Snowflake announced two moves simultaneously on May 27: a definitive agreement to acquire Natoma, and a five-year, $6 billion infrastructure commitment to AWS. Neither announcement makes full sense without the other. The acquisition buys the governance layer. The AWS commitment buys the scale to run it.
Natoma’s platform is built around a centralized MCP (Model Context Protocol) gateway, the chokepoint through which AI agents make tool calls. According to Natoma’s own technical documentation, the gateway is designed to enforce identity verification, policy controls, and audit trails at the moment an agent requests access to a tool or data source. That’s the layer enterprises are missing. Most agentic deployments today route tool calls through ad hoc integrations with no central enforcement point. Natoma’s architecture puts a single policy engine between the agent and everything it can touch.
The $6 billion AWS commitment, confirmed through multiple independent reports including Pulse2.com’s coverage of the deal, is the infrastructure chassis for that governance layer. Snowflake has stated its intent to integrate Natoma’s capabilities into the Cortex platform, though no implementation timeline was disclosed. According to Snowflake, more than 7,000 corporate accounts currently use Cortex Code, the addressable base for any governance tooling that ships natively inside Cortex.
Why does this matter to enterprise teams? The MCP protocol has proliferated fast. Dozens of vendors now ship MCP servers, and enterprises that have moved quickly to deploy agentic workflows have accumulated tool integrations without any consistent identity or permissions model across them. The compliance risk is real: an agent that can call a CRM, a code execution environment, and a customer data warehouse, without centralized audit, is an enterprise liability regardless of how useful it is. Natoma’s MCP gateway is designed to solve exactly that problem, though the specific security properties of the implementation remain a vendor claim pending independent evaluation.
This is the third significant AI governance-layer acquisition in recent cycles. The pattern, SDK-layer (Anthropic/Stainless), operational context-layer (Celonis/Ikigai), and now permission-layer (Snowflake/Natoma), suggests the enterprise AI stack is being assembled through targeted M&A rather than built organically. Each acquisition fills a specific gap that enterprises can’t easily build themselves.
What to Watch
Watch the Snowflake Q2 earnings call for the first hard data on Cortex attach rates and whether the Natoma integration timeline gets disclosed. The five-year AWS commitment structure also merits attention: if Snowflake is betting $6 billion on enterprise agentic AI infrastructure, the implicit forecast is that enterprise agentic deployments reach production scale well before 2031. That’s an aggressive timeline relative to where most organizations are today.
The real story isn’t the acquisition price, terms weren’t disclosed. It’s that Snowflake is telling the market that governance tooling is now a first-party responsibility for a data cloud platform, not a third-party add-on. Whether Natoma’s gateway becomes the enterprise standard or a proprietary lock-in play is the question compliance and architecture teams should be asking before committing to the stack.