Author: Ryann Slone, Senior Marketing Manager, AppOmni
-
BodySnatcher flaw lets attackers take over ServiceNow’s AI agents
“Attackers could have effectively ‘remote controlled’ an organization’s AI, weaponizing the very tools meant to simplify the enterprise,” says Costello.
-
ServiceNow patches critical security flaw which could allow user impersonation
AppOmni, who discovered the flaw, dubbed it “BodySnatcher”.
-
ServiceNow patches critical AI platform flaw that could allow user impersonation
AppOmni’s research, which led to the vulnerability discovery, also revealed that default settings in ServiceNow’s Now Assist platform could enable second-order prompt…
-
‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
Aaron Costello, chief of security research at AppOmni, characterized this one as the “most severe AI-driven vulnerability uncovered to date.”
-
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
The disclosure comes nearly two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Assist GenAI platform.
-
NIST releases draft AI cybersecurity framework profile to guide secure AI adoption
“This Cyber AI Profile is great guidance for those who don’t have much expertise in AI security.”
-
Top 25 Most Dangerous Software Weaknesses of 2025 Revealed
When weaknesses like missing authentication, improper access control and authorization bypass, all climb or enter the Top 25, it’s a signal that…
-
Inside the AI-powered assault on SaaS: why identity is the weakest link
Martin Vigo from AppOmni explains why AI makes identity the easiest, and deadliest, SaaS attack vector.
-
Should you stop logging in through Google and Facebook? Consider these SSO risks vs. benefits
“You’re right that ‘Sign in with Google/Apple/etc.’ centralizes risk,” said Cory Michal, chief security officer at AppOmni.
-
Gemini for Chrome gets a second AI agent to watch over it
AppOmni disclosed last month that ServiceNow’s AI agents could be manipulated with one agent recruiting others to perform unauthorized actions.
