A serious security vulnerability has been identified in the IT service management platform ServiceNow, triggering concern across the cybersecurity community. Some experts have described it as one of the most severe AI-related weaknesses found in enterprise software. The flaw affected AI-powered features and could have allowed attackers to gain unauthorised access, impersonate users, and potentially compromise connected systems and sensitive data.
ServiceNow is widely used by Fortune 500 companies for core operations such as IT support, human resources workflows, security response, and customer service. Due to its deep integration into business systems, any weakness in its platform, especially in AI-driven components, carries significant risk for organisations.
The issue was linked to how ServiceNow’s AI tools, including the “Virtual Agent” chatbot and agentic AI features, were implemented. These tools are designed to automate tasks and allow users to interact with the platform using natural language. Researchers from SaaS security firm AppOmni found that weak authentication and improper access controls made the system vulnerable.
In the affected setup, a universal credential string used for third-party authentication was the same across all ServiceNow instances. This was combined with an authentication process that checked only a user’s email address, without requiring a password or multi-factor authentication. As a result, attackers who knew a tenant’s ServiceNow URL could impersonate legitimate users, including administrators.
Once access was gained, the AI agent could be misused to carry out high-level actions. During testing, researchers were able to create a new administrator account. Such access could allow attackers to take control of the ServiceNow environment and exploit its integrations with other enterprise systems such as Salesforce, Microsoft platforms, and security tools.
ServiceNow confirmed the vulnerability and fixed it in late October 2025. The company rotated the shared credential, updated the affected AI agent code, and rolled out security patches across most hosted environments. Updates were also shared with customers running on-premises deployments.
The affected components included Now Assist AI Agents and the Virtual Agent API. Secure versions include AI Agents 5.1.18 and above or 5.2.19 and above, and Virtual Agent API 3.15.2 and above or 4.0.4 and above. Customers have been urged to apply updates immediately.
While ServiceNow said it has not seen evidence of active exploitation, experts stress that AI-driven platforms require strong identity controls, limited privileges, and continuous monitoring to reduce future risks.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
