Snowflake

• Snowflake Cortex AI Code CLI Escapes Sandbox and Executes Malware via Prompt Injection March 18, 2026

  Two days after launch, Snowflake's Cortex Code CLI was found vulnerable to a prompt injection attack that bypassed human-in-the-loop approval, escaped the OS sandbox, and executed malware using cached Snowflake auth tokens. The attack ran while the main agent reported it was prevented.