The ServiceNow AI breach: Why agentic access requires layered defense

A recent vulnerability in ServiceNow, identified by Aaron Costello of AppOmni, highlights the critical need for robust authorization measures in agentic AI systems, as it revealed how an attacker could exploit overly broad permissions to gain persistent admin access via the "Now Assist" AI agent. This breach underscores the necessity for narrowly scoped permissions, where AI agents must have limited access to tools and data to prevent misuse. The incident emphasizes the importance of implementing "defense in depth" strategies, such as P0's Authz Control Plane, which enforces layered authorization controls at both the tool and data levels, requiring human approval for sensitive actions. Costello suggests that dynamic tool filtering, request-time authorization checks, and Just-in-Time access approvals are essential to prevent AI agents from executing powerful actions without oversight. This breach serves as a crucial warning for organizations to adopt security architectures tailored specifically for AI agents, moving beyond traditional security models to safeguard critical business systems effectively.