AIQu VEIL for Snowflake
AIQu VEIL encodes sensitive feature columns into latent vectors. Masking policies enforce this at query time. Analysts see encoded vectors. Admins see raw data. No data leaves your Snowflake account.
Use cases
Section titled “Use cases”Protect sensitive features for ML. Prices, dimensions, behavioral signals are encoded into vectors that preserve statistical properties but can’t be reversed to raw values.
Share data without exposing raw features. Encoded views let external parties or cross-functional teams work with protected data.
Replace manual anonymization. Apply a masking policy once. Every query through the view is encoded automatically.
How it works
Section titled “How it works”Train an autoencoder on your data. VEIL creates a secure view with a masking policy on the features column. Non-privileged roles get encoded vectors. Admins get raw values. Training runs inside your account on CPU or GPU.
| Role | Access |
|---|---|
app_admin | Train encoders, create views, manage services, schedule retraining |
app_user | Query views, call encode function |
app_admin inherits app_user.
GRANT APPLICATION ROLE <app_name>.app_admin TO ROLE my_admin_role;GRANT APPLICATION ROLE <app_name>.app_user TO ROLE my_analyst_role;Compute
Section titled “Compute”| Service | Default | Options |
|---|---|---|
| Encoding | CPU_X64_XS | Scales to 3 replicas. Larger instance families available. |
| Training | CPU | GPU optional. One job at a time. |
All compute is provisioned by the app.
Privileges
Section titled “Privileges”Five privileges requested through Snowsight at install. Services start once all are granted.
| Privilege | Purpose |
|---|---|
| CREATE COMPUTE POOL | CPU and GPU pools |
| BIND SERVICE ENDPOINT | Route queries to encoding service |
| CREATE WAREHOUSE | Read training data |
| EXECUTE TASK | Scheduled retraining and billing |
| EXECUTE MANAGED TASK | Serverless scheduled tasks |
Masking policies require no additional privilege. The app owns the policies and the views.