A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval. Despite access controls and dynamic masking policies, Cortex AI’s default configuration runs queries using the privileges of the service owner (owners' rights), rather than those of the actual user (callers' rights). This behavior may inadvertently allow users with lower privileges to access sensitive data that should have remained masked or restricted.
Snowflake’s dynamic masking policies typically ensure that sensitive data is only visible to users with explicit permissions. However, when the Cortex Search Service is created under a highly privileged role (e.g., ACCOUNTADMIN), any user granted "USAGE" on that service inherits these elevated privileges. This can inadvertently bypass intended security restrictions, exposing sensitive information such as Personally Identifiable Information (PII) or financial details in plaintext, despite masking rules.
Snowflake has acknowledged the issue, updated their documentation to clarify Cortex’s use of owners' rights, and is actively working on enhancements to provide options for caller’s rights execution contexts and clearer administrator warnings.
AI-driven services such as Cortex Search can greatly enhance productivity but must be deployed with careful consideration of security best practices, specifically the principle of least privilege. Organizations leveraging Cortex AI should immediately review their deployment and access configurations to prevent unintended sensitive data exposure.