Snowflake: openness vs risk

A data platform can promise openness with one hand and still get customers burned through a partner with the other. That is the tension around Snowflake this week: it expanded support for Apache Iceberg, an open table format, just as Snowflake customer accounts were hit in a data theft campaign tied to a third-party integration. (snowflake.com) (bleepingcomputer.com) Apache Iceberg is the filing system underneath a data lake, which is a big pool of files stored outside any one database product. If multiple tools understand the same filing system, a company can move workloads around without rewriting everything for one vendor. (snowflake.com) Snowflake said on March 4, 2026 that Apache Iceberg version 3 support entered public preview. The update adds row lineage, deletion vectors, geospatial data support, nanosecond timestamps, and a flexible “variant” type for semi-structured data such as JavaScript Object Notation files. (snowflake.com) Row lineage is a receipt attached to each changed record. Snowflake says that receipt lets change-data-capture pipelines tell the difference between a new row, a deleted row, and an updated row across both Snowflake-managed and externally managed Iceberg tables. (snowflake.com) That matters because Snowflake has spent the past two years trying to look less like a sealed warehouse and more like a hub that can read and govern open data wherever it lives. TechTarget reported on April 8, 2026 that Snowflake is broadening its open-source work across data quality, integration, governance, and discovery, not just Iceberg alone. (techtarget.com) Then the security story landed. BleepingComputer reported on April 7, 2026 that more than a dozen companies suffered data theft attacks after a software-as-a-service integration provider was breached and authentication tokens were stolen, with most of the attacks aimed at Snowflake environments. (bleepingcomputer.com) Snowflake told BleepingComputer that it saw unusual activity in a small number of customer accounts linked to a specific third-party integration. Snowflake also said the attacks did not involve a vulnerability or compromise in Snowflake’s own systems, and that it locked potentially affected accounts and notified customers. (bleepingcomputer.com) The suspected weak link was Anodot, an anomaly-detection vendor that connects into customer data systems to watch for spikes and dips. BleepingComputer reported that Anodot’s status page showed all connectors down across regions, including Snowflake, Amazon Simple Storage Service, and Amazon Kinesis, after the incident. (bleepingcomputer.com) This is the tradeoff in plain English: every connector that makes data easier to share also creates another place where credentials can sit, travel, or be stolen. Open formats reduce lock-in at the storage layer, but they do nothing by themselves to secure the vendors and tokens wrapped around that data. (snowflake.com) (bleepingcomputer.com) Snowflake’s answer to a different problem is the semantic layer, which is the dictionary that tells every tool what a business term means. In a June 3, 2025 engineering post, Snowflake said semantic views store definitions for metrics, dimensions, facts, relationships, sample values, and verified queries so business intelligence tools and artificial intelligence systems answer questions using the same rules. (snowflake.com) On February 3, 2026, Snowflake added Semantic View Autopilot, which it says can build and maintain those governed definitions automatically and cut model creation from days to minutes. Snowflake also tied that work to the Open Semantic Interchange effort, which aims to make semantic definitions interoperable across vendors instead of trapped inside one business intelligence product. (businesswire.com) Put together, Snowflake is trying to standardize two layers at once: open tables for where data lives, and open semantics for what the data means. The breach story shows a third layer now matters just as much: who is allowed to touch that data through partners, connectors, and long-lived tokens. (snowflake.com 1) (snowflake.com 2) (bleepingcomputer.com)