We're reclaiming inactive PDIs to keep them available for active builders. Learn what's changing, who's affected, and how to protect your work. Read More

Ashley Snyder
ServiceNow Employee

 

What is AI Control Tower?

AI Control Tower is the ServiceNow control plane for discovering, governing, securing, observing, and measuring AI across the enterprise. It gives AI Stewards, risk and compliance teams, and AI asset owners a single place to maintain visibility and oversight as AI deployments grow in scope and complexity.

The June 2026 release advances three pillars in the same cycle. Discover gets broader automated coverage and new cross-ecosystem publishing capabilities. Govern gets day-one regulatory readiness through pre-built compliance content. All features in this article are generally available in the June 2026 release.

 

In this article:
✓ Q1 2026 recap: features already available
✓ Feature 1: Automated Rules for Managed Assets
✓ Feature 2: Service Graph Connector Discovery — Databricks, Snowflake, Hugging Face
✓ Feature 3: Publish to Microsoft Agent 365
✓ Feature 4: Pre-Built Compliance Content


Q1 2026 Recap

These features became generally available in Q1 2026 and are the foundation for several capabilities shipping in June.

Discover

Who this affects: AI Steward  ·  AI Asset Owner

MCP Servers in the AI Asset Inventory

MCP servers are now tracked as a governed asset type alongside models, agents, datasets, and prompts. AI Stewards can require formal approval before an MCP server can be activated for use in any agent builder application. Unapproved servers are not visible to agent builders — the control is enforced in the tooling, not just documented in policy. Once in inventory, MCP servers follow the same lifecycle, offboarding, and change request workflows available for other asset types.

Managed and Unmanaged Assets

Assets can be explicitly designated as Managed or Unmanaged, giving teams control over governance scope without losing visibility into the broader AI landscape. Only Managed assets have governance workflows, risk assessments, value measurement, and monitoring enabled. Only AI Stewards can move assets between Managed and Unmanaged states. Product Owners and other personas have visibility into Managed assets only, keeping their experience focused. Historical data and audit trail are preserved when an asset is moved out of active governance.

Salesforce Discovery

AI assets deployed in Salesforce are now discoverable through a standardized Service Graph Connector, bringing Salesforce AI into the central inventory alongside other platforms.

Enhanced AI Asset APIs

Updated APIs expose detailed asset metadata, lifecycle states and status, and risk and controls information, making it easier to integrate AI Control Tower data with external tools and workflows.

AI Asset Lifecycle: Change Management, Offboarding, and Use & Purpose

AI assets can now be formally offboarded through a governed workflow. A structured Use & Purpose field captures why an asset exists, providing the context needed for accurate risk classification and compliance assessment.

Govern

Who this affects: AI Steward  ·  Risk & Compliance Analyst

Risk-Based Classification at Intake

Risk assessment questions are now embedded in the AI asset intake form. High-risk or non-compliant submissions are automatically flagged for AI Steward review, so assets entering the CMDB carry an initial risk classification from day one — without requiring a separate triage step.

  • Risk classification (High / Medium / Low) is based on the asset's use and purpose, captured at intake.
  • Flagged submissions route automatically to the AI Steward for review before the asset is onboarded.

Anonymous Reporting of AI Cases

Users can now report concerns about AI misuse or incidents without identifying themselves, supporting whistleblowing requirements and encouraging broader participation in AI oversight.

BYOK Model Provider Governance

AI Stewards can now govern customer-configured model providers alongside ServiceNow OEM providers from a single configuration page. Data routing controls and approval enforcement at the Skill Kit level ensure that only approved providers and models are available to skill and agent builders.

Secure

Who this affects: AI Steward  ·  Security Analyst

Improper Output Handling

A runtime metric that provides two complementary guardrails for ServiceNow AI agents, surfaced under Agentic Threat Monitoring in the Security & Privacy tab in AI Control Tower. Agent deviation detection flags when an agent strays from its authorized role or constraints — including prompt injection attempts, role boundary breaches, and override attempts. Output screening scans agent outputs deterministically for PII leakage and embedded security vulnerabilities including XSS, SQL injection, and remote code execution — without additional LLM calls. Each detection includes explicit evidence and reasoning to support investigation, audits, and regulatory reviews. Configurable sampling, thresholds, and coverage are available through the Security & Privacy tab.

Security Policy Violation Detection

Surfaced under Data Model Integrity in the Security & Privacy tab — distinct from Agentic Threat Monitoring — this capability continuously scans LLM outputs across all invocation types (user, agent, and skill) against enterprise policy rules. It detects harmful content, jailbreaks, and refusal quality issues, flagging both cases where the model helps when it shouldn't and cases where it refuses when it could have safely answered. Full evidence and reasoning is included for each finding.


New in June 2026

The following features are generally available in the June 2026 (Australia) release.

01 Automated Rules for Managed Assets Discover

Who this affects: AI Steward

Managing an AI inventory at scale requires keeping priority assets under active governance without relying on manual effort. Automated Rules let AI Stewards define recurring criteria that automatically move matching assets into the Managed state — on demand or on a schedule. Define up to 10 rules with 5 active at a time — three ship out of the box.

In practice

Previously, AI Stewards had to manually review the inventory and promote assets one at a time. Automated Rules handle promotion on a schedule — the three out-of-box rules mean immediate coverage with no configuration required.

Key takeaway: Your AI inventory stays governed as it grows — without anyone manually promoting assets.

 

AutomatedRules.png

 

02 Service Graph Connector Discovery: Databricks, Snowflake, and Hugging Face Discover

Who this affects: AI Steward  ·  AI Asset Owner

Discovering AI across the enterprise requires coverage across the platforms where models and agents are actually built and deployed. This release adds three new generally available Service Graph Connector integrations, and simplifies credential management for AWS and Azure. Tenant-level credentials mean all accounts and projects are discovered automatically — no per-account credential setup required.

New connectors

  • Databricks — discover models and agents deployed on Databricks.
  • Snowflake — discover AI assets running in the Snowflake data platform.
  • Hugging Face — discover models published to or sourced from Hugging Face.

Key takeaway: Your AI inventory now reflects where models and agents actually live — not just what was manually registered.

 

Connectors.png

 

03 Publish to Microsoft Agent 365 Discover

Who this affects: AI Steward  ·  AI Asset Owner

Organizations standardizing on Microsoft Agent 365 need their ServiceNow-built agents represented in that registry. Starting this release, AI asset owners can publish a managed ServiceNow agent to the Microsoft Agent 365 directory directly from the asset record in AI Control Tower. Once published, the agent appears and can be managed in both AI Control Tower and Agent 365 — a single source of truth for governance is maintained across both registries.

In practice

Organizations standardizing on Microsoft Agent 365 previously had to register ServiceNow-built agents separately — creating duplicate records and governance gaps. The publish action on the asset record eliminates that manual step. This capability applies to managed AICT agents and is the foundation for future Agent 365 governance and enforcement, extending AI Control Tower oversight into the Microsoft ecosystem.

Key takeaway: ServiceNow agents appear in Microsoft Agent 365 without duplicate registration — governance stays in AI Control Tower.

 

365.png

 

04 Pre-Built Compliance Content Govern

Who this affects: Risk & Compliance Analyst  ·  AI Steward

Building an AI regulatory compliance program from scratch is time-consuming, and new state-level AI regulations are moving into enforcement quickly. Pre-built compliance content gives organizations ready-to-activate content packs so they can stand up a compliance program in hours rather than months. Packs are available for the California AI Act, Colorado AI Act, and EU AI Act — each including regulations, citations, control objectives, and risk statements.

In practice

Standing up an AI compliance program from scratch typically takes weeks of sourcing regulations and writing controls. These packs activate directly from the content library. Cross-framework mapping means a control tested once satisfies California, Colorado, and EU requirements simultaneously — no duplicating effort per regulation. A single control can be mapped to the California AI Act, Colorado AI Act, EU AI Act, and NIST AI RMF simultaneously.

Key takeaway: Go from zero to a working AI compliance program in hours, not months — and test a control once to satisfy multiple frameworks.

⚠️ Note: ISO 42001 content is currently in legal review and will be available in a subsequent release.

 

PreBuiltComplianceContent.png

 


June 2026 Feature Summary

# Feature Pillar What it does Who this affects
1 Automated Rules for Managed Assets Discover Automatically promote matching assets to Managed state on a schedule AI Steward
2 SGC Discovery: Databricks, Snowflake, Hugging Face Discover Expand AI inventory coverage across key ML and data platforms AI Steward, AI Asset Owner
3 Publish to Microsoft Agent 365 Discover Register managed ServiceNow agents in the Microsoft Agent 365 directory AI Steward, AI Asset Owner
4 Pre-Built Compliance Content Govern Activate California and Colorado AI Act packs; test once, comply across frameworks Risk & Compliance Analyst, AI Steward

 

Version history
Last update:
yesterday
Updated by:
Contributors