Back to the blog

Snowflake Cortex AI Search service can expose sensitive data

A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.

Summary

A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval. Despite access controls and dynamic masking policies, Cortex AI’s default configuration runs queries using the privileges of the service owner (owners' rights), rather than those of the actual user (callers' rights). This behavior may inadvertently allow users with lower privileges to access sensitive data that should have remained masked or restricted.

Technical Impact

Snowflake’s dynamic masking policies typically ensure that sensitive data is only visible to users with explicit permissions. However, when the Cortex Search Service is created under a highly privileged role (e.g., ACCOUNTADMIN), any user granted "USAGE" on that service inherits these elevated privileges. This can inadvertently bypass intended security restrictions, exposing sensitive information such as Personally Identifiable Information (PII) or financial details in plaintext, despite masking rules.

Recommended Actions

  • Deploy Cortex with Least Privileges: Create Cortex Search Services using a dedicated, minimally privileged role that has only essential access.
  • Isolate Sensitive Tables: Do not include sensitive columns or tables with dynamic masking or compliance requirements in general-purpose Cortex Search indexes.
  • Manage USAGE Grants Carefully: Be cautious granting USAGE permissions on Cortex services, as any user granted access inherits the service’s privileges.
  • Audit Regularly: Regularly review and verify roles used to create Cortex services. Rebuild or revoke access as necessary if services were created under overly privileged roles.

Vendor Response

Snowflake has acknowledged the issue, updated their documentation to clarify Cortex’s use of owners' rights, and is actively working on enhancements to provide options for caller’s rights execution contexts and clearer administrator warnings.

Conclusion

AI-driven services such as Cortex Search can greatly enhance productivity but must be deployed with careful consideration of security best practices, specifically the principle of least privilege. Organizations leveraging Cortex AI should immediately review their deployment and access configurations to prevent unintended sensitive data exposure.

Related posts

Report

Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors