Scaling the agentic enterprise: Snowflake Summit 2026 recap

As I walked the floor at Snowflake Summit 2026 alongside 20,000 data leaders, it was clear that a major shift was underway. For the last couple of years, the industry focused on the theoretical promise of generative AI. Everybody was experimenting, many were tokenmaxing. This year, the conversation shifted from agent pilots and AI potential towards production systems with clear ROI from AI. 

Moving from a localized demo to an agent in production requires overcoming some common roadblocks: fragmented data stacks, inconsistent semantic models, incomplete context and unpredictable usage patterns. Not surprisingly, the keynote announcements focused on solutions to these issues:

• Build agents where your data lives to avoid silos, ETLs and risk. This is what Snowflake CoCo (formerly Cortex Code), Snowflake CoWork (formerly Snowflake Intelligence) and Cortex Agents were built to do. 

• Create the required semantic views and share context to increase accuracy. Horizon Context (currently in private preview) and Cortex Sense (currently in private preview) are intended to help here. 

• Govern agents and secure models to protect the organization from the new attack surfaces of the agentic enterprise. Agent Identities (currently public preview) and Cortex AI Guardrails is how Snowflake addresses these challenges.  

The ultimate goal is to make it simple to go from data to insight to action, all in one place. Achieving this requires a strong ecosystem approach. By pairing Snowflake’s native innovations, like CoCo and Cortex AI Guardrails, with Capital One Slingshot and Capital One Databolt, you can optimize, govern, secure and derisk your data and AI operations at scale. Read on to learn how.

To transition from raw data to insights and autonomous action, organizations need tools for engineers building the pipelines and business users driving strategic decisions. Snowflake’s approach is to make powerful tools simple to use. 

Snowflake CoWork, CoCo Desktop and Cortex Agents let you build agents with natural language prompts. Describe the need and desired outcome and get an agent that can:

• Orchestrate multiple-agent workflows

• Call and use tools

• Take action within Snowflake 

• Trigger actions in external systems (e.g. Slack, Salesforce, other integrations)

• Customize with Skills

Learn more about CoCo, Snowflake CoWork and the underlying Cortex Services that make it all possible.

For engineers, the headline announcement was all about CoCo, Snowflake’s native AI coding assistant. CoCo comes with localized, continuous understanding of your Snowflake account, active schemas and metadata. It uses this to help engineers build, debug, test and automate data pipelines and agentic workflows. We recently put CoCo through the ultimate test: a 10TB TPC-DS dataset with 55.8 billion rows. Check out our findings in this hands-on review of Snowflake CoCo. 

At Summit, Snowflake announced a new, IDE-based interface for CoCo: CoCo Desktop. This is a VS Code-based environment for building Snowflake data projects and agents. It is yet another way to interface with CoCo, in addition to the CLI and cloud interfaces. 

The desktop app supports natural language prompts as well as code, expanding CoCo’s reach to data-savvy business users. But you need not worry about the business users. They get their own environment that was purpose-built for knowledge workers: Snowflake CoWork. Read on for all the details. 

Snowflake CoWork enables business users to query the data, build pipelines, create dashboards and automate actions without writing a single line of code. At Summit, Snowflake announced that personal assistants are now built into CoWork. Assistants that automatically tailor insights, Skills and data permissions to the role of the user. These agents are also equipped with dynamic user memory, so they should improve with time and use.

Deep Research (currently public preview) was the other CoWork announcement. It enables CoWork agents to orchestrate complex, multi-agent workflows. When given a multi-step prompt, Deep Research automatically spawns and coordinates teams of specialized subagents to query heterogeneous data sources across the entire ecosystem, synthesize insights and generate certified artifacts. Think of this as Snowflake’s version of Claude Dynamic Workflows. 

To boost agent accuracy, Snowflake announced Cortex Sense (in private preview soon), a runtime enhancement layer. It automatically enriches the context sent to the underlying models with peripheral metadata mined from operational systems. More about that next.

One of the most persistent roadblocks preventing organizations from successfully scaling AI from pilot to production is context. Without context, agents will make mistakes confidently. In fact, Gartner predicts that 60% of agentic projects will fail by 2028 due to lack of a consistent semantic layer. 

Think of it this way: A foundational model might have access to a table, but it’s blind to the broader metadata environment, structural definitions, dependencies and relational logic that determine how the business actually interprets its metrics. We need to provide the agent with that context if we want it to make decisions and take action on behalf of the business.

To bridge this gap, Snowflake announced Horizon Context (currently in preview). It’s an extension of Horizon Catalog that provides governed semantics and context to agents. Its Semantic View Autopilot is a tool to generate the required semantic views. The framework extracts embedded query logic from SQL code on Snowflake and external BI tools. It uses this to preconstruct the required semantic views. It gets you 80% there, so what used to take engineers weeks can now take hours. 

Cortex Sense (in private preview soon) sits on top of that and sends enriched context to the underlying model. It’s a runtime enhancement service that intercepts prompts before they reach the LLM, evaluates the metadata, enriches it with signals and sends that context back to the model for inference. Based on Snowflake’s tests, this boosts agent retrieval accuracy from an experimental 47% to a production-ready 83%.

Building agents on Snowflake and providing them with context was a main focus at Summit. Governing those agents and securing the models was another focus area. Let’s dive into that. 

The agentic enterprise has new and unique security challenges: the agent and the model are both potential attack surfaces. Upgrading governance frameworks to account for these new entities and vulnerabilities was discussed thoroughly at Snowflake Summit 2026. 

Three themes emerged: govern the agent, secure the model and understand costs. Let’s dive into each.

Snowflake announced Agent Identity (currently public preview) as a way to govern agents on the platform. Agent Identity gives every Snowflake-native agent a cryptographically verified identity. It applies automatically to any agent built with CoCo, Snowflake CoWork or Cortex Agents and enables the following:

• Cryptographic verification: Every agent has its own machine identity, rather than inheriting human session access. This helps protect the organization against privilege escalation attacks.

• Per-agent masking: Specific agents can be restricted using data masking policies, showing different column results depending on that agent's purpose. 

• Row-level security: Enforce explicit row access policies per agent.

• Full audit trails: Maintain a complete record for every action an agent executes, including approvals (if applicable), traces, prompts, etc. This simplifies compliance and generally eases the mind.

Agent Identity addresses the challenge with autonomous agents querying data and taking action on the platform. Snowflake also announced a new, distinct Agent Principal to address cross-system workflows (currently in preview). This is a framework for passing on security and governance policies from Horizon Catalog to external systems agents connect to via MCPs, that is likely related to the Natoma acquisition. Used together, these features help govern Snowflake agents acting within and outside of the platform.

Prompt injection is considered the leading threat to autonomous AI agents. It is when a threat actor gets the LLM to ignore security and governance guardrails. This enables the threat actor to potentially access everything the agent has access to, i.e. all the connected systems, uploaded files, artifacts, etc. Chat memory could also potentially fall into the wrong hands, which could contain a treasure trove of information.

Snowflake built Cortex AI Guardrails to proactively defend against runtime prompt injection threats. Activated once at the account level, these guardrails intercept incoming text vectors across CoCo, Snowflake CoWork and Cortex Agents, neutralizing malicious payloads before they ever reach the model. 

As AI tools like Claude Code, Codex, CoCo and Snowflake CoWork are adopted throughout the organization, both data and agent creation skyrockets. Agents are already creating more data than humans. Unpredicted costs and unforeseen usage patterns, as models evolve and users gain access, are keeping many data and AI leaders up at night. 

In April, Uber’s CTO went viral after sharing that the ride-sharing giant exhausted its entire 2026 AI tooling budget in just four months. In May, Microsoft discontinued most of its Claude Code licenses, after only six months. This was due to escalating costs, mostly related to third-party APIs. Neither of these leaders anticipated the costs associated with AI correctly. But it’s not just them. The internet is littered with stories of companies blowing through their annual AI budget in mere months. 

Slingshot can help you understand what is driving your AI costs. Once you discover and understand what those cost drivers are you can forecast spend. We’re working on various ways to enable organizations to discover, understand and forecast AI costs, so stay tuned!

Snowflake’s innovation provides an exceptional foundation for the next generation of data engineering. But, the modern enterprise needs more than innovation. It needs a way to maximize the value of its data cloud, securely. This requires comprehensive observability, financial oversight and enterprise-grade data protection. This is where Capital One Software's solutions complement Snowflake's native capabilities.

Running trillions of real-time inference requests across automated pipelines can cause infrastructure to struggle under unpredictable concurrency spikes. To eliminate this bottleneck, Snowflake announced Adaptive Warehouses (GA soon) as the next evolution of the virtual warehouse, built from the ground up across both hardware and software. 

While the Adaptive Warehouse simplifies infrastructure scaling, usage-based pricing and automated agent pipelines introduce highly variable cost vectors. That’s where Slingshot comes in, as a powerful management and optimization engine that works alongside Snowflake-native features to provide deep, cross-account optimization at scale.  

Learn more about Snowflake Warehouse Optimization with Slingshot.

Similarly, while Horizon Context (currently in private preview) and Cortex AI Guardrails offer native account-level boundaries, security in an AI-first world benefits from a defense-in-depth framework. Databolt integrates natively with Snowflake to safeguard your sensitive data and critical business information. 

Databolt secures sensitive data (PII, PHI, PCI, etc.) at the source by replacing it with a token, i.e a non-sensitive, format-preserving placeholder. The data is tokenized before it ever interacts with downstream workflows or external platforms. 

By deploying Databolt alongside Horizon Catalog, organizations can rest assured that their sensitive data is secure. Even if an agent is authorized to scan a table for trends, or given row-level access, the underlying sensitive data is tokenized and replaced with non-sensitive values, so they are completely useless unless the agent and user (if human-in-the-loop) have specialized permissions to detokenize the data. This multi-layered security approach helps eliminate the risk of accidental exposure.

The transition to the agentic enterprise represents an exciting milestone for the global data landscape. By centralizing data, semantics and compute on an interoperable platform, organizations can successfully move past isolated demos and deploy AI applications that are accurate, scalable and secure.

Ultimately, the most effective way to embrace this future is through a collaborative platform strategy. Marrying the power of Snowflake's native capabilities with Capital One Software's advanced optimization and security platforms is how your enterprise can confidently move from AI ambition to agentic and ROI-proven execution.