CyberSecurityBoard
Sponsor Register Login

The Hidden Security Risks of Data Exposure in AI-Driven Tools Like Snowflake's CORTEX

Their investigation revealed that the service operates under “owners’ rights” rather than “callers’ rights,” potentially allowing lower-privileged users to access sensitive data that should remain masked according to established security policies. Snowflake’s CORTEX Search Service, a cutting-edge AI-driven search and retrieval tool, promises to revolutionize how organizations interact with their data through natural language queries and enhanced retrieval capabilities. While this policy correctly masks sensitive data when queried directly, CORTEX Search bypasses this protection by executing queries under its service role’s elevated privileges. However, CORTEX Search employs “owners’ rights,” meaning it executes with the privileges of the role that created the service, regardless of who initiates the query. Cyera researchers identified a critical security gap in how CORTEX Search interacts with Snowflake’s dynamic data masking policies. Besides this, a regular user with only USAGE permission on the CORTEX Search Service can retrieve unmasked data that would otherwise be hidden from them. Users only need USAGE permissions on the service to query data through CORTEX Search. Designed to simplify complex data operations, this service allows users to perform fuzzy searches and leverage large language model capabilities without requiring direct SELECT privileges on underlying tables. Organizations implementing dynamic data masking to protect sensitive information from unauthorized viewing may unknowingly expose that same data through CORTEX Search. When an administrator deploys CORTEX Search Service using a privileged role such as ACCOUNTADMIN, the service inherits all the access permissions of that role. Subsequently, any user granted USAGE on the service can leverage these borrowed privileges to retrieve data they would normally not have permission to view in plaintext form. In systems operating under “callers’ rights,” processes execute with the same permissions as the invoking user, maintaining security boundaries. However, as AI integration deepens in data analytics platforms, a concerning pattern emerges where advanced functionality may inadvertently undermine carefully established security controls.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 21:10:48 +0000


Cyber News related to The Hidden Security Risks of Data Exposure in AI-Driven Tools Like Snowflake's CORTEX

Snowflake at centre of world's largest data breach - Cloud AI Data platform Snowflake are having a bad month. Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers. Additionally incidents are running at multiple other ...
11 months ago Doublepulsar.com
Three Ways to Chill Attacks on Snowflake - More than a month after a spate of data theft of Snowflake environments, the full scope of the incident has become more clear: at least 165 likely victims, more than 500 stolen credentials, and suspicious activity connected to known malware from ...
10 months ago Darkreading.com
The Hidden Security Risks of Data Exposure in AI-Driven Tools Like Snowflake's CORTEX - Their investigation revealed that the service operates under “owners’ rights” rather than “callers’ rights,” potentially allowing lower-privileged users to access sensitive data that should remain masked according ...
3 weeks ago Cybersecuritynews.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
7 months ago Aws.amazon.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
1 month ago Cybersecuritynews.com
Key Breakthroughs from RSA Conference 2025 - Day 1 - Sumo Logic unveiled intelligent security operations with capabilities like detection-as-code (bringing DevSecOps to threat detection), UEBA historical baselining (improving accuracy by learning behavior over time), multiple threat intelligence feeds, ...
1 month ago Cybersecuritynews.com Inception
Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 year ago Bleepingcomputer.com Hunters
Live Nation finally confirms massive Ticketmaster data breach - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 year ago Bleepingcomputer.com Hunters
Ticketmaster sends notifications about recent massive data breach - Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. Last month, a threat actor known as ShinyHunters began selling stolen ...
11 months ago Bleepingcomputer.com Hunters
CVE-2022-0013 - A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue ...
3 years ago
Snowflake denies breach, blames data theft on poorly secured customer accounts - Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. On Friday, the company confirmed that some ...
11 months ago Helpnetsecurity.com
Navigating the Security Risks of Multicloud Management - The lack of visibility and control over multiple clouds exacerbates these risks, making it imperative for organizations to adopt robust cloud security practices. These tools enhance visibility across multiple cloud environments by providing a unified ...
7 months ago Darkreading.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
1 year ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)