Snowflake Summit 2026 confirmed the platform's next phase. The architecture is being further reorganized around AI agents: software that acts on the business, not only reports on it.
The more consequential signal was structural. Every new agent capability arrived paired with the governance required to run it inside a regulated enterprise. That pairing, not any single capability, is what makes these announcements relevant to organizations operating real production systems.
Below are the five announcements that carry the most weight, with our assessment of what each one requires of the data and AI strategy already in place.
Snowflake separated its agent strategy into two products for two audiences. CoCo, formerly Cortex Code, engineers pipelines and applications and is built for technical teams. CoWork, formerly Snowflake Intelligence, answers questions and automates tasks for business teams with no SQL required.
The material detail is where these agents operate. Both run inside the tools people already use, including Slack, Excel, VS Code, and the desktop. Adoption, not technology, is where most analytics programs stall. Embedding agents into existing environments removes the friction of a separate destination, which is the point at which organizational adoption typically breaks down.
Our assessment: The gap between technical and business users has long been the constraint on becoming data-driven. A capability that serves both groups in their native environments addresses that constraint directly.
A generic agent with no knowledge of the business has limited value. Snowflake addressed this with two capabilities that operate together. Cortex Sense reads the data estate and teaches agents business rules, definitions, and context without manual setup per agent. Horizon Context pulls metadata from BI tools, databases, and ETL pipelines, so agents inherit the meaning behind the data rather than the rows alone. Cortex Sense is in private preview and will mature over the coming quarters.
Together they address the failure mode common to enterprise AI pilots: a model that performs well in general and poorly on the specifics of the business. If a term such as active customer carries a precise definition in your environment, the agent must hold that definition before its output merits trust.
Our assessment: Context is what separates a demonstration from a deployment. Organizations that have invested in clean definitions and documented metadata will see materially better results here.
Snowflake Datastream connects live Kafka feeds directly into Snowflake and removes the need to operate a separate streaming platform. Existing Kafka producers point at a lightweight local broker that speaks the Kafka wire protocol — no code changes, no Kafka cluster, no Kafka Connect, no Snowpipe and S3 staging. Data is queryable within seconds, and standard Snowflake governance — RBAC, encryption, Time Travel, and lineage — applies to ingested data automatically. This capability is heading to private preview.
Our assessment: real-time has historically required additional infrastructure, which adds tooling, integration risk, and gaps where governance can fail. Folding more streaming capabilities into the platform, with security inherited rather than reapplied, reduces both cost and risk.
This is the announcement that addresses the concern of every security and compliance leader. As agents gain the capacity to act, the exposure is that they move or expose data they should not. Snowflake responded with additional controls.
Data Movement Policies block data from leaving Snowflake. Data Exfiltration Detection in Trust Center flags agents pulling unusual volumes of sensitive data in real time. Agent Identity logs and tags every action an agent takes. Agent Identity is in private preview.
Our assessment: the discipline here is treating agents as actors that require identity, monitoring, and policy, the same controls applied to an employee or a service account. A complete audit trail of agent actions is the precondition for trust. Without it, no serious enterprise will place agents near sensitive data. With it, the question shifts from whether agents can operate to how far their authority extends.
Snowflake acquired Natoma to resolve the problem that becomes urgent the moment agents begin to act: connecting to systems outside Snowflake, including Slack, CRM, Jira, and internal tools, without creating security exposure.
Natoma operates as a checkpoint. Before an agent acts in an external application, it verifies who is asking, whether the request is permitted, and logs what occurred. Once integrated, CoCo and CoWork can reach into business tools and execute work while the security team retains visibility and control.
Our assessment: this is the component that makes the rest operational. Agents confined to Snowflake data are useful. Agents that take governed action across the full tool estate change what the system can deliver. Natoma is the connection between knowing and acting, with permission and accountability engineered in.
The announcements form a coherent position: Snowflake is engineering toward agents that understand the business, operate on live data, act across systems, and stay inside firm governance boundaries. The agent capabilities drew the attention; the governance announcements are what make those capabilities deployable in a regulated environment.
One key point: several of these features are in private preview today. That is a reason to plan, not to wait. Advantage will accrue to the organizations that have already done the foundational work, including clean data definitions, governed metadata, and explicit policy for what automated systems are permitted to touch.
For a tailored walkthrough of what these announcements mean for your organization, get in touch with OneSix.
