A defense-in-depth security architecture for AI agents and inference workloads — covering network isolation, identity propagation, authorization, data protection, and auditing under the EU AI Act, DORA, and NIS2.
How to exchange OIDC JWT tokens for short-lived Snowflake PATs and use them as Bearer tokens for MCP server authentication — with automatic rotation and cleanup.
How to use Postgres 17 as a transparent encryption proxy so that data stored in Snowflake is always AES-256 encrypted at the column level — with your own key, under your own control.
How to decrypt PGP/GPG-encrypted files directly inside Snowflake using Python UDFs and the pgpy library — no external compute, no middleware, no key in transit.
Tokenize PII in Snowflake so that encrypted data still looks and behaves like real data — joinable, sortable, format-correct — all with your own AES-256 key, enforced through tag-based masking policies.