AI Skills AI技能 4h ago Updated 1h ago 更新于 1小时前 46

My CoWork Agent Burned Through $800 in Credits Before Anyone Noticed 我的 CoWork 代理在无人察觉的情况下烧掉了 800 美元积分

A single unbounded CoWork agent session consumed $800 in credits due to infinite reasoning loops, highlighting critical risks in autonomous agent compute consumption. Snowflake’s CoWork RBAC strictly enforces the user's default role for all agent interactions, requiring specific granular grants for semantic views, search services, and agents themselves. Effective cost governance requires a layered approach combining statement timeouts, warehouse isolation, and resource budgets with automated thr Snowflake CoWork Agent因缺乏运行时长限制导致单次测试消耗800美元算力信用额,凸显了Agent推理循环带来的成本失控风险。 CoWork采用基于用户默认角色的RBAC权限模型,严格隔离数据访问与工具调用权限,确保Agent无法获取超出用户范围的特权。 官方提供资源预算(Resource Budgets)和Cortex AI函数使用历史视图,支持按月设定信用额上限及细粒度的Token级成本监控。 有效的成本治理需结合语句超时设置、计算仓库隔离以及资源预算限制,形成多层防护体系以应对多工具调用的复杂性。

65
Hot 热度
70
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • A single unbounded CoWork agent session consumed $800 in credits due to infinite reasoning loops, highlighting critical risks in autonomous agent compute consumption.
  • Snowflake’s CoWork RBAC strictly enforces the user's default role for all agent interactions, requiring specific granular grants for semantic views, search services, and agents themselves.
  • Effective cost governance requires a layered approach combining statement timeouts, warehouse isolation, and resource budgets with automated threshold actions.
  • The CORTEX_AI_FUNCTIONS_USAGE_HISTORY table provides essential token-level cost visibility per query, model, and user, enabling precise monitoring of AI spend.
  • Distinction between CORTEX_USER (broad access) and CORTEX_AGENT_USER (agent-only access) is vital for minimizing privilege escalation and securing enterprise environments.

Why It Matters

This case study serves as a stark warning for AI practitioners deploying autonomous agents: without strict guardrails on execution time and tool usage, agents can incur exorbitant costs through recursive loops. It underscores the necessity of implementing robust governance frameworks, including budget controls and precise RBAC configurations, to ensure that AI initiatives remain financially sustainable and secure within enterprise data ecosystems.

Technical Details

  • Cost Incident Analysis: An agent with broad tool access (semantic views, Cortex Search, SQL execution) entered a 47-minute reasoning loop, generating an $800 bill. The root cause was the absence of configuration limits on execution duration rather than data access violations.
  • RBAC Configuration: CoWork interactions run under the user’s default role. Proper setup requires granting USAGE on databases/schemas, SELECT on semantic views, USAGE on Cortex Search services, and USAGE on the Agent object itself. A common error is using USAGE for semantic views or incorrect keywords for agent creation.
  • Privilege Granularity: Snowflake offers distinct database roles: SNOWFLAKE.CORTEX_USER grants access to all Cortex features, while SNOWFLAKE.CORTEX_AGENT_USER restricts access to agents only, allowing for tighter security postures.
  • Monitoring and Governance Tools: The CORTEX_AI_FUNCTIONS_USAGE_HISTORY table (General Availability March 2026) enables per-query, per-model, and per-user token-level cost tracking. Combined with statement timeouts and warehouse isolation, these form a comprehensive cost control strategy.
  • Resource Budgets: General Availability for Cortex Agents and CoWork includes monthly credit limits with automated actions when thresholds are reached, providing a proactive mechanism to prevent runaway costs.

Industry Insight

  • Implement Hard Limits Early: Organizations must configure statement timeouts and resource budgets before deploying agents in production. Relying solely on human oversight is insufficient given the speed at which agents can consume resources.
  • Audit Tool Access Policies: Review agent tool permissions rigorously. Broad access to multiple semantic views and search services increases the attack surface for both cost overruns and potential data exposure. Principle of least privilege should apply to tool invocation, not just data access.
  • Leverage Usage History for FinOps: Integrate CORTEX_AI_FUNCTIONS_USAGE_HISTORY into financial operations (FinOps) dashboards. Token-level visibility allows teams to identify inefficient agent behaviors or expensive models early, optimizing AI spend before it escalates.

TL;DR

  • Snowflake CoWork Agent因缺乏运行时长限制导致单次测试消耗800美元算力信用额,凸显了Agent推理循环带来的成本失控风险。
  • CoWork采用基于用户默认角色的RBAC权限模型,严格隔离数据访问与工具调用权限,确保Agent无法获取超出用户范围的特权。
  • 官方提供资源预算(Resource Budgets)和Cortex AI函数使用历史视图,支持按月设定信用额上限及细粒度的Token级成本监控。
  • 有效的成本治理需结合语句超时设置、计算仓库隔离以及资源预算限制,形成多层防护体系以应对多工具调用的复杂性。

为什么值得看

本文通过真实的“烧钱”案例,揭示了企业级AI Agent在部署初期面临的最大非技术性障碍:成本控制与权限管理。对于正在构建或集成Snowflake CoWork的AI从业者而言,它提供了从权限配置到成本监控的完整最佳实践模板,避免了因配置疏忽导致的巨额账单。

技术解析

  • 权限模型与RBAC陷阱:CoWork Agent的执行权限继承自用户的默认角色(Default Role),而非会话角色。常见错误包括混淆Semantic View(需SELECT而非USAGE)、Cortex Search Service(需USAGE)以及Agent对象本身(需USAGE且关键字为AGENT而非CORTEX AGENT)。
  • 成本失控机制:当Agent拥有广泛工具访问权(如语义视图、搜索服务、SQL执行)时,若未设置超时或迭代次数限制,容易陷入“查询-评估-再查询”的推理循环,导致算力指数级增长。
  • 监控与治理工具:利用CORTEX_AI_FUNCTIONS_USAGE_HISTORY表可实现按查询、模型和用户维度的Token级成本可见性;同时通过GA版的Resource Budgets功能,可设置月度信用额阈值并触发自动化动作。
  • 最小权限原则实施:通过区分SNOWFLAKE.CORTEX_USER(全功能访问)和SNOWFLAKE.CORTEX_AGENT_USER(仅Agent访问),可进一步收紧权限,防止用户滥用其他Cortex AI功能。

行业启示

  • 从“功能可用”转向“运营可控”:企业引入AI Agent时,必须同步建立类似传统IT的资源配额和超时熔断机制,将成本控制纳入Agent设计的核心约束条件。
  • 权限治理需精细化至工具层:AI Agent的权限管理不仅限于数据行级安全,还需细化到对特定工具(如SQL执行器、外部API连接器)的访问控制,遵循最小权限原则。
  • 建立全链路可观测性:在Agent进入生产环境前,必须部署细粒度的日志记录和成本追踪系统,以便快速定位异常行为并进行审计,避免“黑盒”运行带来的财务风险。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Agent Agent Security 安全 LLM 大模型