In the Zurich Patch 1/Yokohama Patch 6 release, ServiceNow has released new security improvements to control access and visibility of your AI Agents and Now Assist skills.
AI Agents
Role-based access configuration options are now available directly in AI Agent Studio. It is now a required configuration in order to Save and Continue. This allows you to define who can discover and use a particular AI Agent. It then also allows you to determine what entity you want the AI Agent to run as.
When it comes to selecting the entity an AI Agent can run as, you have a decision to make: either run as a "Dynamic user" which inherits the permissions of the invoking user (default); or use a new type of sys_user called "AI user". This AI user will have your own preconfigured set of roles and will be independent of the invoking user. This is beneficial when the AI Agent needs permissions that are greater/different than the invoking user. Be aware that the ACLs on the AI Agent tools such as Flow Action, Subflow, or Skills checks against the entity this AI Agent will run as. Also, don't forget when you configure triggers in agentic workflows, that has its own set of conditions to configure.
Note: When using the Script tool or building flows with Script steps, we recommend using GlideRecordSecure() and addUserEncodedQuery() functions for better security.
NEW - In the Zurich Patch 4/Yokohama Patch 11 release with Now Assist AI Agents store app v6.0+, role-masking is enabled for added AI Agents security. It is also a required configuration. Role-masking for "dynamic user" minimizes the roles with which AI Agents can execute to a subset of the invoking user's roles.
Role masking applies to data access for agentic workflows, AI Agents, and Skills tool in that order (it applies to skills described below). For example, if role masking on agentic workflows is configured to be a subset of the dynamic user's roles, then only that subset of roles will be carried forward to perform the ACL check for its AI Agents and skill tools.
Note: You can minimize potential negative impact of an AI agent not executing as expected by configuring AI agents' tools to run in supervised mode. This will ensure human oversight for the tool's actions. You can use the Supervised mode to enhance security for agents with the capability to perform sensitive or critical actions.
You can set the supervised execution mode when creating a tool in the AI agent guided setup. For example, choose Supervised as the Execution mode when adding a catalog item tool.
Skill Kit
Users can now define access controls (ACLs) while creating or modifying skills in Skill Kit. You can do so by selecting the role(s) that a user needs to have to successfully invoke a skill.
If you have existing AI Agents or custom skills, it's recommended to review your access control for these features using our newly provided security tools.