ServiceNow
-
BodySnatcher flaw lets attackers take over ServiceNow’s AI agents
“Attackers could have effectively ‘remote controlled’ an organization’s AI, weaponizing the very tools meant to simplify the enterprise,” says Costello.
-
ServiceNow patches critical security flaw which could allow user impersonation
AppOmni, who discovered the flaw, dubbed it “BodySnatcher”.
-
ServiceNow patches critical AI platform flaw that could allow user impersonation
AppOmni’s research, which led to the vulnerability discovery, also revealed that default settings in ServiceNow’s Now Assist platform could enable second-order prompt…
-
‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
Aaron Costello, chief of security research at AppOmni, characterized this one as the “most severe AI-driven vulnerability uncovered to date.”
-
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
The disclosure comes nearly two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Assist GenAI platform.
-
BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
This blog deeply analyzes the interplay between Virtual Agent API and Now Assist enabled in this exploit.
-
Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni
28 apps secured. 37 orgs monitored. 14,600 issues resolved. See how a global airline strengthened SaaS security with AppOmni.
-
ServiceNow Agentic AI: What It Means for CISOs, SOC Analysts, SaaS Admins, and Developers
Agentic AI expands ServiceNow risk. Read why securing AI agents matters for CISOs, InfoSec, SOC, admins, and IT leaders.
-
AppOmni Launches Real-Time AI Security for ServiceNow
AppOmni launched AgentGuard, real-time AI security for ServiceNow’s Now Assist agents.
-
AppOmni Expands AI Security with Agentic AI Security for ServiceNow
See how AppOmni AgentGuard defends ServiceNow AI agents from prompt injection and access risks, building trust and compliance across platforms.
