Nobody Is Buying AI Anymore. They Are Buying Governance.

The enterprise AI market just told you what it actually wants, and it is not a better model.

On June 1, Snowflake and Anthropic announced accelerating momentum in their $200 million partnership. The headline number: Cortex Code, Snowflake’s coding agent that runs directly on governed enterprise data, became the fastest-growing product in Snowflake’s history. Over 7,100 users. The AI underneath isn’t unique — Claude is available everywhere. What’s unique is that it runs inside the governance layer companies already trust with their most sensitive data.

Block, Carvana, Indeed, Notion. These aren’t companies experimenting with AI. They chose where AI lives as the primary decision. Not which AI. Where.

The real purchase decision

For the last two years, enterprise AI conversations have started with the same question: which model should we use? GPT-4, Claude, Gemini, something open-source? I have watched procurement cycles burn months on this question.

The companies in Snowflake’s announcement skipped it entirely. Their question was different: how do we give AI access to our actual business data without moving that data outside the systems where it is already governed?

That is a completely different problem. And it is the one that determines whether AI makes it to production or stays in a sandbox forever.

Arnaud Weber, Block’s engineering lead, described building “an AI-native operating layer that connects intelligent reasoning directly to the trusted data powering our ecosystems.” Notice the language. He didn’t say AI strategy. He said operating layer. The work is happening in infrastructure, not capability selection.

Carvana’s SVP of Engineering said it plainly. AI is “most powerful when it can work securely with governed enterprise data inside the systems our teams already use.” Forget benchmarks. The power comes from actually touching the data that matters.

Governance is the bottleneck nobody talks about

Here is what I see in practice. Companies pilot AI on synthetic data or public datasets. The pilot works. The demo is impressive. Then someone asks: can we run this on our actual customer data, our financial records, our compliance-sensitive operations?

And everything stops.

Because nobody built the governance layer. Nobody mapped which data the AI can access, which users can invoke it, what audit trail exists, where the outputs go. The pilot assumed the data problem was solved. It never was.

Snowflake’s pitch is straightforward: Claude runs directly on your data inside Snowflake, with the same role-based access controls, the same encryption, the same compliance posture you already maintain. No data leaves the environment. No new security review required for the AI layer because it inherits the security review you already passed.

That isn’t a technology innovation. It’s an operations innovation. And it’s the reason Cortex Code grew faster than anything Snowflake has ever shipped.

Who should own this in your organization

If you are a business leader reading this, here is the practical question: who in your company owns AI governance?

Not AI strategy. Not the model evaluation. Governance. The answer to: what data can AI access, under what controls, with what audit trail, and who approved it?

In most organizations I work with, nobody owns this. The CTO owns the technology. The CISO owns security. Legal owns compliance. Data engineering owns the pipelines. AI governance falls into the gap between all four. And that gap is where pilots go to die.

The companies deploying AI at scale through Snowflake did not solve this by picking the right model. They solved it by making AI a governed data operation. Same controls as any other data operation. Same ownership. Same audit. The AI became part of the existing governance stack instead of a parallel system that needed its own review.

Block is running compliance and security investigations with Claude on governed data. Production workloads on sensitive data, inside the existing control structure. That’s not a pilot anymore.

eSentire is running autonomous Tier 1 security investigations. Their CPTO described “AI-led threat investigations” operating inside a “governed data environment.” In cybersecurity, where a false positive is expensive and a missed threat is catastrophic, they trusted the governance layer enough to let AI act autonomously.

The question that actually matters

Deloitte’s CEO framed it precisely: organizations are trying to “embed intelligence directly into their core business processes.” The center of operations. The stuff that actually runs the company.

You can’t embed intelligence into core processes without solving governance first. Every core process touches sensitive data. Every sensitive data operation requires controls — ownership, policy, audit capability.

Most companies have none of this for AI. They have it for databases, for cloud infrastructure, for SaaS applications. But AI still sits outside the existing governance model. That’s why 43% of AI initiatives fail (Gartner, 2026) — and the reason is rarely the model.

The companies pulling ahead are not buying better AI. They are buying the right to use AI on data that actually matters. That right comes from governance, not from a vendor selection committee.

If nobody in your organization owns AI governance today, you have your answer for why nothing has made it past the pilot. The model was never the problem.