HeadlinesBriefing favicon HeadlinesBriefing.com

ServiceNow Virtual Agent Flaw Shows AI Security Gaps

DEV Community •
×

AppOmni researchers uncovered a critical chain in ServiceNow’s Virtual Agent in October 2025 that let an attacker seize the entire platform using only a victim’s email address. The exploit hinged on three flaws: a hard‑coded servicenowexternalagent token for API authentication, acceptance of email as sole identity, and the Record Management AI Agent’s unrestricted ability to create admin accounts.

The breach didn’t stem from the AI model itself but from classic broken authentication and broken authorization mistakes that any web app should avoid. Because the agent could act autonomously, those ordinary bugs amplified into a full‑platform takeover. Snyk argues that threat modeling, SAST, DAST, and AI red‑team exercises must be layered to keep agentic AI in check.

Experts like Aaron Costello urge firms to audit agent permissions, enforce MFA or SSO at every API gateway, and treat AI agents as code that requires continuous testing. ServiceNow rotated the compromised token within a week, but the episode signals that any organization deploying AI‑driven agents must embed traditional AppSec practices before scaling.