![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Sergey_Tarasov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple Foldable iPhone to Feature New Display Tech, 19% Thinner Panel [Rumor]](https://www.iclarified.com/images/news/97271/97271/97271-640.jpg)
![Apple Developing New Chips for Smart Glasses, Macs, AI Servers [Report]](https://www.iclarified.com/images/news/97269/97269/97269-640.jpg)
![Apple Shares New Mother's Day Ad: 'A Gift for Mom' [Video]](https://www.iclarified.com/images/news/97267/97267/97267-640.jpg)
![Apple Shares Official Trailer for 'Stick' Starring Owen Wilson [Video]](https://www.iclarified.com/images/news/97264/97264/97264-640.jpg)
The Hidden Security Risks of Data Exposure in AI-Driven Tools Like Snowflake’s CORTEX
Artificial Intelligence is rapidly transforming every aspect of technology, offering unprecedented efficiency and business growth opportunities. However, as AI integration deepens in data analytics platforms, a concerning pattern emerges where advanced functionality may inadvertently undermine carefully established security controls. The latest discovery highlights how even well-configured environments can harbor unexpected vulnerabilities when AI services interact […] The post The Hidden Security Risks of Data Exposure in AI-Driven Tools Like Snowflake’s CORTEX appeared first on Cyber Security News.
Artificial Intelligence is rapidly transforming every aspect of technology, offering unprecedented efficiency and business growth opportunities.
However, as AI integration deepens in data analytics platforms, a concerning pattern emerges where advanced functionality may inadvertently undermine carefully established security controls.
The latest discovery highlights how even well-configured environments can harbor unexpected vulnerabilities when AI services interact with traditional access control mechanisms.
Snowflake’s CORTEX Search Service, a cutting-edge AI-driven search and retrieval tool, promises to revolutionize how organizations interact with their data through natural language queries and enhanced retrieval capabilities.
Designed to simplify complex data operations, this service allows users to perform fuzzy searches and leverage large language model capabilities without requiring direct SELECT privileges on underlying tables.
Users only need USAGE permissions on the service to query data through CORTEX Search.
Cyera researchers identified a critical security gap in how CORTEX Search interacts with Snowflake’s dynamic data masking policies.
Their investigation revealed that the service operates under “owners’ rights” rather than “callers’ rights,” potentially allowing lower-privileged users to access sensitive data that should remain masked according to established security policies.
The fundamental issue stems from the execution context of AI services. When an administrator deploys CORTEX Search Service using a privileged role such as ACCOUNTADMIN, the service inherits all the access permissions of that role.
.webp)
Subsequently, any user granted USAGE on the service can leverage these borrowed privileges to retrieve data they would normally not have permission to view in plaintext form.
This behavior effectively creates a security bypass that undermines the principle of least privilege, one of the cornerstones of information security.
Organizations implementing dynamic data masking to protect sensitive information from unauthorized viewing may unknowingly expose that same data through CORTEX Search.
The Owners’ Rights Vulnerability
The technical crux of this vulnerability involves the distinction between two privilege models in database systems.
In systems operating under “callers’ rights,” processes execute with the same permissions as the invoking user, maintaining security boundaries.
However, CORTEX Search employs “owners’ rights,” meaning it executes with the privileges of the role that created the service, regardless of who initiates the query.
This becomes evident when examining how masking policies typically work in Snowflake:-
CREATE MASKING POLICY mask_sensitive_data AS (val STRING)
RETURNS STRING ->
CASE
WHEN CURRENT_ROLE() = 'ADMIN' THEN val
ELSE '*****'
END;While this policy correctly masks sensitive data when queried directly, CORTEX Search bypasses this protection by executing queries under its service role’s elevated privileges.
Besides this, a regular user with only USAGE permission on the CORTEX Search Service can retrieve unmasked data that would otherwise be hidden from them.
Snowflake has acknowledged this issue following Cyera’s responsible disclosure and has begun implementing mitigations, including changes to execution context options and enhanced administrator warnings to prevent misconfiguration.
Are you from the SOC and DFIR Teams? – Analyse Real time Malware Incidents with ANY.RUN -> Start Now for Free.
The post The Hidden Security Risks of Data Exposure in AI-Driven Tools Like Snowflake’s CORTEX appeared first on Cyber Security News.
