ServiceNow AI Platform core feature release notes

Release version: Australia

Updated March 12, 2026

6 minutes to read

Summarize

Summarized using AI

Summary of ServiceNow AI Platform Core Feature Release Notes - Australia Release

The Australia release of the ServiceNow AI Platform® core features introduces significant enhancements that improve security, usability, and configuration flexibility across the platform. These updates help ServiceNow customers strengthen instance security, control user and guest access, and leverage new tools for managing dynamic data schemas and API interactions. The release also deprecates legacy user interfaces in favor of the modern Next Experience UI.

Show full answer Show less

Key Features

Granular Read-Only Security Controls: Enhanced protections for read-only fields allow administrators to configure whether these fields can be updated via client scripts or server operations, balancing security with flexibility. This includes new options like strictreadonly and clientscriptmodifiable, which can be tested in non-production environments before production deployment.
Guarded Script Evaluator: Improves sandbox script security by restricting JavaScript features and APIs available to untrusted client-generated scripts. Incompatible scripts from guest users are rejected by default, with phased enforcement for authenticated users to facilitate script review and remediation.
Dynamic Schema Enhancements: Support for reference data types in dynamic attributes and improved Workspace condition builder integration allow better filtering and configuration of dynamic schema elements.
API Access and Security Controls: New path-based ACLs enable fine-grained control over guest user access to REST and GraphQL API endpoints. Support for optional trailing slashes in REST APIs and automated request definition generation streamline API security and configuration.
Improved User Experience Features: Introduction of an AI indicator in forms highlights AI-generated content, while the new Address field type offers real-time auto-suggestions to reduce manual entry errors. Users can also select country, date, and time preferences with expanded locale support.
JavaScript Engine and Scripting Updates: The platform now supports ECMAScript 2021 (ES12) features and incorporates updates from the Rhino engine, enabling more modern scripting capabilities within applications.
Session-Based Guest Access: Enables tracking and restricting guest user actions on records created or modified during their sessions, enhancing security for public forms and portals.
Scope Boundary Enforcement: New dot-walk scoping security properties strengthen control when accessing reference fields across application scopes.
Accessibility Improvements: The Format Painter plugin for the TinyMCE HTML editor supports consistent formatting and keyboard navigation, aiding users with cognitive disabilities and low vision.

Important Upgrade Information

Customers upgrading from Xanadu or Yokohama releases will have their dynamic schema applications automatically migrated to the updated Zurich framework. It is recommended to review the Dynamic Schema Zurich Migration Guide for any manual steps.

Legacy UIs (UI11 and UI15) are deprecated and no longer supported; customers should transition to the Next Experience UI for a modern and unified interface.

Plugin and Feature Changes

Deprecations: The Form Designer plugin is planned for deprecation in the upcoming C release, with Form Builder recommended as its replacement. Subscription Management is planned for deprecation in August 2026, and customers should update to the latest Subscription Management application.
System Property Security: Several Glide system properties that impact security are now set to secure defaults to protect instances.

Practical Benefits for ServiceNow Customers

Enhanced platform security through granular field controls and script evaluation safeguards.
Improved user and guest access management to APIs and data records, reducing risk from unauthorized actions.
Greater flexibility and accuracy in data entry and schema management, enabling more dynamic and user-friendly interfaces.
Modernized scripting environment supporting current JavaScript standards for more efficient development.
Accessibility enhancements that provide a better experience for all users, including those with disabilities.
Clear upgrade path with guidance on deprecated features and tools, ensuring smooth transitions to supported functionality.

The ServiceNow AI Platform® core features provide configurations for applications and other parts of the ServiceNow AI Platform. The ServiceNow AI Platform core features were enhanced and updated in the Australia release.

ServiceNow AI Platform core features highlights for the Australia release

Control whether read-only fields can be updated through client scripts and server-side operations by configuring read-only options.

See Administer the ServiceNow AI Platform for more information.

Important information for upgrading ServiceNow AI Platform core features to Australia

The dynamic schema application framework was revised in the Zurich release. If you implemented dynamic schema in the Xanadu or Yokohama releases, the application is automatically migrated to a new framework as part of the upgrade to releases starting with the Zurich release. For details on the migration and steps you might need to perform, see the Dynamic Schema Zurich Migration Guide [KB2146133] article in the Now Support Knowledge Base.

The Australia release introduces enhanced protections for read‑only fields across the ServiceNow AI Platform®. These changes include a new “read_only_option” field with granular control levels, including “strict_read_only” and “client_script_modifiable". The changes occur in the back end and maintain backward‑compatible behavior. This update helps strengthen your instance security while preserving the flexibility you need. Refer to KB2718122 for additional technical details on how to identify affected fields and adjust their settings. For more information about granular read-only security options, see Configuring read-only security options.

New in the Australia release

Enhance instance security for sandbox scripts with guarded script: The guarded script evaluator restricts the JavaScript features and APIs available to untrusted, client-generated scripts running in the script sandbox environment. Beginning with the Australia Patch 2 release, incompatible scripts sent to the server by guest users are rejected on all instances by default. Scripts sent by authenticated users are evaluated using a phased approach to enforcement that varies by the type of instance to provide time to detect and review incompatible scripts before rejecting them. Scripts that use unsupported features are recorded in the Incompatible Guarded Scripts list, where you can rewrite them or create exemptions for scripts that can't be rewritten.
Granular read-only security options: Control the editability of read-only fields by configuring read-only options, allowing for customized behavior that balances usability and security. Read-only options provide granular control over whether read-only fields can be updated through client scripts and server-side operations. You can also test stricter read-only controls in non-production instances before implementing them in production.
Support for reference data types in Dynamic Schema: Create dynamic attributes using reference data types.
Work with Dynamic Schema elements in the Workspace condition builder: Filter Workspace lists using dynamic schema elements in the condition builder.
Toggle the mail icon display: Show or hide the mail icon in email fields by configuring the hide_email_icon dictionary attribute.
AI indicator in forms: Easily identify AI involvement across the ServiceNow AI Platform® through a visual cue that identifies form fields in configurable workspace and Core UI that have been updated with AI-generated content.
Guest API access control: Manage guest access to REST and GraphQL API endpoints using path-based ACLs while maintaining separate authenticated user controls.
Granular admin roles: Grant specific permissions to developers or users who perform minor administrative tasks without granting them unrestricted access to the full admin role by reviewing and assigning available granular admin roles.
Optional trailing slash configuration: Align with external specifications and industry standards by configuring REST APIs with optional trailing slash support.
Path-based REST ACL control: Control access to REST services by creating path-based ACLs using specific HTTP method and path combinations.
Automatically generate request definitions for scripted REST API resources: Use sample requests made to an API resource to generate request header associations, query parameter associations, and a request schema for that resource and the related scripted REST API service.
Resource-level security configuration: Enable public access or custom ACL authorization by configuring resource-level security settings.
Address field type with auto-suggestions: Reduce manual entry errors through a new Address field type for Core UI and Workspace forms, which provides real-time address suggestions displayed as you type.
New dot-walk scoping security properties and table attribute: Strengthen scope boundary enforcement when dot-walking across application scopes using Reference Fields through additional properties and a table attribute. For more information, see the Dot-Walk Scoping Security Enhancement [KB2793170] article in the Now Support Knowledge Base.

Changed in this release

Country setting added to Language and Region preferences: Users can select their country from the Next Experience language and region preferences.
New options for date and time format in the User record: Users can select from new options for Date format and Time format in the User record.
Control whether date and time formats reflect the user locale by default: Configure date and time formats to reflect the user locale when no date or time format has been selected in user preferences through the glide_i18n.date.default_to_locale system property.
Control how to set the language for guest users: Use a guest user's IP address to set their language through the glide_i18n.ip_geolocation system property.
Activate additional choices for countries: Activate additional choices for countries in the Next Experience language and region preferences or in a User record.
ECMAScript 2021 (ES12) JavaScript mode supports additional scripting features: Use additional scripting features in applications or scripts that use the ECMAScript 2021 (ES12) JavaScript mode.
JavaScript engine updated with changes from the Rhino engine: The JavaScript engine on the ServiceNow AI Platform was updated to incorporate changes from the open-source Rhino JavaScript engine.
New Normalization Data Services system property: Create duplicate records in core_company extension tables by setting the com.glide.acl_check_all_filter_on_new system property to true to reference account records.
System properties secured by default: Glide properties that can impact instance security are set to secure values by default. For more information about which system properties are affected and why, see the Glide Property Hardening [KB1982254] article in the Now Support Knowledge Base.
Tracking records in unauthenticated users' sessions: Track records created, modified, or deleted by unauthenticated users to enable session-based ACL access on public forms, portals, or workflows.
Manage guest user access to records: Restrict guest user access to records they created or updated during their current session using the 'is in session' condition builder on the ACL form for Sys ID fields.
Session-based guest access: Manage REST GraphQL security with path-based ACLs that are enforced without needing to require authentication for access to an API.

Support duplicate company names across core_company extension tables: Avoid normalization conflicts when creating records with the same company name in both the Company [core_company] table and its extension tables, such as Customer Account [customer_account], using the glide.cmdb.canonical.use_base_core_company_only property. It ensures that uniqueness enforcement applies only to base core_company records.

Deprecated features

Starting with the Australia release, the legacy user interfaces commonly referred to as UI11 and UI15 are deprecated. These legacy UIs no longer receive enhancements or defect fixes, and will no longer be supported. Certain system features might continue to display through legacy rendering paths (for example, printer‑friendly views) and will be addressed case by case as part of ongoing platform improvements. Use the Next Experience for a modern, accessible, unified interface. For information about activating the Next Experience UI, see Considerations for activating Next Experience.

Activation information

The ServiceNow AI Platform core features are active by default.

Plugin information

Plugins planned for deprecation

The following plugins are planned for deprecation in a future release:

Form designer (com.glide.ui.ng.fd): Planned for deprecation in the C release. Form Builder is the recommended replacement for all form configurations. For details, see the Deprecation Process [KB0867184] article in the Now Support Knowledge Base.
ServiceNow Subscription Management (com.snc.usage_admin.snc): Planned for deprecation in August 2026. Update to the most recent version of the Subscription Management application through the Application Manager. For more information about the Subscription Management application, see Subscription Management.

Accessibility information

Format Painter plugin for TinyMCE enables you to apply consistent font styles, sizes, and table formats within the HTML editor field. This improvement helps users with cognitive disabilities and low vision by reducing confusion and supporting clear, predictable formatting throughout documents. Keyboard navigation is supported, providing added ease of use for keyboard-only users. For more information, see Configure the HTML toolbar.