Cloud Agents

Cloud Agents is a capability in Cortex Code (Snowsight) that provides a cloud-based compute environment for each session. When enabled, Cortex Code runs inside an isolated container, unlocking a broader set of capabilities that were previously only available in the Cortex Code CLI.

What’s enabled

Cortex Code can search the web as part of answering your questions or completing tasks.

To test: ask Cortex Code to “search the web for [topic]” and it will use a live web search as part of its response.

Shell command execution

Cortex Code can run arbitrary shell commands inside the sandboxed container. This enables tasks like running shell scripts, installing packages, executing CLI tools, and performing system operations that are not possible in the standard browser-based experience.

Python script execution

Full Python execution is available inside the container runtime. Cortex Code can run Python files, install dependencies, and execute multi-step scripts as part of agentic workflows.

How to use it

When Cloud Agents is enabled on your account, you will see a Cloud agents toggle below the chat input box in Cortex Code (Snowsight).

  • The toggle is on by default once Cloud Agents is enabled for your account.
  • You can turn it off per session if you prefer the standard experience (for example, if you need lower latency and don’t need the additional tools). It is recommended that you start a new thread when switching between modes.
  • The rest of the Cortex Code interface is unchanged. The cloud compute runs transparently in the background.

Security and isolation

Cloud Agents runs in an isolated container managed by Snowflake.

  • No change to existing grants. Enabling Cloud Agents does not modify any of your Snowflake RBAC settings or open up additional SQL access.
  • Isolated execution. Each session runs in its own container.
  • Outbound network is restricted, not disabled. HTTPS egress is limited to platform-configured package registries and build tooling (for example PyPI, npm and Yarn, RubyGems, Rust/crates.io, the Go module proxy, Maven and Gradle, and similar hosts for NuGet, Pub, Hex, CPAN, CocoaPods, and Swift). Access to hosts outside that allowlist requires external access integrations that your Snowflake administrator configures. These integrations use the same primitives as UDFs and stored procedures.
  • Existing secrets model. If external access is configured, credentials are managed via Snowflake Secrets. The container never has direct access to secret values.

Current scope

This release focuses on three capabilities: the existing Snowsight experience, arbitrary bash execution, and web search.

Not yet included:

  • Multi-agent (parallel agent) execution
  • Persistent filesystem across sessions (session-scoped today)
  • Full CLI tool parity (grep, glob, and other tools are being validated)

Availability

  • Available in all AWS and Azure commercial cloud regions.
  • Not currently available in GCP, Government, VPS, or China deployments.
  • Available to all accounts (Public Preview).