What struck me most is how far the story has moved beyond capabilities-at-demo-level. The announcements were aimed at the actual organizational problems of using data and deploying AI — and, just as tellingly, at the new problems that AI adoption itself has created. Cost has to be controlled differently, when agentic workloads are unpredictable and vary wildly by user. Business context and semantics have to flow consistently between the growing ecosystem of products and systems that agents touch. Security and governance need a genuinely new generation of controls, because agents don't behave like the humans and batch jobs our current controls were designed for. Snowflake is visibly building for all three — in several places, ahead of when most organizations even realize they'll need it.
And alongside the new, Snowflake filled gaps it had carried for years — native data streaming above all. What follows are the seven announcement areas I think matter most, each with what's new and my read on why it matters. (A second post will follow with reflections on the broader trends, customer reactions, and where I think this goes over the next 6–12 months.)
1. The front door is changing: from console to agents
For most of Snowflake's history, "using Snowflake" meant a console — Snowsight for analysts and engineers, dashboards for everyone else. The dominant theme of Summit 2026, the agentic enterprise, is Snowflake's answer to the question most organizations are now wrestling with — not whether agents work, but how to adopt them at enterprise scale — and the most visible expression of that answer is that the platform's interaction surface itself is being rebuilt around agents.
The flagships got names to match. Snowflake CoWork (formerly Snowflake Intelligence) is the agent for business users: a new Personal Work Engine removes the agent picker entirely and auto-routes every request, with persistent user memory, personal skills, scheduled automations (think a daily brief in your inbox at 6am), and Deep Research that spins up parallel sub-agents across your data and the web and returns a cited briefing — per Snowflake, outperforming single-agent systems by over a third. It connects to your work context through MCP connectors (Slack, Google Drive, Salesforce live; Gmail and Jira coming) and, via the pending Natoma acquisition, to 100+ business systems, with an iOS app shipping. Snowflake CoCo (formerly Cortex Code) is the agent for engineers and data ops — it doesn't just build pipelines, apps, and agents from natural language, it looks after Snowflake: diagnosing and fixing broken pipelines, tuning workloads, managing the environment. CoCo now lives wherever builders work: a desktop app (GA), Snowsight, the CLI with secured sandboxes, plus extensions for Excel, VS Code, and Claude Code, and an SDK/MCP and cloud API to embed it into your own tools and trigger it from CI/CD or Slack. Underpinning both is the newly announced Cortex Sense (still in private preview), a runtime context layer that automatically learns how your organization defines its business — per Snowflake, a 3–4x lift in agent accuracy — more on that in the next section.
Crucially, CoCo and CoWork are not the whole story — they're the out-of-the-box agents. With Cortex Agents, you can build and operate your own agents on the platform, drawing on the same data, context, semantics, and governance, fully managed — no infrastructure, scaling, or agent runtime to run yourself. And the new generation of Artifacts — governed, live-data views you can interrogate directly, effectively dashboards you can talk to — can be built in CoCo, certified, published into CoWork, and embedded into agentic experiences across the organization.
Why it matters: the real announcement here isn't two products, it's a change in what the "surface" of a data platform is. When the front door shifts from console to conversation, adoption stops being gated on tool training — Samsung described roughly 1,000 executives and sales leaders, none of them data scientists, working through an agent — which is what enterprise-scale agent adoption actually looks like. The build-publish loop (CoCo builds it, governance certifies it, CoWork serves it) is the quiet design choice that turns agents from a personal productivity toy into an organizational distribution channel. Two honest framings to keep in mind, though. These are not agents for everything: they are at their best on data, documents, and knowledge plugged into the Snowflake ecosystem — the closer the work sits to governed enterprise data, the stronger the case, while workloads that live far from that ecosystem may still belong elsewhere. And when the agent is the interface, the context it reasons over and the controls around it stop being optional — which is exactly where the next two sections go.
2. Semantic context: the most active battleground — and maybe the new moat
If you judge a conference by where the intellectual energy concentrates, Summit 2026 belonged to semantic context — a large share of the 500+ sessions, by some counts around 40%, touched governance and context in some form. The reason is simple: AI and agents create value for an organization only when it can channel its unique business and organizational context into them — the definitions, rules, relationships, and accumulated judgment that make your "churn," your "region," and your "quarter" mean something specific. And a growing chorus of analysts now calls this layer the new moat: as data formats open up and models commoditize, the durable edge over peers moves up the stack, to the context layer sitting above the data.
Be precise about scope, because this is much more than the semantic layer in its previous shape — metrics and definitions synced across BI tools. The context agents need spans the authored and the never-written-down: query history, lineage, dbt models, and dashboard logic; documents, emails, and PDFs where business rules actually live; who is asking, in what role, with what working patterns. Humans crossing systems apply judgment; agents can't — they need that context made explicit. Snowflake's announcements map directly onto this expansion. Semantic Views keep advancing (dozens of releases improving their expressive power). The new Horizon Context (private preview) — part of the Horizon catalog, not a separate product — collects signals from schemas, query history, lineage, dbt, and BI tools; enriches them into governed semantics; and activates them at query time so CoCo, CoWork, BI tools, and Cortex Agents all answer from the same definitions, with metadata connectors reaching into other databases, BI, and transformation tools, and auto-generated semantic views and agents for any data share or listing. Cortex Sense is the automatic counterpart: where Horizon Context is the deliberate, governed layer, Sense is a runtime that learns how your organization defines its business from activity already in Snowflake — query history, metadata, dashboards, no authoring required — and on Snowflake's internal eval lifted agent accuracy from 24% to over 80%, a 3–4x improvement that Kleinerman himself caveated on stage as one eval set whose mileage will vary.
What makes this bigger than a Snowflake story is the ecosystem forming around it. The Snowflake-led Open Semantic Interchange (OSI) initiative is building a vendor-neutral specification for semantic metadata — letting semantics travel between tools the way Iceberg lets tables travel between engines. The founding coalition (Salesforce, dbt Labs, BlackRock, Hex, Honeydew, RelationalAI, Cube, Sigma, ThoughtSpot, and others) has since finalized a first specification and stood up working groups — and the membership tells you what clients are demanding: semantics solved once, in an open and interoperable manner. Within a year of launch, Databricks, Oracle, and ServiceNow had all joined rather than countering with standards of their own — about as clear a signal as this industry gives. Many of these vendors were on the Summit floor taking their own stab at the semantic-context challenge on top of Snowflake's foundations. The most concrete example: AtScale's new XMLA Endpoint for Snowflake Semantic Views (private preview soon), which extends governed Snowflake definitions live into Power BI and Excel — no extracts, no duplicated metric logic — so CoWork, a dashboard, and a pivot table give the same answer on gross margin. AtScale's CEO put the stakes well: "AI did not create the metrics consistency problem. It exposed it." Snowflake Ventures, notably, has invested in both AtScale and Honeydew — funding the ecosystem, not just hosting the standard.
Why it matters: this is the substance of data readiness for AI . Tomorrow, data will increasingly be discovered, consumed, and turned into insights and decisions by diverse agents — yours, your vendors', your partners' — and a channelable, governed semantic context is precisely what makes that possible. Two judgments to take away. First, automation is how Snowflake answers the toil problem that killed many a governance program — Sense and auto-generated semantics dramatically lower the cost of getting started. But second, the swamp warning is real: build semantics quickly and only for your agents — context hacks stuffed into each assistant — and you'll re-run the data-swamp movie, this time with confident agents giving different answers to the same question. The wiser posture, audible both in OSI's design and in the sharpest commentary around the show, is to treat semantic context as shared interoperability infrastructure across your systems, with every agent just another consumer of it. The organizations scaling AI fastest invested in exactly this before the AI wave — Thomson Reuters' consolidation of 23 customer-data sources into one governed semantic foundation is what makes its agents trustworthy today. Data is king; context, as one TR leader put it on stage, is queen.
3. Enterprise-ready trust and controls for data + AI
If one thing separates demo-ware from real enterprise adoption, it's this block — and that's true from every direction at once: security, compliance, operations, and, just as decisively, user trust. The agentic reality brings genuinely new challenges that old data controls weren't designed for. The data estate keeps growing in size and complexity; agentic workflows are composed at runtime and executed immediately, rather than carefully designed, reviewed, and hardened upfront; LLMs and agents are non-deterministic, so the same request may take different paths through your systems on different days. And not every employee in an enterprise is on top of the risks this creates — which is why it matters that Snowflake is taking proactive, platform-level steps rather than leaving safety as an exercise for the user. Snowflake's own framing all week was that the overwhelming majority of organizations are stuck between AI pilot and production, with security the number-one blocker; this is the set of announcements aimed squarely at that gap.
Security got an agent-native generation. The centerpiece is agent identity as a first-class platform object (GA): policies can now recognize that a request is being made by an agent on behalf of a user, and behave accordingly — a masking or row policy can reveal less (or differently) when the consumer is an agent rather than a person. It's a control that barely existed anywhere a year ago, and it answers a real problem: an agent acting for a long-tenured employee will happily explore every permission that person has accumulated over the years, including the ones they never use — so agents need their own narrowly delegated scope, the way you'd bound what a new intern can do with a company card. Around identity sits the rest of the suite: data movement policies that block exfiltration in real time (in the live demo, an agent's attempt to export PII-tagged VIP records to an external stage simply failed — a policy block, not an error), runtime AI guardrails against prompt injection and jailbreaks including zero-day detection, multi-party approval so that the most sensitive operations — like disabling MFA org-wide — require two administrators, putting them beyond the reach of any single rogue insider or agent, and a Trust Center that adds AI security posture management, unusual-data-transfer detection, and one-click audit of exactly who prompted which agent and what data was targeted. One more piece rounds it out: intent-driven governance tackles the complexity problem head-on. Instead of hand-tagging and policy-writing across an ever-growing estate, you declare the intent — protect all PII in this database — and the platform classifies the data, creates the right policies, and keeps enforcing them as the estate and the rules evolve; for enterprises facing both growing data landscapes and growing regulation, that shift from manual toil to declared outcomes is significant.
Cost control caught up with AI. The new reality is that AI capabilities arrived faster than FinOps practices could adapt, and agentic workloads don't behave like queries — so the theme of the cost announcements is flexibility and granularity. AI spend now works with budgets like any other workload. Per-user quotas matter more than they may sound: patterns of usage and efficiency of spend vary enormously between individuals — the practitioner framing at the show was that you want to see who is delivering results versus who is merely consuming tokens — and per-user visibility is what makes that conversation possible. Shared warehouses can now carry cost governance split across departments and users, supporting allocation by team, project, or initiative, and budget custom actions can invoke a stored procedure when a threshold is hit — turning budgets from passive alerts into automated responses. Industry mood matched the features: the experimentation-at-any-cost phase is visibly ending, and "show me the ROI" is the new default.
Resilience stayed unglamorous and got better. The next generation of account replication is log-based and roughly 20x faster — enough for Snowflake to offer an SLA-backed RPO assurance, contractually standing behind failover latency and data gap. It builds on immutable backups with retention locks that not even an account admin can delete, explicitly part of an anti-ransomware posture. The credibility note: during last year's cloud-provider outage, several hundred customer workloads failed over without incident.
Why it matters: this is the pilot-to-production unlock, and it works on trust in both directions. Compliance and security teams get controls that are native and demonstrable rather than bolted on; users learn they can rely on agent answers because the masking, blocking, and auditing visibly work. The deeper observation — made pointedly by a major financial-services customer at the show — is that most enterprise ecosystems simply weren't built for agentic actors: identity, access, and monitoring were all designed around humans and predictable machine processes. Rebuilding those assumptions is exactly the kind of problem most organizations are only beginning to think about, and Snowflake is unusually forward-leaning in building for it now — agent-aware masking being the clearest example of a control arriving before most customers knew to ask for it. The granular cost controls deserve the same read: unpredictable, per-person-variable agentic spend is a new problem created by AI itself, and giving FinOps the levers to govern it by user, department, and initiative is what keeps "we deployed agents" from becoming "we got a surprise bill."
4. Real-time, finally native: Snowflake Datastream
In an agentic enterprise, data freshness stops being a nice-to-have: agents acting inside live workflows need current state, not yesterday's batch. And streaming has long been the conspicuous gap in Snowflake's platform. Snowflake had streaming- adjacent primitives for years — Streams, Tasks, Snowpipe Streaming, dynamic tables — but not a true event-streaming capability; that backbone lived outside the platform, almost always Kafka, with customers integrating external streaming components and absorbing both the operational complexity and the governance seam of running a second system.
Summit addressed the gap head-on. Snowflake Datastream (private preview shortly) is a fully managed streaming service built directly into the platform: separated storage and compute, zero-copy streaming to and from Snowflake at sub-second latency, and — the property that matters most for adoption — Kafka wire-compatibility, so existing clients and applications stream in without rewrites. In the Summit demo, an existing Kafka producer was pointed at a Datastream topic with zero code changes, and live event data materialized almost immediately into a governed, Snowflake-managed Iceberg table. Topic/table duality lets you instantiate any streaming topic as a governed table, putting events and analytics in the same plane. Around Datastream, the ingestion story matured too: OpenFlow gained a programmatic object model and APIs (built, in no small part, so CoCo can drive it), a private-connectivity proxy now available across all three clouds including GCP, and a widening connector catalog — Oracle now GA, plus Veeva, Shopify, MongoDB, MariaDB, and BigQuery — with wizard-driven setup.
Why it matters: this is the cleanest case at the whole Summit of a long-awaited gap being filled — and filled natively rather than as a bolt-on. The boundary between data in motion and data at rest effectively collapses inside one governed platform: streamed events land already cataloged, governed, queryable, and — crucially for everything in sections 1–3 — immediately available to agents under the same security and semantics as everything else. An entire second system to run, secure, and reconcile disappears, and with it one of the classic sources of definitional drift, since silo-ed parallel pipelines are exactly where reconciliation pain is born. The honest caveat: not every workload needs sub-second freshness, and much of the enterprise runs perfectly well on micro-batch. The real shift is in the question clients get to ask — no longer "how do I get streaming data into Snowflake," but "do I still need a separate streaming tier at all" — and the answer is now genuinely workload-dependent rather than foregone.
5. The engine room: faster analytics, and operational data joins the platform
It would be easy to overlook this section because it isn't "AI" — and that would be a mistake, because these are the most quantifiable, most testable wins of the entire Summit, and they matter more in the agentic era, not less: when agents fire dozens of exploratory queries to answer one question, every second of compile time and every bit of warehouse tuning overhead gets multiplied. The engine work also carries a quiet thesis: the platform should tune itself, so neither your engineers nor your agents spend effort on infrastructure mechanics.
The analytics engine got dramatically faster on several fronts. The headline is a brand-new interactive query compiler — built, fittingly, with AI assistance — that in early testing with one of Snowflake's largest customers delivered roughly 40x faster compile times, accelerating that customer's overall workload by 3–4x; the stated engineering goal is that you should never have to think about compile time in Snowflake again. Adaptive compute reaches general availability: a workload-aware engine that sizes, scales, and optimizes per query — no warehouse-size configuration, no multi-cluster settings, no auto-suspend tuning; you set a performance goal and the platform handles the rest, at roughly 2x the original warehouse generation and, per Snowflake, beating Gen 2 at similar cost. Interactive tables and warehouses keep gaining (smarter cluster sizing and keys, pre-caching), with CoCo skills now handling the clustering, key-selection, and optimization work that used to be specialist territory. And Unistore gets a major engine optimization improving hybrid-table latency and throughput by roughly 8x (public preview) — a big enough jump that hybrid tables potentially graduate from "interesting" to genuinely viable for real-life HTAP patterns, serving operational lookups and analytics on the same data without a second system.
The second beat: operational data became a first-class citizen. Snowflake Postgres — the world's most popular transactional database, GA on the platform since February — has been hardened for the enterprise (PrivateLink, customer-managed keys, tri-secret secure). The PG Lake extension, open-sourced earlier this year to sync Postgres into an open, interoperable lake, becomes a managed service going GA later this year. And new at Summit, Postgres data mirroring (public preview): flip a switch and Snowflake handles the change data capture and synchronization, keeping an analytics-side copy current at low latency — on the order of seconds — including schema changes, with the reverse direction (Snowflake into Postgres) on the roadmap. The positioning is deliberately about choice: hybrid and interactive tables when you want everything unified inside Snowflake; Postgres when your developers want its ecosystem and extensions — either way, without the fragile ETL duct tape that has historically connected the transactional and analytical worlds.
Why it matters: the platform now spans transactional, streaming (section 4), interactive, and analytical workloads with materially less tuning and fewer pipelines between them — and in the AI era, the latency of moving data between those worlds is no longer just an engineering annoyance, it directly limits what agents can know and act on. Performance gains like these are also the rare announcements you don't have to take on faith: they're testable, and notably Kleinerman caveated his own numbers twice on stage — the eye-catching multiples came from specific large workloads — so the right response is not to quote them but to benchmark them on your own workloads, where even a fraction of the claimed gains compounds invisibly across thousands of daily queries. The unglamorous truth is that this section funds the glamorous ones: faster, cheaper, self-tuning compute is what makes it economical to put agents in front of everything.
6. The open lakehouse: interoperability as a client requirement, and Snowflake leading it
Limited interoperability is an architectural tax, and it compounds with every AI initiative: teams copy data just to access it, costs spike, decisions slow, and agents get starved of the governed context they need. Enterprises have drawn their conclusion: openness, interoperability, and no lock-in are now table stakes for a strategic data platform. What Summit made clear is that Snowflake isn't grudgingly complying — it has embraced the requirement and, in several respects, leads the way.
The evidence spans formats, catalogs, and sharing. Snowflake now ships the broadest Iceberg v3 implementation in production — VARIANT, row lineage, deletion vectors, nanosecond timestamps, geospatial types — and is helping shape v4. The Interoperable Lakehouse went GA: built on Apache Iceberg and Polaris, every engine gets full read/write access to one governed copy — no duplication, no split governance — with Spark, Trino, or PyIceberg working against the same data Snowflake users see, and managed Iceberg storage now GA on AWS and Azure. Notably, Horizon's interoperability is built on Polaris as an open core, so the assurance that you could leave is structural, not rhetorical. The most underrated announcement: the Iceberg REST Scan Plan API, which enforces Horizon's row-access and masking policies even when an external engine queries the table — governance follows the data, not the engine, the strongest proof yet that openness and control are no longer a trade-off. Sharing opened in the same spirit: Open Data Sharing lets any IRC-compatible engine consume Snowflake shares without a Snowflake account — Iceberg and Delta, lineage preserved, no egress fees — Snowflake can now also consume Delta Shares, and the Metadata Hub federates metadata across the whole estate into one queryable view without forcing migration. Add the OSI work from section 2, and the ethos is consistent at every layer, tables up to semantics.
Why it matters: credit where due — this is leadership demonstrated over years. In 2022, Benoit Dageville asked a Summit audience of thousands who had heard of Apache Iceberg; few hands went up. Four years later, largely because Snowflake and a handful of others drove it, Iceberg is the de facto standard and "bring any compute to any data" is operating reality. For clients, the payoff is the end of the copy tax: one logical, governed copy serving every engine means compliance gets solved once instead of N times, freshness stops degrading across replicas, and agents inherit consistent context wherever the compute runs. When a vendor says "no lock-in" and can point to open formats, an open-core catalog, account-free sharing, and zero egress fees — the claim has teeth.
7. Models and ecosystem: staying current without re-architecting
Snowflake's posture on models is unsentimental: models are commoditizing, your data and context are the differentiator — so the platform's job is to keep you on the frontier without ever forcing a re-architecture. The strategy is choice with governance: use the best model for each use case, but run your agents on Snowflake's governed context, with permissions, telemetry, and spend controls already attached.
The announcements fill that strategy out. On models, the native partnerships with Anthropic and OpenAI continue to deepen — Anthropic's Daniela Amodei co-keynoted the show — and the catalog gains Grok (xAI's models, now under SpaceX), in private preview, pitched as compelling on price and performance; the standing commitment is day-0 access to whatever leads next. The AI functions layer grew up: AI Complete now accepts audio and video inputs, extending SQL-native AI from text to media, and the new Cortex Function Studio (public preview) lets teams build, evaluate, and govern their own specialized AI functions — controlling exactly which AI operations their users can run. Quietly foundational is agentic search (public preview): rather than RAG's "here are the ten most relevant documents," it extracts information from unstructured data into structured form and runs real analytical queries — ask how many contracts are dated in 2025 and get a precise number. It's the unsung heavy lifting behind many agent requests. For teams going deeper, Cortex Training offers fully managed fine-tuning and reinforcement learning to customize foundation models, with elastic GPU scaling instead of committing to fixed capacity for months. And the lifecycle gets bookended: AIM (AI-Powered Migrations) unifies Snowflake's migration tooling, with CoCo accelerating legacy-database and Spark moves onto the platform, while the completed Observe acquisition adds a first-party, AI-powered observability platform — logs, metrics, and traces with correlation and faster root-cause analysis — for operating what you build.
Why it matters: model flexibility is not a slide claim — it's how serious agentic systems actually run. Practitioners at the show described operating many agents backed by different models, sometimes adversarially verifying each other, with model choices changing week to week based on evals; day-0 access and easy swapping is what makes that operationally sane, and it lowers the cost of being wrong about which model ultimately wins. Meanwhile, audio/video inputs, custom governed functions, and agentic search are what point AI at the majority of enterprise knowledge that never lived in a table — the unglamorous foundation that makes the agents in section 1 genuinely useful.
Where this leaves clients
Read together, the seven threads tell one story: this was the Summit where Snowflake worked on making AI operable . The agents are the visible layer, but the substance is underneath — the semantic context that keeps answers consistent across an ecosystem of tools, the recognition that agents are a different kind of consumer demanding a different generation of security, the granular cost levers for spend that no longer behaves predictably, and the long-overdue foundations like native streaming and a faster, self-tuning engine. None of that is demo material, and that's exactly the point.
For clients, the practical takeaway mirrors the structure of the announcements themselves: the organizations that get value from the agentic enterprise won't be the ones that deploy agents fastest, but the ones that treat semantic context, trust controls, and cost governance as first-class concerns from day one — because that's what determines whether agent number one thousand is as reliable as agent number one. Most organizations are still only beginning to think in these terms. Snowflake, to its credit, is already building for them.
