CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 29, 2026

Snowflake to Buy Startup Natoma Focused on AI Access Control

Data Breach Today Archived May 29, 2026 ✓ Full text saved

San Francisco Startup Built MCP Gateway Technology for AI Authorization Workflows Snowflake plans to acquire AI governance startup Natoma to help enterprises centrally manage model context protocol access, delegated permissions and AI agent connectivity as organizations confront growing risks tied to shadow AI deployments and machine identity sprawl.

Full text archived locally
✦ AI Summary · Claude Sonnet


    Agentic AI , Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Snowflake to Buy Startup Natoma Focused on AI Access Control San Francisco Startup Built MCP Gateway Technology for AI Authorization Workflows Michael Novinson (MichaelNovinson) • May 28, 2026     Credit Eligible Get Permission Mayank Upadhyay, chief security and trust officer, Snowflake (Image: Snowflake) Enterprise adoption of artificial intelligence agents, as well as growing shadow AI usage, is driving an explosion in model context protocol servers. But these agentic AI connections to myriad of data sources carry risks. AI agents could easily expose sensitive data even if they aren't supposed to be able to access it. See Also: AI Agents Introduce a New Insider Threat Model Snowflake, a Silicon Valley-based AI data cloud company, plans to provide a more governed and centralized approach to MCP management through the purchase of a startup led by a former Okta director. Snowflake said its proposed acquisition of San Francisco-based Natoma will help organizations control which systems AI agents can interact with during specific sessions or workflows, said Chief Security and Trust Officer Mayank Upadhyay. Natoma can manage delegated permissions, brokered access and centralized authorization across AI ecosystems. "Natoma brings a very nice solution to this, which gives you a repertoire of 100 MCP servers, which comes out of the box," Upadhyay told ISMG. "It's in a gateway that can be governed. It's exactly what the ecosystem needs at this point to bring some sanity to concerns around the explosion of AI and MCP." Natoma, founded in 2024, employs 27 people and raised $7 million in a May 2025 seed funding round led by Index Partners and Greylock Management. The company has been led since its inception by Pratyus Patnaik, who sold workplace operations platform atSpoke to Okta in August 2021 for $79.3 million and spent more than two years as a senior director at Okta before leaving to establish Natoma. Why Employees Need Access to Data Across Third-Party Apps As Snowflake expanded its internal use of AI assistants and agentic systems, employees wanted AI tools capable of securely interacting with engineering systems, ticketing platforms, source-code repositories and business applications. Snowflake wants to embed governance and security directly into enterprise AI adoption rather than forcing security controls onto users after deployment, Upadhyay said. "Different customers prefer to use different platforms, and we will meet our customers where they are and give them the capabilities in a neutral way," Upadhyay said. "It doesn't matter what your agentic platform is. It doesn't matter where your data is stored. We can help you connect this." Employees increasingly expect AI systems to aggregate data from GitHub, Salesforce, Jira, Slack and Zoom into unified workflows, and users no longer want to move between multiple disconnected applications to complete workflows, Upadhyay said. Snowflake sees MCP governance and secure connectivity as essential infrastructure for enabling those experiences safely, Upadhyay said. "If you force security down people's throats, it's usually not going to be that successful, but the moment you bake it into the paved road, everybody just adopts it and they don't even realize that they picked the more secure solution," Upadhyay said. Enterprise data increasingly resides outside traditional data warehouses and spans SaaS platforms and email systems, and Upadhyay said employees want agentic systems to interact with data across all of those applications. Many users have started deploying unofficial MCP servers that are unsupported, inconsistently maintained and difficult to monitor, he said. "People are creating new ways of deploying shadow AI," Upadhyay said. "It's just mushrooming all over the place. You have agents who have a very specific behavior using these MCP servers to go out there and talk to SaaS apps. That's really a frightening proposition." Why Securing AI Agents Is Fundamentally an Identity Problem AI agents are designed to explore all available tools and pathways in order to accomplish assigned tasks, Upadhyay said, meaning they may unintentionally interact with systems or data they were never meant to access. The more MCP servers and tools organizations expose to agents, the greater the likelihood that agents will accidentally exfiltrate data, trigger destructive actions or expose sensitive systems. "You've got these agents who will probe and look under every single rock to find what's over there," Upadhyay said. "It just makes it very easy for you to accidentally exfiltrate data, or have some agent doing something it shouldn't be doing." Securing AI agents is fundamentally an identity and authorization problem since organizations must determine precisely which agents can access which systems under which conditions, Upadhyay said. Natoma's focus on non-human identity management translates naturally into the emerging world of AI agents and machine identities, according to Upadhyay. "It is very much an identity and authorization problem," Upadhyay said. "I want people who understand this space well. There are new standards emerging here. People who have worked in that space, who know where the world is heading and who can build new innovation working across the ecosystem is very, very key to this." Employees may use Claude, Snowflake Intelligence, Microsoft Copilot or other agentic systems concurrently, meaning that users without centralized credential brokering would need to repeatedly provision credentials and OAuth tokens across multiple environments. Centralized MCP gateways and delegated identity frameworks like Natoma simplify that process while improving governance, he said. "There's a little bit of breathing room right now before some of the cyber capabilities make it into open source and the genies out of the bottle," Upadhyay said. "Once that happens, you're going to see all kinds of things happen right, so get ahead of that."
    💬 Team Notes
    Article Info
    Source
    Data Breach Today
    Category
    ◇ Industry News & Leadership
    Published
    May 29, 2026
    Archived
    May 29, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗