What happened
Snowflake's Cortex Code CLI, a command-line coding agent, contained a vulnerability allowing indirect prompt injection to bypass security controls. Attackers could manipulate Cortex via process substitution expressions to execute arbitrary commands without human approval and escape its sandbox. This caused malware download and execution, potentially leading to data exfiltration or table deletion using the victim's Snowflake credentials. Snowflake released a fix in Cortex Code CLI version 1.0.25 on February 28th, 2024.
Why it matters
Agentic AI tools introduce new attack vectors, shifting security responsibilities to procurement and security architects. The Cortex vulnerability demonstrated how indirect prompt injection bypassed established human-in-the-loop and sandboxing controls, causing remote code execution and data compromise. Procurement teams must now assume agentic tools require explicit "workspace trust" mechanisms, while security architects must validate command validation logic beyond surface-level checks to prevent similar bypasses.
Subscribe for Weekly Updates
Stay ahead with our weekly AI and tech briefings, delivered every Tuesday.
