Author: Ryann Slone, Senior Marketing Manager, AppOmni
-
In Other News: FortiSIEM Flaw Exploited, Sean Plankey Renominated, Russia’s Polish Grid Attack
BodySnatcher is an agentic AI hijacking vulnerability affecting ServiceNow, discovered by AppOmni and fixed by ServiceNow in October 2025.
-
News brief: Security flaws put thousands of systems at risk
Aaron Costello, chief of security research at AppOmni, highlighted the exploit’s severity, calling it the most severe AI-driven vulnerability to date.
-
Breach Roundup: Software Update Caused Verizon Outage
AppOmni, which disclosed the issue, said the flaw lets an attacker use only a victim’s email address to spoof identity.
-
BodySnatcher flaw lets attackers take over ServiceNow’s AI agents
“Attackers could have effectively ‘remote controlled’ an organization’s AI, weaponizing the very tools meant to simplify the enterprise,” says Costello.
-
ServiceNow patches critical security flaw which could allow user impersonation
AppOmni, who discovered the flaw, dubbed it “BodySnatcher”.
-
ServiceNow patches critical AI platform flaw that could allow user impersonation
AppOmni’s research, which led to the vulnerability discovery, also revealed that default settings in ServiceNow’s Now Assist platform could enable second-order prompt…
-
‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
Aaron Costello, chief of security research at AppOmni, characterized this one as the “most severe AI-driven vulnerability uncovered to date.”
-
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
The disclosure comes nearly two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Assist GenAI platform.
-
NIST releases draft AI cybersecurity framework profile to guide secure AI adoption
“This Cyber AI Profile is great guidance for those who don’t have much expertise in AI security.”
-
Top 25 Most Dangerous Software Weaknesses of 2025 Revealed
When weaknesses like missing authentication, improper access control and authorization bypass, all climb or enter the Top 25, it’s a signal that…
