevent the bad stuff from happening, but you need to use them effectively and automatically. The sensitive information in your data needs special attention more than ever in an AI-powered world. In that conversation yesterday, the customer asked about the new Arctic stuff and how ALTR could address that even though it just dropped this month. The answer is simple: ALTR has been in the proactive security business since the start. Since Snowflake did the right thing by building security directly into the Arctic and AI design, it’s just another thing ALTR can help you lock down as you roll it out. It all fits together perfectly. The next natural step in that company’s story – and maybe in yours – is to decide to let us help them out. We’re ready for AI when you are.

‍