ServiceNow AI Research

Attack What Matters: Integrating Expert Insight and Automation in Threat-Model-Aligned Red Teaming

Kiarash Mohammadi, Abhay Puri, Georges Belanger Albarran, Mihir Bansal, Navdeep Gill, Yanick Chénard, Segan Subramanian, Marc-Etienne Brunet , Jason Stanley
November 2025
Cite

Abstract

Prompt injection attacks target a key vulnerability in modern large language models: their inability to reliably distinguish between trusted and untrusted and potentially malicious instructions. This vulnerability has significant implications for customers using AI on the ServiceNow platform. We present an end-to-end Automated Red Teaming pipeline along with a case study on the Security Operations Now Assist. This case study highlights how prompt injections discovered by our tool can manipulate AI recommendations in SecOps. It includes examples of manipulated phishing incidents, demonstrating the vulnerability in production settings.

Type
Conference paper
Publication
NOW AI
Safety and Security Prompt Injection
Kiarash Mohammadi
Kiarash Mohammadi
Applied Research Scientist

Applied Research Scientist at AI Research Deployment​ located at Montreal, QC, Canada.

Abhay Puri
Abhay Puri
Applied Research Scientist

Applied Research Scientist at AI Research Deployment​ located at Montreal, QC, Canada.

Georges Belanger Albarran
Georges Belanger Albarran
Applied Research Scientist

Applied Research Scientist at AI Research Deployment​ located at Montreal, QC, Canada.

Mihir Bansal
Mihir Bansal
Machine Learning Engineer

Machine Learning Engineer at AI Research Deployment​ located at Santa Clara, CA, USA.

Yanick Chénard
Yanick Chénard
AI Developer

AI Developer at AI Research Deployment​ located at Remote, QC, Canada.

Marc-Etienne Brunet
Marc-Etienne Brunet
Applied Research Scientist

Applied Research Scientist at AI Research Deployment​ located at Toronto, ON, Canada.

Jason Stanley
Jason Stanley
Head of AI Research Deployment​

Head of AI Research Deployment​ at AI Research Deployment​ located at Montreal, QC, Canada.