AppOmni’s Warning on ServiceNow’s Now Assist AI Vulnerability
Security researchers at AppOmni have raised concerns over a serious security vulnerability within ServiceNow’s Now Assist AI platform, known as “second-order prompt injection.” This threat allows malicious low-privileged agents to manipulate higher-privileged agents to exfiltrate sensitive data. In a typical scenario, a low-privileged agent generates a seemingly legitimate task that prompts a more privileged agent to compile and send sensitive information, such as names and account identifiers, to an untrusted external endpoint.
This risk arises primarily from default configurations. To mitigate potential threats, AppOmni recommends key strategies, including enabling supervised execution for privileged agents, disabling autonomous overrides, and monitoring AI agents for unusual activity. ServiceNow acknowledges the vulnerability in updated documentation but maintains that the system operates as intended. Organizations must carefully review and adjust these default settings to prevent data breaches and ensure internal security.
