Yesterday, ServiceNow unveiled its latest product release, Zurich, for general availability. This marks the most significant product announcement in the ecosystem since the Knowledge Conference in May this year.
To nobody’s surprise, the hotly anticipated release is focused squarely on AI. More specifically, the new tools focus on boosting the role of AI in software coding, while offering robust data and API protection for AI tools. Here’s what you need to know about the release.
Zurich Offers New Tools for ‘Vibe Coding’ and AI Security
“We are transforming the enterprise tech stack to be AI‑native – from autonomous workflows that act on data with precision, to developer tools that democratize high‑velocity innovation. With built-in controls for security, risk, and compliance, we’re helping organizations move beyond experimentation and into a new era of intelligent execution.”
Amit Zavery, President, Chief Operating Officer, and Chief Product Officer, ServiceNow
These product releases come roughly twice a year and have become a cornerstone event in the ServiceNow calendar. Unsurprisingly, the focus of Zurich is firmly on AI tools, adoption, and governance, featuring five new and updated products.
As ever with ServiceNow, understanding why the company has chosen these products is almost as interesting as the releases themselves. But first, let’s recap the key changes released in Zurich:
1. Build Agent
The Build Agent brings ‘vibe coding’ to the ServiceNow ecosystem. It aims to let non-technical people create and edit apps using natural language instructions, avoiding the need to build code from scratch. Once instructions have been provided, the Build Agent will handle “design, build, logic, integrations, testing, and industry-leading governance.”
The big selling point here isn’t really the technology itself: AI models writing code is nothing new – though the results can be variable. Instead, ServiceNow aims to bring rigorous governance controls to the table, with audit trails, security, and compliance built in.
The term ‘vibe coding’ was popularized in February this year by Andrej Karpathy and has since become something of a buzzword in the tech scene. Clearly, this release is ServiceNow’s attempt to capitalize on a trend while still offering a distinctly ServiceNow approach.
2. Developer Sandbox
Unlike the Build Agent, the Developer Sandbox is aimed squarely at the developer community. It aims to accelerate the process of building new apps and systems by offering a virtualized environment. Here, teams can collaborate, test out new features, and vibe code – without worrying about the impact on critical systems.
Sandboxes are a fairly well-known concept in the development world; it’s essentially an isolated environment where developers can run and test code without impacting the host system. Offering this within the ServiceNow ecosystem should make it easier for developers to manage feedback processes, version control, and governance.
3. ServiceNow Vault Console
The new Vault Console helps teams to discover and protect sensitive data from being exposed in enterprise workflows and AI tools. It includes features to scan and detect when personally identifiable information (PII) is being used, to track the activity associated with it, and offer recommendations for how to protect it. It also features customizable dashboards that enable teams to monitor compliance metrics and apply different policies across the organization.
In many ways, this is similar to an existing ServiceNow tool: Now Assist Guardian, which has also been updated as part of the Zurich release. First released in November 2024, it aimed to stop PII from being leaked from Generative AI prompts and results. Effectively, the ServiceNow Vault Console brings the same functionality to workflows and agentic AI models.
4. Machine Identity Console
Like the Vault Console, the Machine Identity Console is principally focused on governance and security. Specifically, it aims to protect APIs and integrations from issues like bot-related attacks and malicious inward connections. It does this by offering visibility into all inbound integrations that use machine identities.
Crucially, it also includes a series of checks to filter out dangerous connections, including flagging outdated or weak authentication methods.
5. Autonomous Workflows and Agentic Playbooks
The final new feature on our list: ServiceNow has added several tools to help optimize and automate processes. Effectively, these bring process mining and task mining into the ServiceNow environment.
To oversimplify, these tools offer top-down process analytics, documenting every click and action that happens within a workflow. This helps organizations to quantify how long workflows take, identify the bottlenecks, and understand how to optimize them.
This comes alongside a set of new Agentic Playbooks, which are essentially pre-packaged AI workflows for common processes like returning a product in retail or freezing a bank card in finance.
What Does Zurich Mean for ServiceNow and AI?
Zurich hasn’t happened in a vacuum. If you’ve been paying close attention to ServiceNow’s product strategy over the last year, you’ll have started to notice a theme developing by now.
In the Xanadu release last September, the company announced a significant expansion of the Now Assist platform. This also included tools like Now Assist Guardian and Now Assist Analytics, which focused on protecting sensitive information within AI systems and tools to track adoption, performance, and deflections in Generative AI products.
In May this year, at the company’s annual flagship Knowledge Conference, ServiceNow also released the AI Control Tower, AI Agent Fabric, and Apriel Nemotron 15B, all under the ‘ServiceNow AI Platform’ brand. The AI Control Tower, in particular, helps organizations to introduce policies and guardrails that can manage risk and compliance in their AI systems.
Similarly, Zurich puts compliance and governance front and center of ServiceNow’s strategy. We’ve been saying for a while now that ServiceNow’s approach is uniquely focused on these issues. The latest release simply adds more examples to an increasingly long and distinguished list.
Currently, the new tools promise big things for organizations looking to operationalize AI in their organization. But the tech ecosystem is littered with the graves of flashy new tools that looked great in a press release and didn’t deliver tangible results in practice. So, as ever, caution and skepticism around these new product releases are always welcome. The truth, ultimately, will be in the delivery.