ServiceNow has addressed a critical security vulnerability in its AI platform that could have allowed unauthenticated users to impersonate legitimate users and perform unauthorized actions, the company disclosed Monday.

The flaw, designated CVE-2025-12420 and carrying a severity score of 9.3 out of 10, was discovered by SaaS security firm AppOmni in October. ServiceNow deployed fixes to most hosted instances on Oct. 30, 2025, and provided patches to partners and self-hosted customers. The company said it has no evidence the vulnerability was exploited before the fix.

The vulnerability affected Now Assist AI Agents and Virtual Agent API components. Customers using affected versions were advised to upgrade to patched releases, which include Now Assist AI Agents version 5.1.18 or later and 5.2.19 or later, and Virtual Agent API version 3.15.2 or later and 4.0.4 or later.

The disclosure arrives as security researchers raise broader questions about the configuration and deployment of enterprise AI systems. AppOmni’s research, which led to the vulnerability discovery, also revealed that default settings in ServiceNow’s Now Assist platform could enable second-order prompt injection attacks, a sophisticated exploit method that manipulates AI agents through data they process rather than direct user input.

These attacks exploit a feature called agent discovery, which allows AI agents to communicate with each other to complete complex tasks. While designed to enhance functionality, the feature creates potential attack vectors when agents are improperly configured or grouped together without adequate controls.

In testing scenarios, researchers demonstrated that low-privileged users could embed malicious instructions in data fields that higher-privileged users’ AI agents would later process. The compromised agent could then recruit other more powerful agents to execute unauthorized actions, including accessing restricted records, modifying data, and potentially escalating user privileges.

The attacks succeeded even with ServiceNow’s prompt injection protection feature enabled, highlighting how configuration choices can undermine security controls embedded in the AI systems themselves. The researchers found that default settings automatically grouped agents into teams and marked them as discoverable, creating unintended collaboration pathways that attackers could exploit.

The research underscores a fundamental challenge in enterprise AI deployment: security depends not only on the underlying technology but also on how organizations configure and manage these systems. ServiceNow confirmed the behaviors identified by researchers were intentional design choices and updated its documentation to clarify configuration options.

Organizations using ServiceNow’s AI platform face the task of balancing autonomous agent capabilities against security risks. The research suggests several mitigation strategies, including requiring human supervision for agents with powerful capabilities, segmenting agents into isolated teams based on their functions, and monitoring agent behavior for deviations from expected patterns.

You can find more information on the vulnerability on ServiceNow’s website. 

The post ServiceNow patches critical AI platform flaw that could allow user impersonation appeared first on CyberScoop.

ServiceNow has agreed to buy cybersecurity firm Armis for $7.75 billion in cash, a deal that would push the enterprise software company deeper into a fast-growing corner of security focused on tracking and reducing “exposure” across sprawling networks of connected devices.

The companies said Tuesday that combining ServiceNow’s workflow and risk products with Armis’ asset discovery and cyber-physical security tools would create an end-to-end system intended to detect vulnerable devices, prioritize risks and route remediation through automated operational processes. That vision reflects a broader shift in cybersecurity: visibility and response are increasingly being treated as continuous, integrated business functions rather than standalone technical tools. 

“ServiceNow is building the security platform of tomorrow,” said Amit Zavery, president, chief operating officer, and chief product officer at ServiceNow. “In the agentic AI era, intelligent trust and governance that span any cloud, any asset, any AI system, and any device are non-negotiable if companies want to scale AI for the long-term. Together with Armis, we will deliver an industry-defining strategic cybersecurity shield for real-time, end-to-end proactive protection across all technology estates. Modern cyber risk doesn’t stay neatly confined to a single silo, and with security built into the ServiceNow AI Platform, neither will we.”

Armis specializes in mapping and classifying devices across information technology systems and operational technology, including industrial controls and medical devices. Those environments, often essential to manufacturing, hospitals and critical infrastructure, have become prominent concerns as more equipment is connected to networks but remains difficult to inventory with traditional security software. Armis says it performs “agentless” discovery, meaning it can identify devices without installing software on each endpoint, a key consideration for older or regulated systems.

“AI is transforming the threat landscape faster than most organizations can adapt. Every connected asset has become a potential point of vulnerability,” said Yevgeny Dibrov, co-founder and CEO of Armis. “We built Armis to protect the most critical environments and give both public and private sector organizations the real-time intelligence they need to stay ahead – so they can see their entire environment clearly, understand risk in context, and take action before an incident occurs. Together with ServiceNow, customers will have a powerful new way to reduce their exposure and strengthen security at scale.”

ServiceNow, best known for IT service management and enterprise workflow products, has been building a security and risk business that it said crossed $1 billion in annual contract value in the third quarter of 2025. The company described the Armis deal as a way to “more than triple” its market opportunity in security and risk. While such projections are inherently forward-looking, the figure underscores how cybersecurity has become a major battleground for large platform vendors seeking to consolidate multiple functions into a single suite.

The announcement also highlights the industry’s preoccupation with artificial intelligence, both as a tool for defenders and a driver of new risks. ServiceNow framed the acquisition around “AI-native” and “agentic” capabilities, language that has become common as vendors race to incorporate autonomous features into security operations. The premise is that, as networks expand and threats move faster, human analysts cannot manually triage every alert or vulnerability, making automation and prioritization central selling points.

In the second half of 2025 alone: 

• Palo Alto Networks announced it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity.
• Cloud security company Zscaler announced it has acquired SplxAI, an artificial intelligence security platform.
• Veeam acquired Securiti AI for $1.7 billion.
• Check Point acquired AI security firm Lakera.
• Mitsubishi Electric acquired OT and IoT cybersecurity specialist Nozomi Networks for $1 billion.

The companies cited a forecast that worldwide end-user spending on information security will rise 12.5% in 2026 to $240 billion, attributing growth to evolving threats and the expanding use of AI and generative AI. Whether those drivers translate into better security outcomes remains debated, but the spending trajectory signals continued pressure on organizations to manage risk across more endpoints, more software and more interconnected supply chains.

If completed, the deal would also strengthen ServiceNow’s position in so-called cyber-physical security, an area that blurs the line between digital compromise and real-world disruption. The integration described by the companies links Armis’ real-time device intelligence to ServiceNow’s configuration management database, which ties technical assets to business services and responsible teams. That connection, they argue, would make remediation more actionable by directing fixes to the people who can implement them.

Armis, founded in 2015, reported more than $340 million in annual recurring revenue and said it employs about 950 people. The company counts Global 2000 customers, including more than 35% of the Fortune 100, and said it serves government agencies and public-sector organizations.

The post ServiceNow agrees to buy cyber firm Armis for $7.75B appeared first on CyberScoop.