Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Trending AI News

ServiceNow Tackles AI Agent Governance at Enterprise Scale

ServiceNow's Autonomous Security & Risk platform unifies AI agent, identity, and asset governance, resolving security incidents 7x faster at Knowledge 2026.

Enterprise DNA | | via ServiceNow Newsroom
ServiceNow Tackles AI Agent Governance at Enterprise Scale

As businesses rush to deploy AI agents across their operations, a new problem is emerging: nobody knows what those agents are doing, what data they can access, or who approved their permissions. ServiceNow’s response, announced on May 5 at its Knowledge 2026 conference in Las Vegas, is a platform specifically built to answer those questions.

Autonomous Security & Risk integrates two recent ServiceNow acquisitions — Armis, acquired for $7.75 billion, and Veza — into a unified governance layer that maps every AI agent, human identity, and connected asset in an enterprise environment.

The Problem It Is Solving

The scale of the visibility gap in enterprise AI is striking. Nearly half of organisations (48.9%) are entirely blind to machine-to-machine traffic and cannot monitor their AI agents. Meanwhile, 78.6% of security leaders report increased executive scrutiny of AI security risks, and 68.8% of boards are specifically concerned about sensitive data being leaked through AI prompts or models.

Non-human identities — AI agents, service accounts, bots, and automated workflows — already vastly outnumber human ones inside most enterprise environments. Yet most security tools were built to govern people, not software workers.

The result is a situation where companies are running AI agents at scale but cannot reliably answer basic questions: What can this agent access? Who authorised that permission? What did it do with the data?

What the Platform Does

Armis provides continuous, agentless asset intelligence across IT infrastructure, operational technology, IoT devices, medical equipment, cloud workloads, and code repositories. It currently tracks nearly 7 billion connected assets in real time.

Veza maps permissions across every identity in the organisation — human and non-human — at the data layer. It currently covers more than 30 billion fine-grained permissions across enterprise environments.

Together, the two systems give security teams a unified picture of what exists in their environment and who or what is permitted to interact with it. When a new AI agent is deployed, its identity, permissions, and activity become visible in the same access graph as every human employee.

ServiceNow’s own security operations team has been running Autonomous Security & Risk internally, and reports handling incidents seven times faster than their previous workflows.

What This Means for Business

The Knowledge 2026 announcements illustrate the two-sided challenge of enterprise AI right now. On one side — covered separately — ServiceNow is pushing businesses to deploy AI agents that handle IT tickets, HR queries, and business workflows autonomously. On the other side, it is building infrastructure to govern those agents before they create security and compliance problems.

For businesses considering AI agent deployments, this framing is useful. The hesitation most companies feel is not primarily about whether agents can do the work. It is about whether the organisation can maintain visibility and control over what agents do once they are running. Autonomous Security & Risk is a direct attempt to address that concern.

The 7x incident resolution improvement is significant in itself. Security teams that currently spend hours manually tracing how an incident unfolded — which identity had access, what it touched, when — can now do that in minutes when the access graph is already built.

There is also a compliance dimension. Regulatory frameworks like the EU AI Act require organisations to document AI system behaviour and maintain audit trails. A platform that automatically maps AI agent permissions and activity creates the foundation for that kind of documentation at scale.

The Governance Market Is Getting Real

The emergence of dedicated AI agent governance tooling is a signal that enterprise AI deployments have moved beyond the pilot stage. Governance infrastructure is not something organisations invest in for experiments — it is something they build when agents are doing real work with real data.

ServiceNow is not alone in this space. Microsoft’s Agent 365, which became generally available on May 1, is built around similar principles of AI agent observability and control. The pattern across major enterprise platforms is the same: build the agents, then build the infrastructure to govern them.

For business leaders still evaluating AI deployment, the existence of mature governance tooling removes one significant objection. The question of how to keep AI agents in bounds — who they can talk to, what they can access, what they can do without human approval — now has commercially available answers.

The harder question is whether organisations have the internal readiness to use those tools effectively. Governance infrastructure works when the people responsible for security, IT, and AI strategy are aligned on what they are trying to control. That alignment is still the harder problem for most organisations to solve.


ServiceNow’s Autonomous Security & Risk is available now as part of the ServiceNow platform. The announcement was made at Knowledge 2026, running May 5-7 in Las Vegas.

Working With Claude field guide cover

Free Resource

Going deeper with Claude?

Get the free 32-page implementation guide for ANZ teams.

No spam. Unsubscribe any time.