For the complete documentation index, see llms.txt. This page is also available as Markdown.

Snowflake Red Teaming

Red team your Snowflake AI agents and Cortex endpoints with Akto.

Overview

Akto lets you run security probes against Snowflake-based AI agents and Cortex endpoints. This guide walks you through generating a Snowflake Programmatic Access Token (PAT), configuring a Scan Role, and running a red teaming scan.

Step 1: Generate a Snowflake PAT Token

Akto uses a Snowflake Programmatic Access Token (PAT) to authenticate scan requests against your Snowflake endpoints. You can generate one via the Snowflake UI or via a SQL query.

1

Log in to Snowflake

Log in to Snowsight.

2

Go to Governance & Security

From the left navigation, go to Governance & Security.

3

Select the User

Select the user you want to generate the token for.

4

Generate the Token

Under the Programmatic Access Tokens section, click Generate Token.

5

Fill in Token Details

Enter the following:

  • Name — a descriptive label for the token (e.g. akto-red-teaming)

  • Comment — an optional note for context

  • Expiry — set an appropriate expiry duration

  • Role — grant access to the relevant Snowflake role

6

Copy and Save the Token

Click Generate. Copy and save the token — it will not be shown again.


Step 2: Configure a Scan Role

Create a Scan Role in Akto that uses the PAT token and scopes it to your Snowflake endpoints.

Follow the Create a Scan Role guide and apply the Snowflake-specific settings below.

Snowflake Scan Role Configuration

Field
Value

Role Name

e.g. snowflake-test-role

Endpoint condition

Endpointcontainssnowflakecomputing.com

Auth type

Hard-coded

Header Key

Authorization

Header Value

Bearer <your-pat-token>

The endpoint condition snowflakecomputing.com ensures this auth token is applied only to Snowflake requests and not to any other agentic traffic.


Step 3: Run Red Teaming Scan

Once the Scan Role is configured, select your Snowflake agent components, choose the relevant probe categories, and select the Scan Role configured in Step 2 under Scan Execution Parameters.

For detailed steps, see Run Scan.


Get Support

There are multiple ways to request support from Akto. We are 24X7 available on the following:

  • In-app chat: Use the Intercom widget in your Akto dashboard and someone will reply.

  • Discord community: Join our community at akto.io/community.

  • Email support: Contact us at support@akto.io.

Last updated