'Most Severe AI Vulnerability to Date' Hits ServiceNow - Dark Reading

Attackers could exploit a universal credential for ServiceNow's Virtual Agent API combined with weak email-only authentication to impersonate users. This allowed them to weaponize the "Now Assist" agentic AI to create administrative accounts, leading to full platform takeover and potential lateral movement across integrated enterprise systems.