ServiceNow has introduced Autonomous Security & Risk, a new AI-driven platform designed to help enterprises govern AI agents, human and non-human identities, and connected assets across increasingly complex digital environments. The launch integrates capabilities from Armis and Veza, creating a unified approach to security, risk, and compliance in the age of enterprise AI.
The platform arrives as organizations face an explosion of AI-driven operations, identities, and connected systems, making visibility, governance, and real-time response critical. ServiceNow’s latest innovation positions its AI platform as a central control tower, addressing the limitations of fragmented security tools through a single, integrated system.
“Today’s CISOs have to operate at two speeds: neutralizing threats in real time while reporting risk to the board with conviction,” said John Aisien, Senior Vice President and GM, Security & Risk, ServiceNow.
A core component of Autonomous Security & Risk is Armis’ asset intelligence, which provides continuous visibility across IT, operational technology (OT), IoT devices, cloud workloads, and even AI agents. Armis enhances ServiceNow’s CMDB by transforming static inventories into dynamic, real-time views of the enterprise attack surface, enabling faster detection of vulnerabilities and anomalies.
Complementing this is Veza’s identity governance technology, which introduces fine-grained visibility into permissions and access across both human users and non-human identities such as AI agents. Its Access Graph maps who or what has access to systems, what actions they can perform, and how permissions evolve helping enforce least-privilege access and reduce risk exposure.
“As the attack surface expands, real-time visibility and control over every asset is non-negotiable,” said John Whittle, Chief Operating Officer at Fortinet.
The new platform also integrates directly with ServiceNow’s security incident response and risk management workflows, enabling automated detection, prioritization, and remediation at machine speed. This unified approach allows organizations to link asset data, identity intelligence, and risk signals into a single operational framework, improving both pre-breach prevention and post-breach response.
As AI adoption grows, enterprises are increasingly challenged by unmanaged AI identities and permissions, which often outnumber human users. Autonomous Security & Risk addresses this gap by ensuring continuous monitoring, governance, and auditability of AI-driven actions, supported by an AI Control Tower that tracks agents, enforces policies, and maintains compliance.
The platform also supports interoperability through A2A and Model Context Protocol (MCP) frameworks, allowing organizations to govern AI agents across multiple systems and vendors while maintaining a unified security posture.
Additionally, ServiceNow has introduced AI-powered security agents capable of handling vulnerability management and phishing investigations autonomously. These capabilities have already demonstrated significant efficiency gains, with ServiceNow reporting incident response times improved by up to seven times compared to traditional workflows.
With security and risk surpassing $1 billion in annual contract value, ServiceNow continues to strengthen its position in enterprise AI security. The launch of Autonomous Security & Risk underscores the growing need for integrated, AI-driven governance platforms that can keep pace with evolving threats and ensure trusted, scalable digital transformation.
