ServiceNow Now Assist second-order prompt injection via agent discovery
Technical Analysis
Summary
Hide ▲
Show ▼
AppOmni showed that ServiceNow Now Assist can be abused through second-order prompt injection, letting attackers drive unauthorized actions across agent teams and expose sensitive corporate data. The risk matters because the behavior can unfold under the victim user's privileges and may still succeed even when built-in prompt-injection protections are enabled.
Related Happenings
ServiceNow AI Platform unauthenticated impersonation flaw (CVE-2025-12420)
Vulnerability
First: 13.01.2026 13:47
Last: 13.01.2026 13:47
Sources 1
About this happening:
**CVE-2025-12420** exposes **ServiceNow AI Platform** deployments to **unauthenticated impersonation** and **arbitrary actions**, creating a high-severity account-takeover risk. T...
ServiceNow AI Platform unauthenticated impersonation flaw (CVE-2025-12420)
VulnerabilityAbout this happening: **CVE-2025-12420** exposes **ServiceNow AI Platform** deployments to **unauthenticated impersonation** and **arbitrary actions**, creating a high-severity account-takeover risk. T...
ServiceNow AI Platform patch release for CVE-2025-12420
Security Patch Release
First: 13.01.2026 13:47
Last: 13.01.2026 13:47
Sources 1
About this happening:
**ServiceNow** released a **security update** for **CVE-2025-12420**, a **critical** flaw in its **ServiceNow AI Platform** that could let an **unauthenticated user** impersonate...
ServiceNow AI Platform patch release for CVE-2025-12420
Security Patch ReleaseAbout this happening: **ServiceNow** released a **security update** for **CVE-2025-12420**, a **critical** flaw in its **ServiceNow AI Platform** that could let an **unauthenticated user** impersonate...
PromptSteal and PromptFlux AI-enabled malware activity
Malware Activity
First: 06.11.2025 11:45
Last: 06.11.2025 11:45
Sources 1
About this happening:
**PromptSteal** and **PromptFlux** now show how malware can use **LLMs during execution** to generate malicious code on demand, raising the risk of more adaptive evasion and theft...
PromptSteal and PromptFlux AI-enabled malware activity
Malware ActivityAbout this happening: **PromptSteal** and **PromptFlux** now show how malware can use **LLMs during execution** to generate malicious code on demand, raising the risk of more adaptive evasion and theft...
Timeline
-
19.11.2025 11:59 2 articles · 6mo ago
ServiceNow Now Assist default settings enable second-order prompt injection
Technical Analysis UpdateAppOmni described how default configurations in ServiceNow Now Assist can be abused for second-order prompt injection through agent-to-agent discovery and collaboration, allowing a malicious prompt embedded in accessible content to redirect a benign agent into unauthorized actions such as copying or exfiltrating sensitive corporate data, modifying records, sending emails, or escalating privileges. The behavior can unfold under the privileges of the user who started the interaction, and ServiceNow later said the behavior is intended and updated its documentation for clarity; recommended defenses include supervised execution mode for privileged agents, disabling sn_aia.enable_usecase_tool_execution_mode_override, segmenting agent duties by team, and monitoring AI agents for suspicious behavior.
Show sources
- ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts — thehackernews.com — 19.11.2025 11:59
- ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts — thehackernews.com — 19.11.2025 11:59