At Knowledge 2026, ServiceNow is presenting a major expansion of its AI Control Tower, combined with a new security platform that builds on the acquisitions of Armis and Veza. ServiceNow sees organizations adopting AI en masse, but governance and security are still lacking. It aims to address this with kill switches in the AI Control Tower and, for the first time, also outside its own platform.
ServiceNow now describes itself as “the AI control tower for business reinvention.” The company aims to become the central platform for all AI used within an organization. This includes not only AI agents and models within ServiceNow, but every AI system, even those hosted by a hyperscaler or SaaS provider. The AI Control Tower must also gain more control to intervene; ServiceNow speaks of a true kill switch to shut down AI processes. That is ambitious and technically very challenging. During Knowledge 2026, it should become clear exactly how concrete that ambition is.
From visibility to full control
The AI Control Tower was introduced at Knowledge 2025 last year. That was the starting point, fully focused on monitoring AI within the Now platform itself. What ServiceNow is now presenting goes significantly further. The Control Tower is evolving from visibility to full governance, security, and accountability. With this, ServiceNow is not only taking a huge step forward, but it is also adding external platforms. The goal is to eliminate AI chaos.
External platforms
ServiceNow is adding 30 new enterprise integrations, enabling the discovery of AI assets across AWS, Google Cloud, and Microsoft Azure, as well as in enterprise applications such as SAP, Oracle, and Workday. Notably, the discovery also includes IoT/OT devices, for example, thereby bridging the gap to the security domain.
Real-time runtime observability
ServiceNow also offers real-time monitoring in addition to periodic audits. This will be technology-dependent, but the acquisition of Traceloop plays a major role here. Traceloop provides technology that enables runtime observability of AI agents. It can even see how an agent reasons and what decisions it makes. This is a significant difference compared to searching log files after the fact. Runtime observability, however, requires support from the managed runtime environment or modifications to the application code.
Expansion of governance
ServiceNow’s governance toolkit has been expanded with five new risk frameworks. This allows it to account for standards such as NIST and the EU AI Act. AI capabilities have been further expanded, and AI can now provide comprehensive risk analysis and propose automated solutions. Governance here extends beyond agents; it also applies to models, datasets, prompts, and machine learning.
Security
In addition to governance, ServiceNow is also paying increasing attention to security. For example, it links identity access governance to hyperscaler AI environments through integration with Veza. Every agent, every action, and every permission is tracked with an identity token. If an agent operates outside their authorized scope, the AI Control Tower can shut them down in real time. This is where the kill switch comes into play again. ServiceNow refers to this as the “kill switch” that organizations need as agents perform more critical tasks.
Costs and Token Management
Another major headache within large organizations is cost management. AI isn’t cheap, and if employees use it on a massive scale, costs must be kept under control. That’s why ServiceNow has also invested heavily in measuring those costs, not only how many tokens are being used but also what the ROI of an AI solution is. Various ROI dashboards are available for this purpose. ServiceNow already monitors 1,600 AI assets internally and, by 2025, will track half a billion dollars in cumulative AI value through its own Control Tower.
Organizations are heading toward AI chaos
ServiceNow puts it bluntly: “Organizations have more AI in production than they’ve inventoried or accounted for. And that anxiety around control, security, and trust isn’t going away.”
AI agents are now making decisions that directly impact organizations. In some cases, they make decisions in financial processes or are already taking over tasks from humans. However, most of these agents are still running without a system to control or monitor them. This is no longer a hypothetical risk. During the demo, ServiceNow shows how a prompt-injection attack on a pricing agent is intercepted. The agent is instructed to set the shipping price to one dollar and not to log this action. The AI Control Tower detects the attack and shuts down the agent. In this case, the administrator is involved in approving it, which shows that the level of autonomy is configurable. Now, adjusting shipping costs isn’t even that big a deal, but the methodology for the product price in the shopping cart is identical. That’s a whole different story.
Armis + Veza: security ambitions are getting serious
At the same time, ServiceNow is launching a new product: Autonomous Security & Risk. This combines the recently acquired technologies from Armis (cyber asset intelligence) and Veza (identity access governance) into a single platform. ServiceNow is making significant strides with its security solutions, and these targeted acquisitions certainly help in that regard.
Armis completes the asset visibility puzzle. Conventional security tools focus on IT infrastructure but struggle with OT, IoT, medical devices, industrial systems, and code at the pre-compile stage. Armis monitors without agents, enriches every asset record with firmware version, behavioral data, and live risk posture, and links that directly to the ServiceNow CMDB. That CMDB becomes much more valuable with Armis data. It provides a better picture of the attack surface.
Veza’s Access Graph maps out who or what has access to which system, down to the level of create/read/update/delete permissions. This now encompasses more than 30 billion fine-grained permissions in production environments. In a world where non-human identities already outnumber human ones, this is fundamentally different from traditional identity management.
“Zero Trust was a foundation for the cloud world,” says John Aisien, SVP of Security & Risk at ServiceNow. “I expect zero permissions to become a foundational security architecture for the agentic world.” ServiceNow certainly seems to be positioning itself for zero permissions. The key now is to make the integration of Armis and Veza as seamless as possible. What caught our attention during the demo is that ServiceNow isn’t blind to the security industry; it uses third-party observability and detection capabilities to take action. We saw Cisco Security and Fortinet, among others, already featured.
Can the AI Control Tower really monitor all AI?
Various vendors want to provide the platform or tool that will manage AI within organizations. We’ve spoken with many of these vendors in recent years, and time and again we hear that it’s very challenging to monitor and manage AI processes and agents on third-party platforms. Simply because there’s no standard for it.
ServiceNow now gives the impression of having a complete 360-degree view of all AI workloads in the enterprise, including what’s running in AWS, Google Cloud, Azure, SAP, Oracle, Workday, and those other 30 enterprise connections. We remain somewhat skeptical about this and have also asked ServiceNow for clarification.
Increasing observability
The good news is that more observability is indeed becoming available. The hyperscalers have all adopted OTEL for their agent platforms, and ServiceNow can leverage this to see exactly what an agent is doing. This allows it to see which decisions an agent makes, why it makes them, how many tokens it consumes, and, if necessary, even the prompts.
Agents running in AWS Bedrock or Azure AI Foundry include extensive built-in observability by default. In Google Agent Runtime this must be enabled, but support is available. So ServiceNow can monitor the hyperscalers’ agent platforms very effectively. If agents are running outside those agent platforms, for example, in a Kubernetes container, ServiceNow cannot monitor them out of the box.
An external kill switch requires APIs. We haven’t yet been able to determine whether the hyperscalers already have these available. An alternative method may exist, however: via Veza, an agent’s permissions can be revoked. Without permissions, an agent will crash on its own.
SaaS observability remains challenging
An even bigger question mark surrounds the SaaS providers; they are all busy with AI agents, but likely do not want to fully open up their platforms. They provide a software solution and want to sell licenses and their own AI agents, not an infrastructure. SAP has indicated it will introduce OTEL support sometime in 2026, but it is still unclear what that will look like and how comprehensive or detailed it will be. Workday has built its own observability layer, but it is not very comprehensive, operates primarily at the application level, and does not go nearly as far as the hyperscalers’ OTEL solutions. We also do not foresee a kill switch appearing anytime soon among SaaS providers, and the workaround via Veza is much more difficult on a SaaS platform.
Conclusion: big ambitions, but not without pitfalls
ServiceNow is building something the industry desperately needs: a single platform that connects AI governance to operational context, security controls, and financial accountability. The technical building blocks are impressive. The integration of Traceloop, Veza, and Armis gives ServiceNow unique data points that standalone governance tools cannot replicate.
But the promise of full governance over “any AI, any agent, any cloud” is greater than what can demonstrably be delivered today. ServiceNow needs to be clear and vocal on this, because that will shift the attention towards the SaaS players who are not open enough. It is hard to determine on which platforms ServiceNow actually has observability and control, in addition to visibility. They have everything on their own platform, but what about other SaaS tools and the hyperscalers? Where exactly does it start and end? That distinction deserves more transparency than ServiceNow currently provides. The competition isn’t standing still either, and organizations want to be able to make a fair comparison or complain to the right provider about a lack of support. What ServiceNow is presenting today is technically ambitious, and it appears to be further ahead than other players in this regard. The question remains, however, just how wide the gap is between the marketing claims and reality.
Availability
The AI Control Tower extensions will enter the Innovation Lab in May 2026, with general availability planned for August 2026. The security and risk features are already partially available as part of the broader Australia release.