ServiceNow has substantially expanded its AI Control Tower from a governance dashboard into an enterprise command centre capable of discovering, monitoring, and securing AI assets across an organisation's entire technology estate, not merely those deployed on ServiceNow's own platform. The upgrade, shipping with the Australia platform release, integrates two recent acquisitions—Veza's access graph technology and Traceloop's observability capabilities—to address what the company frames as AI agent sprawl. The Control Tower now spans five operational areas: discovery, observation, governance, security, and measurement. Thirty new enterprise connectors extend visibility across AWS, Google Cloud, and Azure, alongside applications like SAP, Oracle, and Workday. The system can detect and map AI assets, models, agents, prompts, and datasets across the full technology estate, whilst Veza's access graph tracks over 30 billion fine-grained permissions to enforce least-privilege access and identity chains. Traceloop's integration replaces manual audits with continuous runtime monitoring, allowing teams to observe agent reasoning and decision-making in real time. A demonstration showed the Control Tower detecting a prompt injection attack on a pricing agent, mapping the blast radius, and presenting an automated kill switch—all without human intervention.
The implications for CX teams are twofold. First, the architecture directly addresses a critical pain point: as organisations deploy more agents and AI systems, governance and security have lagged behind deployment velocity. For teams already running multiple agents across Zendesk, Salesforce, or custom platforms, the question becomes whether this level of cross-platform visibility and automated threat response is now table stakes, or whether smaller vendors can continue to compete without equivalent observability and security infrastructure. Second, ServiceNow has positioned cost tracking and ROI measurement as central to the Control Tower, with dashboards tracking token consumption across OpenAI, Anthropic, and Google. This reflects a shift in how AI deployments are justified—no longer purely on capability, but on measurable business outcomes and controlled spend. For support leaders managing agent sprawl, this signals that CFOs will increasingly demand visibility into which agents deliver value and which consume budget without proportional return.
The introduction of Action Fabric extends this control further by opening ServiceNow's workflow engine to external agents built on Claude, Copilot, or custom platforms through a Model Context Protocol server. Every action routed through Action Fabric passes through the AI Control Tower, carrying identity verification, permission scoping, and audit trails. This creates a governed system of action that bridges the gap between agent decision-making and enterprise execution—a critical capability for CX teams where agents must trigger approvals, execute playbooks, and access service catalogues. The architecture suggests ServiceNow is betting that the future of enterprise AI is not isolated agents, but orchestrated systems where governance, security, and observability are non-negotiable. For teams evaluating whether to build agent capabilities in-house or rely on platform-native solutions, the cost and complexity of retrofitting equivalent security and observability into custom deployments should weigh heavily against the apparent simplicity of point solutions.
ServiceNow acquisitions Veza and Traceloop join to monitor agents and AI workflows ServiceNow announced an expansion of its AI Control Tower, transforming what began last year as a governance dashboard into what the company now describes as a command center for managing AI assets across an entire en