Build your agent

  • Release version: Australia
  • Updated March 26, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Build your agent

    This content guides ServiceNow customers through creating and configuring an AI agent using AI Agent Studio. It covers defining the agent’s identity, capabilities, and security settings during the build phase. Proper security configuration—including access controls and role masking—is integrated into the build process to ensure secure and appropriate agent operation.

    Show full answer Show less

    Core Elements of an AI Agent

    • Agent identity: Establishes the agent’s persona, operational domain, and behavior, providing a persistent context for decision-making.
    • Descriptions: Define the skill domains of the agent by specifying request categories, trigger phrases, and instructions for handling conversations.
    • Tools: Enable the agent to perform actions and retrieve data through script tools, sub-flows, and knowledge retrievers.
    • Instructions (Prompt): The critical configuration that sets the agent’s capabilities, behavior guidelines, and constraints.

    Configuring Tools

    Tools extend the agent’s functionality and access to platform data and actions. Customers should add only necessary tools for the agent’s use case to enforce least-privilege principles. When using script tools, prefer GlideRecordSecure over GlideRecord to maintain ACL enforcement and secure data access.

    Access Controls Configuration

    Security must be configured before testing or deployment, comprising two layers:

    • Invocation Permissions (ACLs): Define who can discover and invoke the agent by setting ACLs separately for each agent and agentic workflow.
    • Data Access (User Identity): Determines what data the agent can access when invoked. Options include:
      • Dynamic user (recommended): Agent runs with the roles of the invoking user, suitable for most cases.
      • AI user: Agent runs under a dedicated AI user with fixed roles, used only when elevated access beyond the user’s roles is necessary.

    Role Masking

    If using dynamic user identity, configure role masking to restrict the roles the agent can inherit from the invoking user. This allow-list approach enforces least privilege and prevents the agent from exceeding its authorized access, even if the user has broader roles.

    Next Steps

    After building the agent, configuring tools, and setting access controls, proceed to configuring security controls to finalize the secure deployment of the AI agent.

    Create your agent in AI Agent Studio, configure its tools and knowledge sources, and set the access controls that determine who can invoke it and what data it can access.

    This phase covers the core build work in AI Agent Studio. Security configuration — access controls and role masking — is part of this phase, not a separate step. Configure it while you build the agent, not after.

    Create the agent

    Navigate to All > AI Agent Studio to begin. Every AI agent is composed of four core elements:

    Agent identity
    Defines who the agent is, what domain it operates in, and how it should behave. This is the persistent system-level context that frames every decision the agent makes.
    Descriptions
    Define the categories of requests the agent can handle. Each description has a name, trigger utterances that route conversations to it, and specific instructions. Think of descriptions as the agent's skill domains.
    Tools
    Give the agent the ability to take actions and retrieve data. Tools include script tools (server-side JavaScript), sub-flows (Flow Designer workflows), and retrievers (knowledge source searches).
    Instructions (the prompt)
    Defines who the agent is, what it can do, how it should behave, and what it must never do. This is the most important configuration artifact. See General guidelines for creating AI agents and agentic workflows for guidelines on writing effective agent instructions.

    Configure tools

    Tools give your agent the capabilities it needs to complete its tasks. Add only the tools your agent needs for its defined use case — tools expand the agent's access to platform data and actions, so limiting them to what is necessary is part of applying least-privilege principles.

    Important:
    When configuring tools, consider the access each tool requires. A script tool using GlideRecord bypasses table-level ACLs — use GlideRecordSecure instead to ensure ACL checks are enforced.

    Configure access controls

    Access controls must be configured before you test or deploy your agent. There are two distinct layers to configure:

    Who can invoke the agent (ACLs): ACLs determine which users can discover and invoke your agent. Configure a separate ACL for each agent and each agentic workflow. For instructions, see Define security controls for an AI agent for AI agents and Define security controls for an agentic workflow for agentic workflows.

    What the agent can access (user identity): User identity determines what data the agent has access to once invoked. Choose one of the following:

    Dynamic user (recommended default)
    The agent runs with the roles of the user who invoked it. Use this option unless the agent requires elevated access that the invoking user does not have.
    AI user
    The agent runs as a dedicated AI user account with fixed assigned roles, regardless of who invoked it. Use this option only when the agent needs access that cannot be granted through the invoking user's roles.

    For a full explanation of how ACLs and user identities interact across the agent, agentic workflow, and tool layers, see Implement access control in Now Assist AI agents.

    Apply role masking

    If your agent runs as a dynamic user, use role masking to define an allow-list of roles the agent can inherit from the invoking user. This enforces least-privilege access during tool execution and helps prevent agentic overreach — the agent cannot use roles beyond what is explicitly permitted, even if the invoking user has broader access.

    See Role masking in Now Assist AI agents for an explanation of how role masking works across the agent, workflow, and tool layers, and see Define security controls for an AI agent for configuration steps.

    Next step

    When your agent is built, tools are configured, and access controls are set, proceed to Configure security controls.