‘Most Severe AI Vulnerability to Date’ Hits ServiceNow

Authentication Issues in ServiceNow’s Chatbot

ServiceNow, used by 85% of Fortune 500 companies, recently faced a critical vulnerability allowing potential unauthorized access to customer data and connected systems. Security researcher Aaron Costello identified a flaw enabling attackers to gain full control of the platform using only a user’s email address.

Why This Matters

Ideal security models assume robust authentication, verifying user identity. However, ServiceNow shipped a universal credential and allowed authentication via email alone, bypassing these safeguards. The potential impact is enormous, considering ServiceNow’s deep integration across an organization’s IT infrastructure; this vulnerability highlights the risk of exposing powerful AI functionalities to weakly authenticated access points.

Key Insights

• Universal Credential: A single credential (“servicenowexternalagent”) was shipped to all third-party services authenticating to the Virtual Agent API.
• Email-Only Authentication: Users could be impersonated with only their email address and minimal setup information.
• Agentic AI Exploitation: The “Now Assist” agentic AI was weaponized to create admin-level accounts, providing persistent access.

Practical Applications

• Use Case: Companies leveraging ServiceNow for broad IT management are exposed to broad lateral movement risks.
• Pitfall: Overly permissive access controls for AI agents dramatically increase the blast radius of a breach.

References:

• https://www.darkreading.com/remote-workforce/ai-vulnerability-servicenow