*Figures reported by Snowflake; unaudited. Survey data vendor-sourced.
Snowflake dropped two big announcements on May 27: a $6 billion infrastructure deal with Amazon Web Services built on Graviton compute, and the acquisition of Natoma, a platform that governs how AI agents talk to enterprise systems. Put them together and the play is obvious — Snowflake wants to own the computing layer and the rules layer for AI agents. They've been the place where companies keep their most sensitive data. Now they want to be the bouncer that decides whether an AI agent gets to touch it.
Here's what both announcements have in common: they're about where AI agents get stuck, not where they get started. Agents don't break when they're thinking. They break when they try to actually do something — pull a real record, write to a live system, kick off a workflow. That's where security teams say no. That's where budgets die. Snowflake is betting it can be the one who says yes or no at that exact moment.
That's a very different business than charging companies for compute and storage. It's more like identity and access management — a space that security vendors have owned for years, not data platforms. The Natoma deal makes this crystal clear. Natoma runs a centralized Model Context Protocol (MCP) gateway that sits between AI agents and your systems. Every time an agent wants to do something, the gateway checks: Who's asking? What are they allowed to do? Should this go through? It logs everything and blocks anything that doesn't pass.
The MCP governance mess is real, and Snowflake just called dibs
Model Context Protocol has taken off so fast it's already created a shadow IT headache. Developers and power users have been spinning up their own MCP servers, wiring agents to company data, and nobody checked with security. You can guess where this is going: proprietary data flowing to random AI models, agents poking around systems they were never meant to access, zero audit trail. Snowflake's announcement basically says "yeah, we noticed" — pointing to fragmented governance and data exfiltration risk.
Natoma solves this by putting one checkpoint in front of everything. Every agent action goes through the gateway, gets checked against identity and policy rules, and either clears or doesn't. If you're already running your critical data on Snowflake, the security perimeter just stretches from "data sitting in storage" to "things AI does with that data." Same vendor relationship. Bigger scope of what that vendor controls.
And that's the catch. "Natural extension" is also how lock-in gets deeper. Snowflake already has a lot of leverage over companies that consolidated their data there. Now add agent governance on top? You'd be relying on the same vendor to hold your data and decide what AI can do with it. That's not automatically a bad thing — but it's the kind of thing you should think hard about before signing.
"Agents don't just need access to data. They need the right context, permissions and policy guardrails to operate safely inside the enterprise."
Sridhar Ramaswamy, CEO, Snowflake
The Graviton deal is about how AI agents actually run (hint: it's not GPUs)
The AWS deal is a different animal but it's tied to the same strategy. Snowflake is committing $6 billion over five years to Graviton compute and AI services — not general AWS stuff. Graviton is Amazon's custom Arm-based CPU, designed for regular cloud workloads. Not GPUs. That matters more than you might think.
Here's why: AI agents in production don't work like model training. Training is massively parallel math — great for GPUs. But a running agent? It's doing inference, calling tools, grabbing context, checking rules. That's sequential, general-purpose work. CPUs handle it just fine. The whole "GPU shortage" narrative driving most AI infrastructure spending kind of misses what it actually costs to run agents day-to-day. Snowflake's Graviton bet targets that reality.
Snowflake was already one of AWS's biggest customers before this. They've done over $7 billion in lifetime AWS Marketplace sales, with $2 billion+ in 2025 alone. This new deal locks that in and gives Snowflake priority access to Graviton capacity while it's still constrained. Not a coincidence.
Revenue is booming, which gives them permission to swing big
Snowflake posted Q1 fiscal 2027 product revenue of $1.33 billion — up 34% year over year, their strongest sequential dollar growth ever. Existing customers are spending 126% of what they spent last year. Contracted future revenue: $9.21 billion. The stock popped about 37% after hours on the combined news.
Why does the financial picture matter here? Because companies growing this fast get to make bets that would look crazy from a weaker position. The Natoma deal and the AWS commitment are only credible because the core data business is throwing off enough cash and has enough customers to give the governance play somewhere to land. If Snowflake didn't have 13,300 enterprise customers already trusting them with critical data, MCP governance through Snowflake is just a feature with no one to sell it to.
The earnings also prove something the press releases can't: AI is actually driving real platform usage, not just buzz. Products like Cortex Code and Snowflake Intelligence are showing up in consumption numbers. That's a much harder bar than blog posts, and they're clearing it.
We've seen this movie before
Enterprise software history is littered with vendors that successfully expanded their control — then became the thing companies desperately wanted to escape. The data warehouse giants of the 2000s didn't collapse because their governance was bad. They collapsed because the lock-in got unbearable once cloud economics blew up the cost model. Snowflake's own rise was partly built on companies running away from exactly that.
So if you're a CIO looking at this, the technology isn't really the question. The question is: what happens if you want out? If the relationship goes sideways, pricing changes, or somebody else offers a more open approach to MCP governance — how painful is the exit? Identity governance tied to a proprietary platform is stickier than data governance alone. Natoma inside Snowflake creates a dependency layer that doesn't exist today.
Snowflake has consistently talked up data portability and open standards — Apache Iceberg support, cross-cloud interop, all of it. Whether that openness extends to the agent governance layer, and whether it's actually written into contracts you can enforce, is the question their sales team better have a good answer for before your next renewal.
Before you let Snowflake govern your AI agents on top of storing your data, your procurement team needs one thing answered clearly: if you want to move agent governance somewhere else in three years, what does that look like? What data stays behind? Who owns the audit logs? If Snowflake can't give you a clear, enforceable portability guarantee for the Natoma layer, you're not buying a feature. You're signing up for a second layer of lock-in stacked on the first one.
- Snowflake. "Snowflake Announces Intent to Acquire Natoma, Providing Secure Connectivity For The Agentic Enterprise." Snowflake Newsroom, 27 May 2026, snowflake.com.
- Snowflake. "Snowflake Expands AWS Collaboration with $6B Commitment to Accelerate Enterprise Agentic AI Adoption." Snowflake Newsroom, 27 May 2026, snowflake.com.
- Snowflake. "Snowflake to Acquire Natoma to Bring Governed Agentic Access to the Enterprise." Snowflake Blog, 27 May 2026, snowflake.com.
- Snowflake. "Snowflake Reports Financial Results for the First Quarter of Fiscal 2027." SEC Form 8-K, 27 May 2026, sec.gov.
- Amazon Web Services. "Snowflake Expands AWS Collaboration with $6B Commitment." AWS Press Center, 27 May 2026, press.aboutamazon.com.
