Request a demo
Open mobile menu
Back
AIAuthorizationIdentity SecurityIntegrationsProductSaaSSecurity

Veza Expands AI Agent Security to ServiceNow AI Agents

Prasanna Naik

Your Agents Are Acting in ServiceNow. Now You Can See Them.

AI agents are already operating across your ServiceNow instance — updating records, invoking tools, calling Gen AI Skills, acting on behalf of humans. They run as ServiceNow users. They inherit roles and ACLs. They reach tables and records the same way any identity does.

But until now, they have been governed like prompts, not like identities.

That changes today. Veza is expanding AI Agent Security to ServiceNow AI Agents — bringing the same Access Graph that already governs agents on AWS Bedrock, Azure AI Foundry, Microsoft Copilot Studio, and Salesforce Agentforce to ServiceNow.

For every customer running ServiceNow AI Agent Studio, Veza now answers the question we were built to answer:

What can take what action on what data — across every AI Agent in ServiceNow?

What Veza Discovers and Governs in ServiceNow

Veza extends the existing ServiceNow IAM integration to model the AI Agent Studio (sn_aia_*) and native Gen AI configuration tables (sys_generative_ai_, sys_gen_ai_*). Discovery is automatic — if the AI Agent plugins are installed, Veza picks up the new entities on the next extraction. No new connector to deploy, no separate datasource to configure.

The following entities and relationships are now visible:

  • AI Agents — every agent defined in AI Agent Studio (sn_aia_agent + sn_aia_agent_config), including its execution mode (Dynamic User vs. AI User), active state, and description
  • AI Agent Tools — flow actions, subflows, and skills the agent is authorized to invoke (sn_aia_tool)
  • Gen AI Skills — parameterized LLM prompts from the Now Assist Skill Kit (sys_gen_ai_skill)
  • AI Models — operational model configurations on the platform (sys_generative_ai_model_config), including provider, model family, and lifecycle state
  • Gen AI Configs — capability-level configurations binding models to platform features (sys_generative_ai_config)
  • The ServiceNow user each agent runs as — resolved from run_as_user on the agent config
  • The ACL rules controlling who can invoke each agent or skill — Gen AI Agent and Gen AI Skill ACL types resolved through sys_security_type

Answering Critical Security Questions

1. Outbound: What can this agent actually reach?

ServiceNow AI Agents do not hold permissions directly. They flow through a sys_user — either a dedicated AI User (with its own roles) or the invoking user (Dynamic User mode). Veza models that delegation as a clear graph path, so you can move beyond reading agent configs and ACLs by hand:

ServiceNow AI Agent → ASSUMES_USER → ServiceNow User → TO_ROLE → Role
                    → HAS_EFFECTIVE_PERMISSION → Table / Record

Questions answered in a single query:

  • Which AI Agents can read or write the incident table? The sys_user table? Custom CMDB tables holding sensitive data?
  • Does an agent inherit a role with admin or other privileged scope?
  • Which agents run in Dynamic User mode and could therefore inherit the privilege of any user who invokes them?

2. Inbound: Who can invoke or manage these agents?

ServiceNow exposes ACL rules of type gen_ai_agent and gen_ai_skill to control invocation. Veza wires those ACLs directly into the graph:

ServiceNow User → TO_ROLE → Role → HAS_RULE → ACL Rule (Gen AI Agent)
                → ON_RESOURCE → AI Agent

Questions answered:

  • Who in the organization can invoke each AI Agent or Gen AI Skill?
  • Which agents are exposed to a broad role versus locked down to a specific team?
  • If a user leaves or changes role, which agents do they lose — or retain — the ability to invoke?

3. Models: What’s actually running under the hood?

The Gen AI capability layer in ServiceNow binds platform features to specific models. Veza captures both the inventory and the bindings:

ServiceNow Instance → HAS_MODEL → AI Model
Gen AI Config → USES_MODEL → AI Model

Questions answered:

  • Which foundation models are configured on this instance, and from which providers?
  • Which Gen AI capabilities are bound to which models — and are any using models that fall outside approved policy?
  • When a model is deprecated, which agents and capabilities are impacted?

What This Unlocks for Security and IAM Teams

For every ServiceNow AI Agent, Veza now surfaces:

  1. The agent and the ServiceNow user identity it runs as
  2. The roles and ACLs each agent inherits through that identity
  3. The tables and records it can reach in your ServiceNow instance
  4. The tools and Gen AI Skills it is authorized to invoke
  5. The AI models configured in the instance — and how Gen AI capabilities bind to them
  6. Who in the organization can invoke each agent

That visibility plugs into everything Veza already does:

  • Access Reviews — agents become reviewable entities alongside humans and service accounts
  • Blast Radius — over-privileged agents surface against the same risk model as any other identity
  • Rules & Alerts — trigger on a new agent without an owner, an agent granted a privileged role, or an agent newly bound to a sensitive table

Access Graph search — natural-language and graph queries traverse the full chain from human invoker to AI Agent to data

Getting Started

Veza AI Agent Security for ServiceNow AI Agents is available now for existing ServiceNow IAM integrations. There is no separate deployment — once the sn_aia plugins are installed on the instance, Veza picks up agents, tools, skills, models, and Gen AI configs on the next extraction.Customers already running Veza for ServiceNow can reach out to their account team to confirm enablement. New customers can request a demo to see the full Access Graph in action.

Table of Contents

    Related Posts