Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service are revolutionizing data retrieval with advanced fuzzy search and LLM-driven Retrieval Augmented Generation (RAG) capabilities.

However, beneath the promise of efficiency lies a critical security concern: unintended data exposure.

A recent analysis highlights how even tightly configured access and masking policies in secure environments can be bypassed due to the inherent design of such AI services, potentially exposing sensitive data to unauthorized users within an organization’s Snowflake user base.

A Hidden Threat in AI-Driven Search Services

At the heart of this issue is the distinction between callers’ rights and owners’ rights in database systems.

Unlike callers’ rights, where a function operates under the invoking user’s privileges, owners’ rights allow a service to execute with the permissions of its creator-often a highly privileged role like ACCOUNTADMIN or a dedicated service role such as CORTEX_ROLE.

In the case of Snowflake’s CORTEX Search, this means the service runs with the elevated access of its owner, not the querying user.

Consequently, even users without direct SELECT privileges on underlying tables can retrieve unmasked data if they have USAGE rights on the service.

According to Cyera Report, this design, while useful for delegating specific tasks under the principle of least privilege in some contexts, can inadvertently create a backdoor for data exposure when misconfigured.

For instance, an analyst querying a salary information table directly might see masked data as per dynamic masking policies; however, the same user querying through CORTEX Search could access unmasked plaintext, bypassing security controls entirely due to the service inheriting the owner’s unrestricted access.

Owners’ Rights: A Double-Edged Sword in Database Security

This vulnerability stems from a potential misunderstanding among administrators who may assume that CORTEX Search respects the querying user’s permissions.

When the service is created with a powerful role like ACCOUNTADMIN, any user granted USAGE rights effectively borrows those elevated privileges during execution.

The risk is amplified when sensitive tables with compliance-relevant data, such as personally identifiable information (PII) or financial records, are indexed for search without proper isolation.

Such misconfigurations can lead to unintended information disclosure within an organization, undermining the very purpose of dynamic data masking, which is meant to restrict data visibility at query time based on user roles.

To mitigate these risks, Snowflake administrators must adopt stringent practices.

Deploying CORTEX Search with a least-privileged service role, rather than a high-access role like ACCOUNTADMIN, is paramount.

Additionally, sensitive columns should be excluded from search indexing, and USAGE grants on the service must be carefully audited to prevent overreach.

Periodic reviews of the roles used to create each CORTEX Search Service can also help identify and rectify configurations where the creator had excessive access to critical data.

Ultimately, the power of AI-driven tools must be balanced with rigorous access control enforcement.

As AI services like CORTEX Search become integral to enterprise data workflows, recognizing that they are not exempt from traditional security principles is crucial.

Without meticulous scoping, these innovations risk becoming conduits for data leaks, quietly eroding the barriers meant to protect sensitive information.