ServiceNow just made the most direct CISO play of any enterprise AI platform yet. On Tuesday at Knowledge 2026, the company launched Autonomous Security & Risk — a unified product that fuses its Armis acquisition (continuous asset intelligence across code, IT, OT, IoT, and connected devices) with its Veza acquisition (a real-time Access Graph mapping every human and non-human identity, permission, and access relationship in the enterprise) into a single security graph. The pitch, in Amit Zavery's words from the keynote: "Enterprises need AI that senses, decides, and securely acts."
The launch lands the same day Anthropic shipped its Wall Street stack, Workday formalized its agent platform reinvention, and ServiceNow itself rolled out its AI Control Tower governance playbook. But Autonomous Security & Risk is a different category fight, aimed at a different buyer. The Control Tower was the CFO's pitch — discover, govern, observe, measure ROI. Autonomous Security & Risk is the CISO's pitch — and it directly attacks the assumption that AI agents are software you secure with traditional tools.
The bet: every AI agent is now a non-human identity. The non-human identities behind enterprise AI agents already vastly outnumber human ones. Most enterprises cannot answer who approved their access, why the access exists, or whether it remains valid. ServiceNow argues the disconnected stack of CMDB tools, IGA platforms, vulnerability scanners, and incident response systems cannot close that gap — and that the only way to govern an agentic enterprise is a single graph that knows what exists and what each thing is allowed to do, in real time.
If that pitch lands, ServiceNow's $1 billion-ACV security and risk division — already one of the platform's fastest-growing segments — has a much bigger TAM by next year.
What Autonomous Security & Risk Actually Is
Strip away the Knowledge 2026 keynote choreography and the product is the integration of two recent acquisitions plus two new AI specialists, all flowing through the same workflow plane.
Armis as the asset graph. Armis brings what ServiceNow calls "continuous asset intelligence" across IT, OT, IoT, and connected devices, plus code-level inventory. The integration monitors network traffic agentless — no installed software on the endpoints, no operational disruption — and enriches asset records with device type, classification, firmware version, behavioral data, and risk posture. That telemetry flows directly into the ServiceNow CMDB, which the company explicitly frames as the upgrade from "a hitherto static inventory into a live picture of the actual attack surface." In practice: the difference between an asset list updated weekly by a discovery scan and a live feed that knows when a new IoT device joined the network three minutes ago, what it's talking to, and whether its firmware has a known CVE.
Veza as the identity graph. Veza's contribution is the Access Graph — "a continuous, real-time map of every access relationship across an enterprise environment." The single most important architectural choice here: human and non-human identities are governed inside one framework. Service accounts, OAuth tokens, API keys, agent runtime credentials, and human users are all nodes in the same graph, with edges describing what each can do to which assets. That lets ServiceNow surface risk (e.g., an AI agent service account holding privileges nobody re-approved this quarter), enforce least privilege at the point of action, and trigger downstream remediation through ServiceNow workflows.
Two new AI specialists in the Autonomous Workforce. The agentic muscle on top of the graph ships in two roles announced today:
- Vulnerability resolution specialist — autonomously addresses unresolved vulnerability backlogs end-to-end, from CVE prioritization through patch verification.
- Security operations specialist — runs SecOps workflows including phishing investigation, pre-breach and post-breach exposure management, and machine-speed threat containment.
Both specialists are explicitly built to act on the Armis+Veza graph, not just observe it. That is the line ServiceNow keeps drawing this week: from copilots (which suggest) to specialists (which complete the work). Audit trail generation for regulatory compliance is built into both.
Architecture: A2A and MCP interoperability. Autonomous Security & Risk supports the agent-to-agent protocols and the Model Context Protocol that emerged as the industry standards over the last twelve months. That matters because the platform is explicitly designed to ingest signals from third-party security tools — EDR feeds, cloud security posture managers, network detection and response — and feed its posture picture back out to those tools. The platform is the graph; the agents and the third-party tools are participants in it.
The Non-Human Identity Problem
The framing John Aisien, ServiceNow's SVP for Security and Risk, used in the announcement is the right one to internalize: "Autonomous Security & Risk replaces that fragmented stack with a single graph that maps every identity, every permission, and every connected asset."
The reason this matters in May 2026 — and not in May 2024 — is that the math has flipped. AI agents acquire access and execute decisions at machine speed. They authenticate to systems, call APIs, write to databases, and create workflows on behalf of human users. Each agent typically holds multiple service-account credentials. Each enterprise running agents in production has hundreds to thousands of these. The CSA's mid-2025 number on shadow agents was that 82% of incidents now involve token security failures from non-human identities; that ratio has not improved in 2026.
The traditional IGA (identity governance and administration) stack was designed for a world where identities were people, attestation was a quarterly HR exercise, and the worst case was a stale account that left with an employee. None of that is true anymore. The dormant service accounts behind retired AI agents are exactly the credentials adversaries are now scanning for, and they are exactly the credentials ServiceNow's launch press release calls out — "a major U.S. financial services institution eliminated 96% of dormant non-human identities" using the platform.
That number is the headline test of the product. If ServiceNow can repeatedly produce 90%+ reductions in dormant non-human identities at large enterprises, Autonomous Security & Risk does not need to win every CISO. It only needs to win enough to displace the budget line items it's targeting: standalone IGA renewal, standalone CMDB tooling, and a slice of the SOAR/EDR spend that gets absorbed into "the platform."
The Customer Numbers Are the Pitch
ServiceNow disclosed three early production deployments at the launch, each picked to hit a different vertical and a different metric.
Global energy company operating in 70+ countries: 1.2 million hours saved through security automation; 97% reduction in threat containment time. The energy vertical is OT-heavy, which is the seam Armis was acquired to address. A 1.2M-hour figure across 70 countries is not a single SOC stat — it's the sum of endpoint discovery, vulnerability triage, incident triage, and audit-prep work that previously happened by hand at each regional facility.
Major U.S. financial services institution: 96% of dormant non-human identities eliminated. This is the flagship Veza number. Financial services is the regulator-driven NHI use case — every dormant credential is an audit finding waiting to happen. A 96% reduction is the difference between an institution that can pass an OCC examination of its NHI hygiene and one that can't.
Fortune 100 aerospace manufacturer: 75% reduction in control attestation time; 85% compliance gap closure. Defense and aerospace customers operate under CMMC, ITAR, and NIST 800-171 simultaneously. Control attestation is the labor-intensive process of evidencing that each control is actually implemented; an 85% gap closure rate is the metric a CISO walks into a board meeting with.
The fourth number worth noting is the platform-level one ServiceNow disclosed: security and risk hit $1 billion in annual contract value last year, making it one of the fastest-growing segments inside ServiceNow. That is the revenue base Autonomous Security & Risk has to grow. With Armis and Veza absorbed, there is now product to back the salesforce in regulated industries that ServiceNow has historically had limited success penetrating with security alone.
The Vendor Map: Who Wins, Who Loses
ServiceNow paired Tuesday's launch with two strategic partnership announcements that tell you how the company plans to surround the product.
Microsoft Agent 365 integration. ServiceNow's AI Control Tower governance now extends across the Microsoft Agent 365 ecosystem — meaning ServiceNow AI specialists can operate within Outlook, Word, and PowerPoint while their usage is tracked and governed centrally. This is the same surface Anthropic just claimed yesterday for Claude. Two of the three biggest enterprise AI platforms now have native Microsoft 365 add-ins; the third (Google) is on the other side of the workspace battle. For CISOs, the practical implication is that the M365 surface is now a multi-vendor agent runtime, and governing it from within ServiceNow is a viable architecture pattern as long as Microsoft keeps the APIs open.
NVIDIA accelerated compute. NVIDIA's accelerated computing infrastructure is being integrated with the ServiceNow AI Platform for faster, more efficient agent deployment at scale. This is the infrastructure layer that turns ServiceNow's agent runtime into something that can serve enterprise-scale concurrency for tens of thousands of agents per customer. Less interesting as a standalone announcement; more interesting as the answer to "can ServiceNow run the agent layer for the largest customers without depending on a hyperscaler?"
The Fortinet quote. John Whittle, Fortinet's COO, contributed an explicit endorsement around the Armis acquisition: "ServiceNow's acquisition of Armis enables a powerful three-way partnership with Fortinet, advancing cybersecurity." That is Fortinet positioning itself as the perimeter feeder into the ServiceNow security graph rather than the competitor. The implicit signal: the perimeter security vendors are willing to be participants in ServiceNow's graph as long as they keep their own product franchises. Palo Alto Networks, CrowdStrike, and SentinelOne all have to decide whether they want the same arrangement.
What gets eaten. The displacement risk concentrates in three categories. Standalone IGA platforms (SailPoint, Saviynt, Okta IGA) face a direct overlap with the Veza-powered identity governance inside ServiceNow — and Veza was the cleaner-architected challenger to all three before the acquisition. Standalone vulnerability management (Tenable, Qualys, Rapid7) faces overlap with the new vulnerability resolution specialist, which doesn't just identify CVEs but works the patching workflow end-to-end. And legacy CMDB and IT asset discovery (a graveyard of 2010s products) effectively gets sherlock'd by the Armis live-asset feed plumbed into ServiceNow's own CMDB.
The category that does not get eaten — at least not yet — is the agent-side runtime where third-party AI agents are actually built. That is the Salesforce Agentforce / Microsoft Copilot Studio / Google Vertex AI battle, and ServiceNow continues to position above it as the governance layer rather than a builder.
The Enterprise Buyer's Read
Three actions for enterprise security and AI leaders, none of which require a procurement event tomorrow.
One — make the non-human identity inventory a board-level metric. If you cannot tell your board the count of non-human identities in your environment, the count of dormant ones, and the trendline on both, you are operating without instrumentation in the area where the next breach is most likely to start. Whether you fix that with ServiceNow, with standalone Veza-class tooling, or with a homegrown query against your IAM stack, the metric itself is the priority. The 96% dormant-NHI elimination number ServiceNow disclosed becomes the implicit benchmark every CISO will be compared to.
Two — re-evaluate the IGA renewal in the next 12 months. Veza inside ServiceNow is the most credible threat to the standalone IGA market in five years. If your SailPoint or Saviynt renewal is up before mid-2027, the right exercise is a comparative TCO + capability scoring against the ServiceNow alternative — even if you decide to stay. Vendor pricing power is a function of credible alternatives, and the alternative just got more credible.
Three — treat your CMDB as security infrastructure, not IT housekeeping. This is the architecture point that gets buried in the press cycle. Armis flowing live asset telemetry into ServiceNow's CMDB means the CMDB is now a real-time security data source, not a static inventory the audit team complains about. CISOs whose CMDB strategy was "the IT operations team owns it" should re-scope. The CMDB is the substrate the security graph runs on.
The deeper pattern is the same one yesterday's Anthropic launch made visible from the model side: enterprise AI is no longer a model bake-off, and it is no longer a single-product fight. Each layer of the stack — model, data, application surface, workflow, identity, asset graph — is being claimed by a different incumbent, and the integration points between them are the live competition. ServiceNow's Tuesday move is the clearest declaration yet that the security and identity layer of the agentic enterprise is up for grabs, and that the company intends to win it by being the graph that everything else plugs into.
Sources:
