- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
an hour ago
Now that AI is native to ServiceNow SecOps products and no longer an add-on, a question that I have been receiving frequently is around how to prevent AI from being activated or utilized in their ServiceNow instance until they are ready.
The concern that I am hearing from customers is that someone might inadvertently turn it on, or one of their admins might not follow proper change control, or they have to show auditors who scrutinize how they are governing AI adoption, or any number of other reasons and concerns, so they need to understand how they can defer, restrict or entirely block AI from being activated in their ServiceNow instance.
Some key takeaways before I get into the details:
- AI features in ServiceNow are not active by default—they require deliberate enablement
- Admins can enforce controls at the feature, role, model, and infrastructure layer
- AI Control Tower provides centralized policy governance across the Now Platform
- Each control aligns to NIST CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond
- Organizations can demonstrate AI abstention as a documented, auditable governance decision
Bottom line up front: here are the seven ways that customers (and partners) can prevent or control AI:
- Do not enable AI features (Now Assist settings)
- Restrict access via roles
- Govern and block via AI Control Tower
- Disable models / providers / skills
- Constrain infrastructure and processing paths
- Avoid installing or activating AI capabilities
- Control usage via entitlements and tracking
1) Do not enable AI features at the application level
This is the most fundamental and widely available control.
- AI capabilities (like Now Assist) are feature-based and configurable
- Admins can:
- Turn off the Now Assist panel
- Avoid enabling AI-powered experiences or assistants
- Not activate specific skills or use cases
- Now Assist settings… provides the ability to switch on/off the Now Assist panel
- AI features require activation via assistants, skills, or experiences
AI is not automatically active everywhere—you control which experiences are enabled in your instance.
https://support.servicenow.com/kb/kb/kb/kb?id=kb_article_view&sysparm_article=KB2925671
2) Role-based access control (RBAC)
Even if AI is enabled, customers can prevent usage at the user level.
- AI features require roles (e.g., feature-specific roles for access)
- Admins can:
- Not assign roles
- Restrict usage to pilot groups only
- Access to AI experiences is controlled by assigning roles to users
You can fully gate AI behind roles—no role, no access.
https://www.servicenow.com/docs/r/application-portfolio-management/sn-otto-access-roles.html
https://www.servicenow.com/docs/r/platform-security/instance-security-hardening-settings/sc-access-c...
https://support.servicenow.com/kb/kb/kb/kb?id=kb_article_view&sysparm_article=KB2925671
3) AI Control Tower governance (enterprise-level control plane)
This is the strongest governance story, especially for regulated customers.
Core capabilities:
- Centralized governance of all AI assets
- Policy enforcement and approval workflows
- Visibility + compliance tracking
- AI Control Tower provides integrated controls that manage risk, ensure compliance, and build trust
- Enables governance workflows and approval processes for AI deployments
Specific ways it prevents AI usage:
- a) Approval workflows before deployment
- AI use cases can be blocked until reviewed and approved
Prevents AI from being activated without governance sign-off
- b) Model/provider restrictions
- Customers can allow or disallow model providers
- Can effectively “turn off” generative AI by removing or restricting models
Allow or disallow model providers… delete the model or deactivate
- c) Deactivation of skills / agents
- AI skills and agents can be:
- Deactivated
- Removed
- Marked as disapproved
Deactivate unapproved skills… delete the tool
AI Control Tower allows you to centrally govern, approve, or block any AI capability before it reaches production.
https://www.servicenow.com/products/ai-control-tower.html
https://www.servicenow.com/docs/r/intelligent-experiences/ai-control-tower/ai-model-providers.html
4) Infrastructure and data processing controls
Customers can prevent AI usage by limiting where/how it runs.
- Restrict AI processing to ServiceNow-controlled infrastructure
- Disable external model usage (Azure/OpenAI burst capacity)
- Customers can restrict processing to ServiceNow-only infrastructure via AI Control Tower
You can constrain or eliminate external AI processing paths as part of your governance model.
5) Data sharing and training opt-out
Even if AI is used, customers can prevent data usage and learning behaviors.
- Opt-out of sharing data for model improvement
- Retain functionality without contributing data
- You control whether to share anonymized Now Assist data… or opt-out completely while retaining full functionality
AI can run without your data being used to train models.
6) Deployment strategy: don’t install / don’t activate
A very practical (and common) control:
- Do not install Now Assist plugins
- Do not activate AI skills or assistants
- Keep AI out of production environments entirely
- AI features require explicit activation of assistants/skills/configurations
If it’s not installed or activated, it’s not running.
7) Subscription / entitlement control
Customers can limit usage commercially:
- AI usage is tracked (assist counts, instance-level usage)
- No entitlement → no usage
- Usage is tracked at account and instance level for compliance
AI usage is governed by entitlements—you won’t accidentally consume it.
The attached PPT shows how these map to NIST AI RMF, NIST CSF 2.0, and EU AI Act.
