San Francisco Startup Develops Gateway Technology for AI Authorization Workflows
In an era where the integration of artificial intelligence (AI) into enterprise operations has become increasingly common, risks associated with AI usage have surged. The growing phenomenon known as “shadow AI,” where unsanctioned AI tools and workflows proliferate within organizations, has triggered urgent discussions around data security and management. To address these challenges, Snowflake, a prominent data cloud company based in Silicon Valley, announced its intention to acquire Natoma, a startup focused on managing model context protocol servers (MCP). This acquisition aims to enhance organizational governance of AI interactions, particularly in how AI agents connect to various data sources while maintaining security and compliance.
The introduction of agentic AI into enterprises has prompted unprecedented reliance on model context protocol servers, as organizations grapple with the complexities of managing AI workflows. The Chief Security and Trust Officer of Snowflake, Mayank Upadhyay, emphasized the need for a centralized and governed approach to MCP management. He stated that without proper control, AI agents may inadvertently expose sensitive data, posing significant risks to companies’ security frameworks. The proposed acquisition of Natoma aligns with Snowflake’s goal to enable organizations to regulate which systems AI agents can access during specified sessions or workflows, thereby mitigating potential vulnerabilities.
Founded in 2024, Natoma, under the leadership of Pratyus Patnaik—a former director at Okta—has quickly made its mark in the industry. The startup’s focus on delegated permissions and centralized authorization across AI ecosystems offers a solution to the pressing challenges in managing AI interactions. "Natoma provides a robust solution with an array of 100 MCP servers that can be implemented out-of-the-box," Upadhyay remarked during a conversation with ISMG. He emphasized that this capability is timely, given the rapid expansion of AI applications and the increasing complexity surrounding data governance.
As businesses like Snowflake ramp up their internal AI capabilities, employees increasingly expect AI tools to interface securely with a host of engineering systems, ticketing platforms, and business applications. According to Upadhyay, the intention is to embed governance and security into the very fabric of AI adoption rather than imposing security measures post-deployment. This shift in strategy aims to provide a seamless experience for users, who do not want to navigate a myriad of disjointed applications to complete their tasks.
The evolution of employee expectations surrounding AI tools reflects a growing desire for integrated workflows across platforms such as GitHub, Salesforce, Jira, Slack, and Zoom. As Upadhyay articulated, the expectation is for AI systems to facilitate unified experiences while keeping security at the forefront. He noted that if security is integrated effectively into the workflow, users often adopt the more secure options without realizing it.
However, the rapid adoption of AI also leads to data residing outside the traditional confines of structured data warehouses, now extending into SaaS platforms and email systems. The proliferation of unofficial and unsupported MCP servers has become a growing concern, making it increasingly difficult for organizations to maintain oversight and control.
The urgency for robust governance is underscored by the transformation in how employees utilize AI systems. As Upadhyay pointed out, users are creating new methods to deploy shadow AI, raising alarming security implications. The ability of AI agents to probe and interact with various systems accentuates the potential risks of accidental data breaches or unauthorized access to sensitive information.
Securing AI agents represents a critical identity and authorization challenge, as organizations must define which agents can access specific systems under particular conditions. By focusing on non-human identity management, Natoma aligns closely with the burgeoning field of AI agents and their machine identities. Upadhyay articulated that understanding identity and authorization is fundamental to securing AI interactions amidst evolving security standards.
In a world where users may simultaneously engage with multiple agentic systems—such as Claude, Snowflake Intelligence, or Microsoft Copilot—the need for centralized credential management becomes paramount. Centralized MCP gateways, combined with delegated identity frameworks like that of Natoma, promise to simplify this complexity while enhancing governance protocols.
Looking ahead, Upadhyay expressed the pressing need for organizations to establish robust security practices before less secure solutions become widespread. "There’s a narrow window of opportunity to address these challenges before the availability of advanced cyber capabilities in the open-source arena complicates matters further," he stated.
In summary, the acquisition of Natoma by Snowflake may pave the way for a more secure and governed approach to AI integrations within enterprises, addressing the critical challenges associated with data access and insider threats stemming from the rise of agentic AI technologies.