Build Agent governance
Governance controls in Build Agent help with code quality, security, and compliance when generating applications. The Build Agent automated safeguards prevent common development issues and enforce organizational standards.
Every app and AI agent generated with Build Agent inherits the governance of AI Control Tower and App Engine Management Center, plus the same identity framework as the rest of the ServiceNow AI Platform®. Use the governance tools to monitor agents, manage app lifecycle, and enforce policy.
- Risk and compliance: AI-generated apps meet enterprise security standards and regulatory requirements.
- Quality assurance: Automated code is validated through testing and review.
- Visibility and control: Prevents shadow IT and enforces lifecycle transparency.
Build Agent automatically generates Access Control Lists (ACLs) that enforce role-based access, validates scripts for security vulnerabilities, and applies code optimization during generation. Every app that's vibe coded and developed with AI on the ServiceNow AI Platform includes audit trails, security controls, and compliance checks without requiring explicit prompts for these features.
- Security Attributes control access based on properties assigned to users and resources, instead of role membership alone. For more information on Security Attributes, see Security Attributes.
- Security Data Filters restrict which rows a user can see on a table, for example, so that managers see only their team's records.
- Enforce ACLs and role-based access for generated apps, which Build Agent can do.
- Validate AI-generated scripts for security vulnerabilities.
- Apply code optimization and review before publishing.
- Create Cross-Scope Privileges to control which tables, scripts, and resources one scoped application can access from another. Use Cross-Scope Privileges to diagnose and resolve operation not allowed errors between scoped apps.
- While creating agents and skills, Build Agent asks which users and roles it should operate as, as well as which users are allowed to access the agents or skills.
AI Control Tower
Agents generated by Build Agent are registered as AI assets in AI Control Tower, where AI stewards can track lifecycle progression, monitor security posture, and assess compliance. From the AI asset record, stewards can review governance health, evaluation scores, and risk classification for each agent without leaving the workspace.
AI Control Tower identifies specific security considerations for generated agents, including agents with elevated permissions, agents that experience access-related errors, and agents that have been inactive for more than 90 days but still retain active permissions. The access map visualizes relationships between agents, agentic workflows, and the tools they use, which helps stewards assess dependencies and potential impact before making changes.
If your organization uses AI Risk and Compliance, generated agents can be evaluated against organizational policies and regulatory frameworks such as the NIST AI Risk Management Framework and the EU Artificial Intelligence Act. Risk classification and compliance posture are surfaced on the Risk and Compliance tab of each AI asset record.
For more information, see AI Control Tower.
For more information on governance, vibe coding and other ServiceNow development tools, see Governance for agentic development.
Cross-scope privileges
Build Agent can create Cross-Scope Privilege records to control which tables, scripts, and resources one scoped application can access from another. If a scoped app needs to read a table or call a script include from a different scope, Build Agent generates the appropriate privilege records. Cross-Scope Privileges are also useful for diagnosing and resolving operation not allowed errors between scoped apps.