“Our AI control tower ensures every AI system asset and identity is compliant, secure, and aligned with your strategy,” Nenshad Bardoliwalla, group vice president of AI products at ServiceNow, told reporters. That claim now underpins a broader product pivot: ServiceNow says its AI Control Tower has grown from a governance dashboard into a full enterprise command center that reaches beyond the company’s own platform.
AI Control Tower expands across five operational areas
Shipping as part of ServiceNow’s Australia platform release, the updated AI Control Tower is framed around five discrete capabilities: discovery, observation, governance, security, and measurement. ServiceNow positions the package as a response to what it calls “AI agent sprawl” — enterprises deploying more AI than they can account for and lacking tools to govern the portfolio.
The Control Tower can discover assets that include models, agents, prompts, and datasets across an organization’s entire technology estate, not only those running on ServiceNow. It also adds cost tracking and ROI dashboards to give finance teams visibility into model spend, measuring token consumption across providers such as OpenAI, Anthropic, and Google so customers can tie spending to business outcomes.
Veza acquisition supplies an access graph that maps over 30 billion permissions
Two recent acquisitions form the security backbone announced with the expansion. ServiceNow said it acquired Veza in December; Veza contributes an access graph that maps identities and access paths across systems — whether human, machine, or AI agent — and knows which entities have create, read, update, and delete permissions.
ServiceNow said the access graph currently maps over 30 billion fine-grained permissions. The Control Tower uses that context to enforce least-privilege access, scope permissions for every connected device, every agent, every model, and every action, and to provide auditable identity chains. When a vendor pushes a new model or agent version, the platform detects permission changes and automatically triggers a re-scoping workflow.
Traceloop adds continuous observability and a prompt-injection “kill switch” demo
ServiceNow acquired Traceloop in March and integrated its capabilities into the Control Tower to provide deep runtime observability. Traceloop tracks every large language model (LLM) call running in the system, delivering continuous runtime monitoring with live alerts — replacing the periodic manual audits that ServiceNow said many enterprises still rely upon.
In a briefing demo, the AI Control Tower detected a prompt-injection attack on a pricing agent: it identified malicious instructions hidden inside order payloads, used the Veza access graph to map the blast radius of affected systems, and presented a kill switch to disable the compromised agent without human intervention. “You need a system that senses, decides and acts on its own, that can scale with your AI portfolio, not your head count,” Bardoliwalla said.
Action Fabric opens workflow execution to external agents; Anthropic is first design partner
Alongside the Control Tower expansion, ServiceNow announced Action Fabric, which exposes the company’s workflow engine to external AI agents. Through a generally available MCP server, agents built on Claude, Copilot, or custom platforms can now trigger governed enterprise actions — executing flows, playbooks, approval chains, and catalog requests that ServiceNow customers have built.
Anthropic is the first design partner for Action Fabric. Boris Cherny, head of Claude Code at Anthropic, said in a statement that connecting Claude Cowork to ServiceNow’s system of action “closes that gap with enterprise execution, directly in the flow of work.” ServiceNow noted that every action routed through Action Fabric runs through the AI Control Tower, carrying identity verification, permission scoping, and a full audit trail. The MCP server is included in every Now Assist and AI Native SKU, with additional features planned for the second half of 2026.
What this means for CFOs, security teams, and enterprise architects
- CFOs: ServiceNow said it uses the Control Tower internally to manage more than 1,600 AI assets and tracked half a billion dollars in cumulative AI value from internal use cases in 2025; the cost-tracking and ROI dashboards aim to answer the core question finance teams are asking — “where’s the value?” — and to contain runaway model spend.
- Security teams: The Veza access graph plus Traceloop’s continuous monitoring give security teams the ability to map permissions, detect permission drifts when vendors update models, and rapidly isolate or disable compromised agents — as illustrated by the prompt-injection kill-switch demo.
- Enterprise architects and ops teams: Action Fabric and the MCP server open the ServiceNow workflow engine to external agents (Claude, Copilot, custom platforms), meaning architects must now design for governed cross-system action and for audit trails tied to identity and permission scoping.
ServiceNow’s announcement stitches discovery, observability, governance, and action into a single control surface and ties those capabilities to acquisitions and partner integrations. The company has included hyperscaler and enterprise application connectors — 30 new connectors that span Amazon Web Services, Google Cloud, Microsoft Azure, SAP, Oracle, and Workday — to extend the reach of the Control Tower beyond the ServiceNow platform.
The product roadmap leaves a clear near-term marker: the MCP server is already included in Now Assist and AI Native SKUs, and additional Action Fabric features are planned for the second half of 2026. For organizations wrestling with model proliferation, the practical questions are now whether enterprises will adopt always-on observability and automatic kill-switch workflows at scale, and how operators will balance automation against the need for human oversight when agents are disabled.
Original story: https://www.theregister.com/software/2026/05/05/servicenow_adds_agent_kill_switches_to_ai_control_tower/5228579
