From Workflow Platform to AI Security and Governance Layer
ServiceNow’s new AI strategy is a model where the platform acts as the AI security layer and governance engine that coordinates agents, identities, assets, and workflows while executing automation directly in frontline tools. At Knowledge 2026, the company stopped presenting itself as only a workflow platform with AI features and instead claimed the governance and action layer in the enterprise AI stack. Its Autonomous Security and Risk product combines Armis’s continuous asset intelligence with Veza’s identity and access graph so every connected asset and permission can be tied to remediation workflows. According to John Aisien, this approach creates “a single graph that maps every identity, every permission, and every connected asset,” allowing prevention, detection, and response at machine speed. The expanded AI Control Tower then discovers, observes, governs, secures, and measures AI activity across major cloud platforms and business systems, anchoring AI governance enterprise-wide.
AI Control Tower: From Observation to Governed AI Execution
AI Control Tower has moved from being a monitoring console to an enforcement hub for governed AI execution. Organized around discover, observe, govern, secure, and measure, it plugs into systems from hyperscalers and business applications to give enterprises clear oversight of which agents run where and under what rules. Discovery adds dozens of integrations so policies extend beyond native ServiceNow agents. Runtime observation, using tech from the Traceloop acquisition, records agent decisions and behavior. Governance layers in risk frameworks aligned to NIST and the EU AI Act, while Veza-driven controls enforce least-privilege access for human and machine identities. Measurement adds spend and ROI dashboards so leaders can see which AI initiatives deliver value. This combination lets AI governance enterprise controls sit above the stack while still triggering workflows, closing the gap between policy definition and frontline worker automation.
Otto: Conversational Front Door for Frontline Worker Automation
ServiceNow Otto is a conversational front door that turns natural-language intent into governed AI execution for frontline workers. It unifies Now Assist, Moveworks, and ServiceNow’s AI Experience so employees no longer need to know which portal, department, or workflow owns a request. Users can type or speak in multiple languages, search across knowledge bases, wikis, databases, and SharePoint, and query enterprise data in plain language. Otto then routes work through the Now platform, applying the same policies, approvals, and organizational structures defined in AI Control Tower. ServiceNow stresses that Otto is not another chatbot but a user interface for completing work across systems such as HR, IT, and operations. Early traction through EmployeeWorks shows that when governed AI execution is embedded at the point of work, employees adopt automation faster because it hides cross-system complexity behind one interface.
Autonomous Security and Risk Meets Frontline AI Experiences
By pairing Otto with Autonomous Security and Risk, ServiceNow links frontline worker automation to a governed AI security layer in the same platform. Armis detects cyber assets across IT, OT, IoT, and code, while Veza maps permissions for both human and non-human identities. That context flows into workflows that Otto can trigger on behalf of employees, such as access requests, incident responses, or policy exceptions. Any action Otto starts is checked against AI Control Tower rules, risk frameworks, and least-privilege policies. This means frontline workers get faster, conversational automation without bypassing security teams or compliance. For CISOs under pressure to report risk with confidence while maintaining speed, the architecture promises a single operating model: asset visibility, identity governance, AI monitoring, and workflow remediation all share the same data graph and execution layer.
A New Paradigm: Governance and Execution at the Point of Work
ServiceNow’s shift signals a new paradigm in AI governance enterprise strategy: governance and execution now converge where work happens instead of staying in separate central teams. Otto gives operators, managers, and service agents a conversational entry point, while AI Control Tower, Autonomous Security and Risk, and Action Fabric ensure that every action aligns with policy, identity, and asset context. Partners see this as a user interface shift as much as a technical one, because Moveworks-based experiences let users stay in one place while acting across platforms like Salesforce, Coupa, or Fieldglass. ServiceNow’s bet is that frontline worker automation will only scale if governed AI execution is both invisible and embedded: invisible because workers interact through natural language, embedded because security, risk, and compliance controls are enforced in real time across every agent and workflow.