Agent hijacking & lateral movement: Lessons from the ServiceNow AI vulnerability

TL;DR In December 2025, a critical ServiceNow AI vulnerability enabled user impersonation and full workflow abuse. A static credential and weak identity binding let agents act on forged identities, including agent-to-agent trust abuse. This is an identity failure at runtime, and there are important lessons to learn from it. Thanks to ServiceNow for the rapid remediation and the […]