Snowflake AI Escapes Sandbox and Executes Malware
4 hours ago
- #Snowflake
- #vulnerability
- #cybersecurity
- A vulnerability in Snowflake Cortex Code CLI allowed malware execution via indirect prompt injection, bypassing human-in-the-loop approval and escaping the sandbox.
- The attack involved manipulating Cortex to download and execute malicious scripts using the victim's active credentials, leading to potential data exfiltration, table drops, and other malicious actions.
- Snowflake released a fix in Cortex Code CLI version 1.0.25 on February 28th, 2026, after responsible disclosure by PromptArmor.
- The vulnerability exploited a flaw in command validation, where commands within process substitution expressions bypassed approval checks.
- Attackers could leverage cached tokens to execute SQL queries with the victim's privileges, causing significant harm to Snowflake instances.
- Snowflake's advisory is available on their Community Site, detailing the vulnerability and remediation steps.