ADVERTISEMENT

BodySnatcher flaw lets attackers take over ServiceNow's AI agents

A critical AI security vulnerability, dubbed “BodySnatcher,” highlights how the growing power of AI agents within workflow management platforms used by most Fortune 100 enterprises can turn routine automation into a takeover path.

ServiceNow flaw

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Jan 14, 2026 Updated: 14 January 2026 3 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

How the Now Assist Agent and Virtual Agent API are compromised

ServiceNow logo under magnifying glass
At the core of the vulnerability was ServiceNow’s Virtual Agent. Image by Shutterstock
ADVERTISEMENT

Remediation of ServiceNow vulnerability

ServiceNow bodysnatcher
Service Now says there have been no exploitations of the flaw in the wild. Getty Images
We are aware of a reported vulnerability that could allow privilege escalation on the ServiceNow AI Platform.In October 2025 we issued a security update to customer instances that addressed the issue. At this time, we have found no evidence of malicious exploitation.
ServiceNow

ADVERTISEMENT