Ethical Hacking News
Snowflake's AI-driven security imperative has been triggered by recent data breaches at Ticketmaster and Santander. In response, Snowflake CISO Brad Jones has emphasized the need for robust security measures and collaboration with customers. Learn more about Snowflake's approach to cybersecurity in this in-depth article.
The recent data breaches at Ticketmaster and Santander have highlighted the need for robust security measures in cloud computing. The breaches were caused by over 160 customer accounts being accessed using previously exposed credentials, not a compromise in Snowflake's infrastructure. Snowflake has adapted its approach to security by pivoting towards a more collaborative model with customers, known as the "shared-destiny" model. Snowflake launched a leaked password protection service to proactively validate and lock compromised accounts. The company is actively exploring challenges posed by AI-powered security threats, including data protection and agentic AI. Agentic AI has the potential to significantly impact security governance, requiring proactive adaptation from security teams.
In the rapidly evolving landscape of cloud computing, cybersecurity threats have become increasingly sophisticated and complex. The recent data breaches at Ticketmaster and Santander, both major customers of Snowflake, have served as a stark reminder of the importance of robust security measures in today's digital age. In this article, we will delve into the lessons learned from these breaches and explore how Snowflake, as a company, has adapted its approach to security in response.
The breach at Ticketmaster and Santander was not the result of a compromise in Snowflake's infrastructure but rather the result of over 160 customer accounts being accessed using previously exposed credentials. Many of these compromised accounts lacked multi-factor authentication, a safeguard that would have prevented unauthorized access to their databases. The incident response firms, including Mandiant and CrowdStrike, ultimately concluded that the attacks were not Snowflake's fault, but the breach left its mark on everyone involved.
The aftermath of this breach led Snowflake CISO Brad Jones to rethink the shared-responsibility security model, pivoting towards a more collaborative approach with customers. "It was an unfortunate situation that our customers went through, and we've really pivoted from a shared-security model to more of a shared-destiny model with our customers," Jones said.
In response to this breach, Snowflake launched a leaked password protection service that scours the dark web for stolen Snowflake account credentials. "We go in and proactively validate if they're still active credentials. If they are, we pivot immediately to locking that account and asking questions later," Jones noted. This initiative demonstrates Snowflake's commitment to protecting its customers' sensitive information.
Moreover, Snowflake has been actively exploring the challenges posed by AI-powered security threats. "AI is a perfect example of something that you have to keep on top of because it's changing so rapidly," Jones said. The primary security concerns surrounding AI involve data protection and agentic AI, which enables AI systems to think and act independently without direct human direction.
In terms of data protection, Snowflake recognizes the need for robust measures to safeguard sensitive information. "Probably the most primary concern that folks have is: How do they ensure that the data that they have is staying secure, or they're not exposing data in unexpected ways?" Jones asked. He highlighted DeepSeek as a prime example of this issue, where users inadvertently exposed data through poor security practices.
The second significant challenge posed by AI is agentic AI, which has the potential to significantly impact security governance. "Getting to the point where it's starting to think and do things on its own behalf without directly taking direction from a human – it's both powerful and scary at the same time," Jones said. According to Microsoft's roadmap for agentic AI, there are three stages of development: chatbot phase, automated workflows, and independent operation.
While some may question whether AI agents are inherently bad for security, Jones posited that security teams must adapt to this rapidly evolving landscape. "Security can't say whether it's a good or bad idea. Security has to adapt," he said. He likened the situation to improv's "yes, and" rule, emphasizing the need for proactive collaboration with business stakeholders.
Ultimately, Snowflake's experience serves as a reminder that cybersecurity is a shared responsibility that requires constant vigilance and adaptation. By acknowledging the importance of collaborative security approaches and taking proactive measures to protect against emerging threats, organizations can mitigate their exposure to potential breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/Snowflakes-AI-Driven-Security-Imperative-Lessons-Learned-from-a-Breach-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/15/snowflake_ciso_interview/
Published: Thu May 15 09:58:47 2025 by llama3.2 3B Q4_K_M
