ServiceNow used its Knowledge 2026 conference in Las Vegas this week to announce something that most governance platform vendors have avoided saying explicitly: they want to govern everyone's AI, not just their own. The expanded AI Control Tower now discovers, monitors, governs, secures, and measures AI agents, models, and workflows across AWS, Microsoft Azure, Google Cloud, SAP, Oracle, Workday, and 25 additional enterprise systems — regardless of whether those agents were built inside ServiceNow or by an entirely separate team using an entirely different tool.
That is a meaningful departure from how the governance market has operated until now. Most governance platforms govern themselves and the integrations they formally support. ServiceNow is claiming to govern the entire enterprise AI estate — including agents built on Anthropic's Claude, Microsoft's Copilot, and any custom-built tool connected to enterprise workflows through the Model Context Protocol. Anthropic became the first design partner for this expanded architecture, connecting Claude Cowork to ServiceNow's governed execution layer.
The announcement, reported by BankInfoSecurity and confirmed across ServiceNow's own newsroom, covers multiple simultaneous releases: an expanded AI Control Tower, new Action Fabric capabilities that open ServiceNow's workflow engine to third-party agents, a new AI Gateway for MCP transactions, deeper Microsoft partnership covering Microsoft Agent 365, a new Autonomous Security and Risk platform incorporating the Veza and Armis acquisitions, and Project Arc with NVIDIA for governed autonomous desktop agents. The volume of releases in a single week signals that ServiceNow made a deliberate decision to use Knowledge 2026 to plant a flag in the enterprise governance market before competitors could clearly define the category.
Key Terms
AI Control Tower — ServiceNow's governance platform for discovering, monitoring, risk-scoring, and enforcing policies across AI agents, models, datasets, and identities. As of Knowledge 2026, now included by default across every ServiceNow product and package rather than sold as an add-on.
Action Fabric — ServiceNow's system of enterprise actions — flows, playbooks, approvals, catalogs — now opened to third-party AI agents via MCP, allowing agents built on Claude or Copilot to trigger ServiceNow workflows without a human intermediary.
AI Gateway — A new component providing real-time governance, observability, and security controls for all MCP transactions — the connection points between AI agents and enterprise systems.
Model Context Protocol (MCP) — An open protocol that allows AI agents to interface with external systems and tools. ServiceNow's AI Gateway sits at this interface layer to enforce governance on every transaction.
Autonomous Security and Risk — A new platform combining Veza's access graph technology with Armis's asset intelligence into a single system for governing AI agent identities, permissions, and connected assets across the enterprise.
Veza — Access graph company acquired by ServiceNow. Maps every access relationship in real time: what has access, what it can do, and how that shifts as AI agents multiply.
Armis — Asset intelligence company acquired by ServiceNow. Feeds visibility into IT, OT, IoT, medical devices, and critical infrastructure into the ServiceNow CMDB, turning a static inventory into a live attack surface map.
Project Arc — A joint project with NVIDIA for an enterprise autonomous desktop agent, governed by AI Control Tower and secured by NVIDIA OpenShell.
On-behalf-of token passing — The identity mechanism by which agents inherit user permissions at execution time, accessing only what the triggering user is authorized to see. Prevents permission accumulation and privilege drift.
The Full Scope of What ServiceNow Announced
ServiceNow's Knowledge 2026 announcements span the full governance stack from discovery through enforcement to audit, and they arrived in enough volume across two conference days that the individual pieces risk obscuring the overall strategic logic. Reading them together, the architecture ServiceNow is building becomes clearer.
AI Control Tower Goes Cross-Platform
The most significant announcement is the expansion of AI Control Tower beyond ServiceNow's own ecosystem. The platform now continuously discovers AI agents as they appear — across more than 30 enterprise integrations — risk-scores them, enforces least-privilege access, and measures their business impact against governance standards. Jon Sigler, executive vice president and general manager for the AI platform at ServiceNow, framed this as unified governance across the entire enterprise AI stack. Amit Zavery, president, chief operating officer, and chief product officer, was more direct: a year ago, AI Control Tower gave enterprises visibility into their AI. As of Knowledge 2026, it governs the entire AI lifecycle across every agent, model, dataset, asset, and identity, across every cloud and enterprise system.
The governance mechanism works through identity verification, permission control, and full auditability applied to each action an agent takes. Every action that moves through the platform — whether triggered by a ServiceNow-native agent or a Claude-based tool calling enterprise workflows via MCP — passes through the Control Tower's enforcement layer and is logged for audit.
Design Partner Signal
Anthropic signed on as the first design partner for the expanded architecture, connecting Claude Cowork to ServiceNow's governed execution layer. That partnership matters for the governance market because it means the governance claims are being tested against Claude's actual agent behavior in enterprise workflows rather than in theory.
Action Fabric Opens to Outside Agents
ServiceNow opened its Action Fabric — the workflow engine that connects flows, playbooks, approvals, and catalogs — to agents built outside its platform. Agents built on Claude, Microsoft Copilot, or custom enterprise tooling can now trigger ServiceNow enterprise workflows through MCP without requiring a human to open a ticket or file. The AI Gateway sits at every MCP transaction point and applies governance controls before any action executes.
The strategic implication is that ServiceNow becomes the governance enforcement point for agent actions regardless of which model or tool is driving those actions. An agent built in Microsoft Copilot Studio triggering an IT service workflow, a Claude-based tool initiating an HR process, a custom Python agent calling a procurement approval — all of them pass through the same governance layer if they are connecting to ServiceNow systems.
Microsoft Partnership Deepens
ServiceNow and Microsoft expanded their partnership at Knowledge 2026 to extend AI Control Tower governance across the Microsoft Agent 365 ecosystem. The integration gives IT administrators visibility into AI agents operating across both ServiceNow and Microsoft environments regardless of where those agents were built, and allows ServiceNow's AI specialists to operate inside Microsoft 365 tools including Outlook, Word, and PowerPoint with metered usage tracked across both platforms.
The partnership surfaces a practical reality that most enterprises are already confronting: AI governance cannot be scoped to a single vendor's environment when the operational reality is agents from multiple vendors operating across overlapping systems. ServiceNow is trying to be the platform that resolves that overlap rather than contributing to it.
Autonomous Security and Risk: Veza and Armis Come Online
ServiceNow's acquisitions of Veza and Armis formally integrated into the governance platform this week under the Autonomous Security and Risk offering. Veza's access graph maps every access relationship in real time — what identity has access to what resource, what it can do with that access, and how those relationships shift as AI agents proliferate. Armis feeds asset intelligence across IT, OT, IoT, and connected devices directly into the ServiceNow CMDB, converting a historically static inventory into a live picture of the enterprise attack surface.
For the governance audience, the Veza integration is the more consequential of the two. The specific governance failure mode that has produced the most documented incidents this year — agents operating with permissions that were correct at grant time but became excessive as their role evolved — is exactly what an access graph that updates continuously is designed to catch. A static access review that happens quarterly will not surface an agent whose permissions drifted over two months of production operation. A real-time access graph will.
Identity Architecture Detail
The on-behalf-of token passing mechanism that ServiceNow uses means agents inherit user identity at execution time and can only access what the triggering user is authorized to see. No permissions accumulate between sessions. No drift builds. The Veza integration adds a real-time layer on top of this mechanism that maps what all identities — human and agent — can actually access at any given moment, not just what their role definition says they should be able to access.
Project Arc with NVIDIA
ServiceNow and NVIDIA announced Project Arc — an enterprise autonomous desktop agent governed by AI Control Tower and secured by NVIDIA OpenShell. The desktop agent layer is the surface most enterprise security programs have not addressed yet. Browser extensions and network-layer controls get attention. The desktop automation layer — where an agent can interact with applications, files, and credentials directly on a managed device — is largely ungoverned in most enterprise security architectures. Project Arc is ServiceNow's attempt to bring that surface inside its governance perimeter.
AI Control Tower Becomes Standard
Buried in the announcements is a pricing and packaging change that carries significant operational implications: all AI Control Tower capabilities are now included by default across every ServiceNow product and package. Governance infrastructure that was previously a separate purchase is now standard. For existing ServiceNow customers, this means the governance layer is available without an additional procurement decision. For the market, it means ServiceNow is treating governance as table stakes for any AI deployment on its platform rather than a premium add-on for customers willing to pay for oversight.
What the Logic Actually Is
ServiceNow's position is that it wins the agentic AI market by being the most governable platform rather than by building the most capable agent. That is a deliberate bet on where enterprise buying decisions will eventually center. The organizations that are currently deploying agents fastest are discovering that the operational overhead of managing agents across multiple vendors with no unified governance layer is creating problems that slow them down more than the agents speed them up. ServiceNow is offering a way out of that overhead.
The cross-platform governance claim is where the execution risk sits. Governing agents that ServiceNow built and agents that Anthropic or Microsoft built on the same enforcement layer requires those external agents to connect through governed interfaces — specifically MCP. Organizations whose agents do not connect through ServiceNow's MCP infrastructure will have partial governance coverage at best. The quality of the governance is directly proportional to the depth of the integration, and integrations vary significantly in practice.
What to Verify Before Acting on This
ServiceNow's announcement covers governance across 30+ enterprise systems, but the depth of governance at each integration point will vary. Before treating any specific integration as fully governed, organizations should verify whether the integration provides read-only visibility, enforcement capability, or full audit trail coverage — and whether that coverage extends to real-time agent actions or only to configuration-level snapshots.
The competitive positioning is also clear when you look at who is absent from the integrations list. Salesforce Agentforce, which is building its own governance layer for agents operating within the Salesforce ecosystem, is not listed as an integration partner. The enterprise AI governance market is converging on a small number of platforms trying to become the governance layer for everyone else's AI, and ServiceNow and Salesforce are building toward the same position from different starting points.
The Anthropic design partnership is the most credible signal in the announcement because it represents a third party that has agreed to have its agents governed by ServiceNow's enforcement layer in production. Design partnerships are different from press release partnerships — they require the partner to actually build against the governance API and accept that their agents' actions will be logged, risk-scored, and potentially blocked by another company's controls. Anthropic agreeing to that arrangement says something specific about the maturity of the technical implementation.
GetAIGovernance tracks governance platforms across discovery, enforcement, access control, and audit capabilities. Browse the AI Governance category, AI Governance Platforms, and AI Access Control at GetAIGovernance.net to compare platforms and evaluate whether their governance depth matches the specific control requirements your environment actually needs.
Our Take
AI Governance Take
ServiceNow's Knowledge 2026 announcements represent the most serious attempt yet by a major enterprise platform vendor to define governance infrastructure as the organizing principle of enterprise AI deployment rather than a compliance feature added to an AI deployment. The framing matters: governance as the platform strategy, not governance as the audit trail. That framing is correct, and the market is moving toward it regardless of which vendor eventually owns the category.
The practical question for enterprise governance teams evaluating this announcement is where the actual enforcement depth sits. Discovery and visibility are table stakes. Governance programs need enforcement — the ability to block, throttle, or redirect an agent action in real time when it violates a policy. The AI Gateway and the Veza access graph are the components where that enforcement lives, and they are the ones worth stress-testing in any procurement conversation with ServiceNow.
The cross-platform claim — governing Claude agents, Copilot agents, and custom-built agents on the same enforcement layer — is the most ambitious part of the announcement and the part that requires the most scrutiny. Governance that works for agents built inside the ServiceNow ecosystem and governance that works for agents built entirely outside it are technically different problems. The MCP gateway architecture addresses the connection point, but organizations with agents that operate independently of ServiceNow infrastructure will find the governance coverage thinner than the announcement suggests.
For regulated industries specifically — financial services, healthcare, insurance — the combination of the Veza access graph, the on-behalf-of token identity architecture, and the audit trail generation is the combination that matters most. Those industries need to demonstrate continuous access validation and full action auditability, and those two capabilities are where the ServiceNow architecture is most technically specific.
