Bill McDermott stood on the stage at Knowledge 2026 in Las Vegas and said something that should have made every enterprise software CEO uncomfortable: "ServiceNow manages everyone else's board." The chess metaphor was deliberate. Most enterprises think they are the ones making moves with AI. McDermott's view is that the chaos they have created , hundreds of disconnected applications, untracked AI agents, ungoverned identities , is exactly the environment where ServiceNow thrives. The company that started as an IT ticketing system is now positioning itself as the operating system of the agentic enterprise.
What Actually Happened
At Knowledge 2026, ServiceNow dropped the largest product slate in its history. The centerpiece: Autonomous Security & Risk, a unified platform that integrates two recent acquisitions , Armis and Veza , into a single graph mapping every identity, every permission, and every connected asset in an enterprise. The product is designed to replace fragmented security stacks with one system that prevents, detects, and responds to threats at machine speed. Early results are striking: a global energy firm cut threat containment time by 97%; a U.S. financial institution eliminated 96% of dormant non-human identities.
But Autonomous Security & Risk was just one of four major launches. ServiceNow also unveiled Project Arc in partnership with NVIDIA , an enterprise autonomous desktop agent that can think, write code, execute multi-step tasks, and self-correct when things go wrong. Project Arc is powered by NVIDIA's OpenShell and governed by ServiceNow's AI Control Tower. The company also expanded its Autonomous Workforce beyond its initial IT service desk specialist to cover case management, security and risk, finance, HR, and legal , effectively deploying an AI staff for every major business function. Underpinning all of it: a new Action Fabric layer that enables any AI agent to take actions across any enterprise system, regardless of what it runs on.
Why This Matters More Than People Think
The number McDermott kept returning to in his keynote was 367 , the average number of different applications running inside a large enterprise. Each of those 367 apps now has its own AI module. Each module has its own agents. Each agent has its own permissions, its own data access, its own failure modes. No one in the enterprise has a full map. No one has a kill switch. And almost no one has a plan for what happens when one of those agents is compromised, makes a bad decision, or two of them give each other conflicting instructions. That is the problem ServiceNow is now selling the solution to.
The market timing is almost perfect. Six in ten companies are already using agentic AI, but only one in ten have built anything that could be called truly autonomous. The 90% in between are stuck in a painful middle state: too many AI tools to manage manually, not enough governance infrastructure to trust them without oversight. They are spending millions on AI capabilities they cannot fully deploy because the risk controls do not yet exist. ServiceNow is explicitly positioning itself as the company that makes those controls possible , and if it can make the sale, it becomes a mandatory layer on top of every AI deployment in the enterprise.
The Competitive Landscape
ServiceNow is not alone in chasing the enterprise AI governance market. Microsoft's Agent Governance Toolkit, released in April 2026, attempts to address the same problem from the Azure and Microsoft 365 surface. SAP launched AI Control capabilities within its BTP platform at Sapphire 2026. And Palo Alto Networks is marketing its Cortex platform specifically as a security layer for AI agents. The difference is scope: each of these competitors is governing AI agents within their own ecosystem. ServiceNow is arguing that governance needs to work across all ecosystems simultaneously , because that is where the actual enterprise runs.
The NVIDIA partnership strengthens this positioning considerably. Project Arc's integration with NVIDIA OpenShell means it can operate across GPU-accelerated workloads, not just traditional software stacks. And the endorsement matters: Jensen Huang disclosed at the event that NVIDIA itself has cut employee intervention on internal support issues by two-thirds using ServiceNow's platform. When the company that sells AI infrastructure is using your AI governance tools internally, it is a credibility signal that no marketing budget can replicate. For enterprise buyers evaluating vendors in this space, that partnership is likely to be decisive.
Hidden Insight: The $1 Trillion Argument That Changes Everything
McDermott cited cybercrime costing $1 trillion per month globally. That number sounds like a keynote soundbite, but it contains the entire business logic of Autonomous Security & Risk. Traditional security products sell on risk reduction , they promise to lower the probability of an incident. What McDermott is selling is something different: operational continuity at machine speed. When a threat manifests in an enterprise with 367 apps and thousands of AI agents operating simultaneously, the window between detection and damage is measured in minutes, sometimes seconds. Human-speed security is now structurally insufficient. That is not a problem that better dashboards solve. It is a problem that only autonomous response systems can address.
The non-human identity problem deserves special attention. When the U.S. financial institution in ServiceNow's case study eliminated 96% of dormant non-human identities, that was not a security cleanup. It was the first honest accounting of how badly the enterprise AI explosion has already proliferated ungoverned access rights. Every AI agent that gets deployed gets credentials. Every API integration gets keys. Every automated workflow gets permissions. Over months and years, as agents are deprecated, rebuilt, or replaced, their credentials persist , invisible, ungoverned, fully active. The attack surface created by enterprise AI is not theoretical. It is already built and largely unmapped. Autonomous Security & Risk is the first enterprise product explicitly designed to map and close that surface.
There is a more uncomfortable truth buried in the Armis and Veza integrations. Both companies were acquired precisely because ServiceNow did not have native visibility into OT (operational technology) assets, IoT devices, and fine-grained identity governance. The acquisitions effectively admit that workflow software , which is what ServiceNow was for most of its history , cannot govern the physical, connected enterprise without fundamentally different data sources. What ServiceNow has built at Knowledge 2026 is not an extension of its platform. It is a new platform built on top of the old one, with a scope that includes every device, every identity, and every agent across the entire enterprise perimeter. That is a very different product from an IT ticketing system. The question is whether enterprise buyers are ready to pay platform-level prices for it.
What to Watch Next
The most important leading indicator over the next 90 days is whether ServiceNow's Security & Risk segment , which crossed $1 billion in annual contract value last year , accelerates its growth rate in Q2 2026 earnings. If Autonomous Security & Risk converts the pipeline that Knowledge 2026 generated, you should see it in bookings before September. Watch also for how many of ServiceNow's top 500 customers , which collectively account for the vast majority of its revenue , expand their contracts to include the new Autonomous Workforce agents. Each additional agent specialist (the finance one, the HR one, the legal one) is a new revenue line that did not exist six months ago.
Over the next 180 days, the critical test is whether Project Arc demonstrates reliable performance in production environments. Autonomous desktop agents that can write and execute code across enterprise systems are extraordinarily powerful when they work , and extraordinarily dangerous when they do not. The first high-profile failure of an enterprise AI agent causing a production incident will create either a massive demand spike for governance tools like ServiceNow's, or a regulatory backlash that freezes the category entirely. Either outcome shapes the next 24 months. If you are watching the agentic enterprise space, track incident reports and regulatory filings as carefully as you track product announcements.
The enterprise spent a decade building 367 AI silos; ServiceNow is betting its next decade on being the only company that can see across all of them at once.
Key Takeaways
- 367 disconnected apps , The average enterprise runs 367 different applications, each with separate AI modules; ServiceNow is building the governance layer to connect and control them all.
- Only 1 in 10 autonomous , Six in ten companies use agentic AI, but only one in ten have built anything truly autonomous; the governance gap is ServiceNow's core product-market fit.
- $1B ACV in Security & Risk , The Security and Risk division crossed $1 billion in annual contract value, making it one of the fastest-growing segments on the platform.
- 97% faster threat containment , An early Autonomous Security & Risk customer achieved 97% faster threat containment; a U.S. financial institution cut dormant non-human identities by 96%.
- $1T monthly in cybercrime , Global cybercrime now costs $1 trillion per month, the core urgency argument behind the autonomous security pitch.
Questions Worth Asking
- If ServiceNow becomes the governance layer for every AI agent in the enterprise, does that make it more powerful than the cloud providers themselves , or does it make it permanently dependent on them?
- When AI agents can write code, execute workflows, and take actions autonomously, what does accountability look like when something goes wrong , and who in the enterprise is legally responsible?
- If your company is already running 367 applications with ungoverned AI agents attached to each one, how many non-human identities exist in your environment right now that no one has an accurate count of?