Perhaps the most shocking stat from Knowledge 2026 was this: Non-human identities now outnumber humans 45 to one in the average enterprise.
What’s more disturbing is that most are ungoverned. The security stack most teams operate wasn't built for AI, and that’s where breaches live.
If you weren’t able to join us in Las Vegas or watch on Workflow, here's everything else security and risk leaders need to know from the event.
Autonomous security and risk
ServiceNow integrated its recent acquisitions of Armis (cyber asset intelligence) and Veza (identity governance) into the ServiceNow AI Platform as one graph covering every identity, permission, and connected asset across IT, operational technology, internet of things, code, medical devices, cloud, and AI agents.
Two new AI specialists handle vulnerability resolutions and Tier 1 Security Operations Center (SOC) investigations. Early successes include 1.2 million hours saved at a global energy company, 96% of dormant non-human identities eliminated at a major U.S. financial services institution, and 75% faster control attestations at a Fortune 100 aerospace company.
Context Engine maps every person, role, asset, service, and policy in real time. It’s the foundation AI agents need to make decisions unique to your business. These are not trained on Reddit data, but on the nuances and intricacies your organization demands. The new ServiceNow Model Context Protocol (MCP) Registry gives you a private, governed catalog of approved MCP servers, so agents connect only to what's been vetted.
Vibe coding is fast until half the resulting shadow apps in your org have bypassed governance. ServiceNow Build Agent now works in Cursor, Windsurf, Claude Code, and GitHub Copilot. Developers build wherever they prefer; audit trails, security checks, and compliance posture come by default. App Engine Management Center is now free for all customers.
Discover, approve, and monitor agent activity across ServiceNow and Microsoft ecosystems from one place. ServiceNow AI specialists also enter the Microsoft Agent 365 Marketplace as digital workers with defined roles, permissions, and metered usage tracked across both platforms.
Prabhakar Cherukuri, senior director at LTM, walked through how the company scaled generative AI (GenAI) across 90,000 users using Now Assist, AI Control Tower, and an organization-wide AI Ascend program to realize:
- 186,000 hours saved
- A 17% reduction in incidents
- Integrations with SharePoint, Copilot, and Teams driving self-help, collaboration, and case deflection
This is worth watching for any security leader building the internal case for responsible, scalable AI adoption.
1. Identity is the new perimeter, and it isn't human anymore
The 45:1 ratio was the throughline across nearly every security session. If your team still treats identity governance as an HR-adjacent problem, you're already behind. AI agents are identities. They acquire access. They make decisions. The Veza integration closes that gap inside the platform you already run.
This was the most repeated line from ServiceNow Security and Risk Product General Manager John Aisien's sessions. Most teams already know this. ServiceNow is the only platform with full business context and the execution layer to move from alert to resolution.
Each customer on stage framed governance as what made faster AI rollout possible, not what slowed it down. If you're still hearing “we'll figure out the guardrails later” from elsewhere in the business, that argument has officially aged out.
- Securing the invisible AI workforce: The flagship security session is a must-watch. It details how ServiceNow brings identity intelligence, asset visibility, and cross-enterprise workflows onto one platform so that you can close exposure across every agent, identity, and asset instead of just flagging it.
- Scaling compliance with AI: Jon Elvin, strategic risk advisor at Saifr/Fidelity Investments, and Vall Herard, CEO at Saifr.ai, discuss triaging alerts, detecting policy drift, and building trust in GenAI.
- Exploring into ServiceNow's Threat Intel Security Center: For SOCs that are drowning in feeds, this covers the lifecycle: hunting, modeling, investigation canvas, and indicator enrichment.
- Map your exposures with Security Posture Control: For teams whose exposure picture is scattered across dashboards, Security Posture Control correlates findings across siloed tools and prioritizes the gaps attackers reach first.For teams whose exposure picture is scattered across dashboards. Security Posture Control correlates findings across siloed tools and prioritizes the gaps attackers actually reach first.
Caitlin Sarian, aka Cybersecurity Girl, was on site all week. She polled attendees on which security agents and features make their lives easier. Her personal pick: the phishing agent that auto-triages and resolves false positives in seconds. Take a look at what your peers said in Caitlin's video.
Find out more about how ServiceNow can help you boost resilience with connected data, AI, and workflows.
