Agents at the fore to power new dev tools, security features, and autonomous workflows.
ServiceNow’s latest iteration of its platform, “Zurich”, focuses on embedding agentic AI to enhance security, development, and workflows.
For developers, new AI-powered tools will allow what the company described as “secure vibe coding with natural language.”
It means that there’s a huge opportunity for organizations to give their employees ways to optimize their workdays, said Jithin Bhasker, group VP and GM, creator workflows and app engine. One-third of every application will be refactored to support AI, he said, and AI, low-code, and no-code development will enable the development of a huge number of custom AI applications and agents.
The new Build Agent handles everything from design through governance, providing enterprise-grade features such as audit trails, security, and compliance. “It’s all about, how do you automate and accelerate the entire lifecycle from an idea to an app in a minute,” Bhasker said.
Alongside the Build Agent, ServiceNow has introduced a developer sandbox to provide a safe environment in which to experiment and test without breaking production environments or compromising security.
Security in the AI age
Two new security capabilities in Zurich will help enterprises keep an eye on the new agentic entities that are invading their networks. The Machine Identity Console provides centralized visibility of all inbound API integrations that use machine identities such as service accounts or keys, allowing administrators to monitor them and remediate security issues.
“It’s really important that the scope of these integrations is limited only to what’s necessary,” said Amanda Grady, VP and GM, AI platform security. “Machine Identity Console identifies any high-risk integrations and provides a guided experience for our customers to help them improve their security.”
Data protection is critical, and three years ago the Tokyo release of ServiceNow’s platform saw the introduction of Vault. However, Grady said, “what we found is, although we introduced these very powerful sets of controls in Vault, they were not integrated. And it could be challenging for our ServiceNow admins and platform owners, who are not necessarily security and privacy experts.”
In Zurich, ServiceNow seeks to remedy that shortcoming with the introduction of the ServiceNow Vault Console, which provides what the company described as “a guided experience to discover, classify, and protect sensitive data across workflows.” Grady said that the console makes it easier to locate sensitive data via AI-based discovery of personally identifiable information (PII), and provides templates to aid in data classification as well as ways to protect that data such as anonymization and field encryption.
These two features build on the AI Control Tower, announced in May, which the company said provides enterprise-wide visibility, embedded compliance, and end-to-end lifecycle governance for both native and third-party agentic AI systems. However, Grady said, Machine Identity Console is not yet part of or linked to it.
Analysts were guardedly impressed.
“Taken at face value, these announcements are steps in the right direction,” said Scott Bickley, an advisory fellow at Info-Tech Research Group. “Products like Vault Console, Machine Identity Console, and Build Agent with sandbox, all managed via ServiceNow’s AI Control Tower, sound impressive.”
However, he noted, “One might argue that ServiceNow should have led with these audit, governance, and compliance features, as they should be table stakes, instead of the last two years of blindly selling an uncontrolled AI solution into the marketplace.”
Robert Kramer, VP and principal analyst at Moor Insights & Strategy, agreed that the additions are moves in the right direction, but also has concerns.
“The PII discovery, classification, and MFA dashboard improvements are solid steps. They address the basics of compliance and give organizations more visibility,” he said. “That said, ‘adequate’ is the right word; these aren’t revolutionary. Larger enterprises will still need to layer additional tools for deeper data governance and reporting. The challenge here is scale: if Zurich’s automated classification isn’t accurate, you either over-classify and slow people down, or under-classify and take on risk.”
Autonomous workflows
Finally, ServiceNow has added operational features to optimize and automate processes with the help of process mining and task mining.
Kush Panchbhai, SVP, AI platform, explained. “Task mining gives you eyes on what a human is doing in an enterprise, every click, every action the human is taking is getting logged,” he said. “Now with process mining, we are doing the exact same thing for how work is flowing in an enterprise through automation.”
Zurich introduces agentic playbooks, powered by Now Assist, that build AI into traditional ServiceNow playbooks, completing some tasks while keeping a human in the loop.
The user can even ask an agent, in natural language, to make changes or additions to a playbook if, for example, a step in a process is missing.
Despite these features, Moor Insights’ Kramer said that Zurich’s success will all come down to execution. “Zurich shows ServiceNow moving in the right direction: less dashboard fatigue, more actionable insights, and better integration with external data,” he said. “But the real test will be execution. If the AI summaries are accurate, if the integrations stay reliable, and if the UX actually reduces complexity, customers will see value. If not, it risks being another release that looks good in demos but frustrates in practice.”
He added, “Competitors like Microsoft, SAP and Salesforce are pushing similar ideas, so customers will have options. ServiceNow needs to prove that Zurich isn’t just riding the AI wave but actually making daily work smoother.”
