Agentic artificial intelligence promises to transform how companies operate, but it also introduces security and governance risks that CIOs cannot ignore. Snowflake, aware of this challenge, has announced the acquisition of US startup Natoma, specialized in the Model Context Protocol (MCP), to provide AI agents with a framework for control, identity, and auditing. This move is no coincidence: it comes at a time when organizations are struggling to move their AI workflows from pilot to production, and where governance has become the main bottleneck.

What does Natoma bring to Snowflake?

Natoma offers a platform that provides access to MCP-based tools along with governance and observability capabilities. By integrating into Snowflake, it will allow companies to securely connect Cortex Agents, Snowflake Intelligence, Cortex Code, and other AI platforms with enterprise systems spanning SaaS applications, cloud environments, VPCs, and on-premises infrastructure via MCP servers. In essence, Natoma acts as the control and governance fabric for these connections, an element that is becoming critical as real-time autonomous agents cross multiple systems and environments.

As Phil Fersht, CEO of HFS Research, notes: “MCP is becoming the connective fabric of enterprise agents, but without identity, policies, privileged access controls, and auditability, it can quickly become a shadow AI risk.” He adds: “It's no longer enough to govern who can query a table. Now CIOs need to govern what AI agents can see, what systems they can touch, what actions they can trigger, and how all of that is audited.”

MCP is not infallible: governance as a differentiator

Robert Kramer, managing director of KramerERP, warns that “MCP is a protocol, not a governance model in itself. It can standardize connections, but it can also standardize risk if access is too broad, tools are poorly governed, or agents are trusted too quickly.” This is precisely where Natoma's value lies: providing a governed MCP with verified servers, identity-aware authorizations, policy enforcement, auditability, and gateway control.

This need for governance is not new. In our article Claude Opus 4.8: The new era of control and transparency in AI for SysAdmins and DevOps, we already highlighted how transparency and control are essential for adopting AI safely. Now, with the emergence of autonomous agents, the challenge multiplies.

Are companies ready for MCP?

Despite the enthusiasm, most companies are not yet ready to consume services or tools via MCP. According to Fersht, “they want the productivity and context benefits, but their governance, identity, data classification, and access control models are still catching up.” CIOs must avoid treating MCP as a plug-and-play miracle. Agents can extract context from email, Slack, CRM, and internal systems, but that also means they can expose sensitive information, trigger incorrect actions, or bypass established workflow controls if policies are weak.

Critical points to watch, according to analysts, are identity-based permissions, least-privilege access, audit logs, human-in-the-loop oversight for high-risk actions, data leakage controls, and clear ownership when an agent makes a bad decision. In this regard, Snowflake's acquisition of Natoma could help CIOs build stronger foundations, but the ultimate responsibility lies with organizations.

Snowflake enters the race for the AI control plane

Michael Ni, principal analyst at Constellation Research, believes the acquisition reflects Snowflake's efforts to seize the AI control plane. “Data platforms won the analytics era. Whoever governs agents, context, and autonomous actions will win the agentic era. Natoma brings Snowflake the missing layer between insight and execution.”

This strategy is part of a broader trend: SaaS providers like Salesforce, ServiceNow, and Workday are integrating agentic orchestration capabilities, while hyperscalers like Microsoft, AWS, and Google consolidate their agent development tools. Snowflake, with Natoma, seeks to differentiate itself by offering a governance layer that others have not yet fully solved.

For CIOs, the real test will be whether Snowflake can seamlessly integrate Natoma's governance capabilities into its offering, allowing them to manage permissions, policies, and agent controls at scale without adding another layer of complexity. In a context where cybersecurity is already a challenge, as we saw in Anthropic's Mythos Preview detects 10,000 vulnerabilities, any solution that simplifies governance will be welcome.

Snowflake has not disclosed the financial terms of the acquisition or the estimated closing date. However, the move makes clear that AI agent governance is the next technological battlefield, and companies that do not prepare adequately could face serious shadow AI risks and data leaks.

Original source: ComputerWorld. Analysis and adaptation by ForgeNEX.