Today, ServiceNow announced a series of security products, announcements, and updates to kick off the first day of its annual global conference, Knowledge 2026. This includes far-reaching updates to the AI Control Tower, and a new integrated AI-powered security solution: Autonomous Security & Risk.
Collectively, these announcements draw heavily on technology from several high-profile security acquisitions that ServiceNow has made over the last few quarters: Armis, Veza, and Traceloop. It also comes alongside a major expansion of role-specific AI specialists via the existing Autonomous Workforce offering, also announced today.
ServiceNow Announces Expanded AI Control Tower
The AI Control Tower was one of the standout announcements from last year’s Knowledge Conference. Since then, it has become fundamental to ServiceNow’s AI strategy. In principle, it enables organizations to identify, monitor, and govern AI agents across the organization.
“Enterprises are under real pressure to deploy AI and show results, but there’s a major gap between adoption and accountability… ServiceNow AI Control Tower was built for this moment: delivering unified governance across the entire enterprise AI stack, so security and control move at the speed of the business.”
– Jon Sigler, Executive Vice President and General Manager of AI Platform at ServiceNow
In a press briefing last week, Nenshad Bardoliwalla, Group Vice President (AI Products) at ServiceNow, said that today, the Control Tower acts as a “governance layer” for agentic AI. “But what we’re shipping this year goes significantly deeper,” he went on to say, “evolving from visibility and management into a full enterprise AI command center.” This transformation is the basis of today’s AI Control Tower announcements.
As such, the AI Control Tower now consists of five main ‘dimensions’, designed to enable end-to-end agentic AI governance from a single interface. These combine existing technology with new features and connectors:
- Discover: The AI Control Tower can automatically identify AI assets, enabling IT teams to build a comprehensive inventory. Today, ServiceNow has announced 30 new enterprise integrations to detect AI systems across AWS, Google Cloud, Microsoft Azure, as well as enterprise applications like SAP, Oracle, and Workday.
- Govern: This involves AI-powered risk assessment and autonomous remediation across AI agents, models, data sets, prompts, and classic machine learning models. ServiceNow has also announced five new risk management frameworks aligned to NIST and the EU AI Act.
- Secure: By extending rigorous identity management protections to AI assets, ServiceNow aims to ensure every AI tool operates within clear governance boundaries. Using technology from the recent Veza acquisition, ServiceNow will introduce Access Graph technology, scoped permissions, and least-privilege enforcement to the AI Control Tower.
- Observe: Using technology from the recent Traceloop acquisition, the AI Control Tower also delivers real-time monitoring for AI agents during runtime (i.e. while they’re being used). This will offer teams “visibility into how agents reason, where they make decisions, and when to course-correct”.
- Measure: The final dimension enables organizations to track and quantify the ROI of their existing AI agents through cost tracking and ROI dashboards. To do this, the AI Control Tower calculates token spend across various AI models like Claude or Gemini. It then provides configurable value templates that organizations can customize to compare against real business value.
This new functionality will be steadily rolled out over the next few months. AI Control Tower enhancements are expected to enter Innovation Lab in May and be released for general availability in August 2026.
Autonomous Security & Risk: A New Security Solution Powered by Armis, Veza, and Traceloop
Today, ServiceNow also announced an integrated, AI-powered security and risk solution: Autonomous Security & Risk. It combines several new security offerings, features, and tools from ServiceNow’s recent security acquisitions. ServiceNow says that these combined offerings create “one of the most complete security, risk, and compliance platforms in enterprise AI.”
“Today’s CISOs have to operate at two speeds: Neutralizing threats in real-time, while reporting risk to the board with conviction. Autonomous Security & Risk replaces that fragmented stack with a single graph that maps every identity, every permission, and every connected asset, so prevention, detection, and response happen at machine speed.”
– John Aisien, Senior Vice President and General Manager, ServiceNow
In ServiceNow’s view, today’s IT teams suffer from an acute problem. With the rollout of AI, organizations now rely on an ever-increasing set of “identities, permissions, connected assets, and decisions that require governance”. But many are still using security tools designed for a world where most digital identities belong to humans.
With Autonomous Security & Risk, ServiceNow aims to solve this problem by creating an integrated security platform to govern “every AI agent, identity, and connected asset”. Unlike the AI Control Tower, it also goes beyond AI governance by including operational technology (OT) and internet of things (IoT) assets, as well as traditional non-human identities.
Today’s announcement builds upon existing ServiceNow technology like the CMDB and Context Engine, and includes several new additions from its recent acquisitions. These rest on two major pillars:
- Cyber Asset Graph: This is primarily powered by technology from the recent Armis acquisition. This will aim to provide oversight over every IT asset in use across the organization, including pre-compiled code, IT infrastructure, operational technology, connected devices, cloud workloads, medical equipment, and AI agents.
- Access Graph: Built on Veza’s Access Graph, this provides real-time visibility into identities and access permissions. Like with the Cyber Asset Graph, it aims to do so across the full range of IT assets. It will provide a single operational framework to govern these assets, by “surfacing risk, enforcing least privilege at the point of action, triggering downstream remediation, and building the traceable institutional memory that auditors and regulators require.”
Final Thoughts
Collectively, the Armis and Veza acquisitions represented the largest and (rumored) third-largest acquisitions of all time for ServiceNow. Both were announced within a few weeks of each other at the end of 2025. Unsurprisingly, ServiceNow is keen to show how the investment is already paying off.
The acquisitions have not been without controversy, with investors showing concern about the size of the price tag. In response, ServiceNow CEO Bill McDermott has recently doubled down firmly on the company’s decision, saying, “Armis is going to be our Instagram, and I’ll tell you why… The #3 [industry] in the world is cybercrime. It’s $1T a month. We now have a situation where on the IT and the OT landscape of every major corporation, we are managing the agents and the humans, and we are managing the landscape of the threat actors.”
This shows how security is more than just a bolt-on for ServiceNow. In fact, these announcements suggest it is standing firm by these acquisition decisions and making security a fundamental part of its AI strategy through 2026 and beyond.