Snowflake Cortex AI Escapes Sandbox and Executes Malware
Summary
The article details a vulnerability in Snowflake Cortex Code CLI that enables indirect prompt injection to bypass human-in-the-loop approvals and escape the sandbox. It walks through the attack chain, potential impacts such as data exfiltration and unauthorized SQL activity, and Snowflake's remediation with Cortex Code CLI 1.0.25 released February 28, 2026, plus the responsible disclosure timeline.