TECHNICAL VALIDATION
ServiceNow Autonomous IT and Security
Creating a Self-healing and Self-defending Organization With AI
By Alex Arcilla, Principal Analyst – Validation Services
Omdia
MARCH 2026
Introduction
This Omdia Technical Validation evaluates ServiceNow’s approach to Autonomous IT and Security. We examine how ServiceNow applies agentic AI across IT service management, operations, asset management, security, and strategic portfolio management, paving the way to becoming a self-healing and self-defending organization.
Background
Organizations continually find themselves having to “do more with less,” and the emergence of agentic AI is providing them with a unique opportunity to trigger exponential productivity gains. With this potential benefit, it is no surprise that Enterprise Strategy Group (now Omdia) research uncovered that 80% of organizations consider agentic AI to be a high or top priority compared to other AI initiatives (see Figure 1).
Figure 1. AI agents are a high priority for most organizations
Source: Omdia
Yet, issues arise when integrating AI agents into everyday operations. Two-thirds of organizations stated that bridging disparate systems and data sources to enable AI agents is a significant challenge. Today, cross-functional teams working in IT operations (ITOps), security operations (SecOps,) and risk management rely on a plethora of solutions for monitoring and visibility purposes. For instance, to maintain perimeter security, organizations employ a wide variety of systems, such as firewalls, IDS/IPS, VPNs, and gateways. From these systems, organizations have managed to collect and manually integrate data so that business-impacting issues can be identified and resolved as quickly as possible. Without efficiently and effectively integrating disparate data for agentic AI to leverage immediately, organizations cannot obtain the appropriate context needed to solve issues quickly and effectively, such as how the interdependencies of the underlying business and technology architectures contribute to the issue. Beyond solving issues related to specific areas of the business, the application of agentic AI can also trigger improvements across multiple areas of the business, ideally leading to a self-healing and self-defending organization.
While organizations recognize agentic AI’s potential benefits, they risk raising specific concerns internally about AI in general, namely the potential loss of control (i.e., difficulty overseeing and controlling AI behavior once deployed) as well as job displacement (whether perceived or real) that can hinder adoption. Addressing these concerns means that any agentic AI implementation must involve some level of human oversight. Providing organizations with this oversight ensures that the right actions are taken when issues occur.
Once reassured of the value gained, organizations are more willing to shift their focus to strategic work. For example, instead of the typical alert fatigue IT teams must address, including false positives, agentic AI can take over such tedious and repetitive tasks, enabling security teams to focus on initiatives for bolstering the organization’s security in light of the evolving threat landscape.
Autonomous IT and Security with the ServiceNow AI Platform
Autonomous IT and Security, with the support of the ServiceNow platform, is designed to help organizations reach a self-healing and self-defending state. The platform combines agentic AI, data from the underlying (IT or security) infrastructure, and workflow automation to proactively identify and resolve business-impacting issues. Adopting this platform can help organizations optimize operational efficiency while significantly minimizing human intervention. Autonomous IT and Security can apply agentic AI in specific instances across IT service management, operations, asset management, security, and strategic portfolio management.
Figure 2. The ServiceNow Platform for enabling Autonomous IT and Security
Source: Omdia
ServiceNow’s approach to Autonomous IT and Security goes beyond simple automation, which typically focuses on executing pre-defined steps to address isolated and previously encountered issues. The resolution is executed in the same manner each time the issue arises. With the ServiceNow AI Platform, agentic AI uses a unified data model created from the integration of data from all systems supporting ITOps, SecOps, and risk management processes and workflows to supply the relevant context on why an issue arises so that the appropriate action is taken. As ServiceNow’s agentic AI solves issues, it continues to learn. Eventually, the AI agent can proactively identify and resolve business-impacting issues before they are reported and recorded by a human.
With ServiceNow’s Autonomous IT and Security, organizations can significantly reduce the number of reported issues and outages as well as the human effort spent on manual and repetitive tasks. Time and effort can then be redirected toward more strategic business initiatives, such as modernizing legacy systems or creating new digital customer experience platforms.
Enabling the capabilities of this solution involves the combination of the ServiceNow AI Platform along with one or more ServiceNow products supporting IT and security functions currently offered, including:
IT Service Management (ITSM).
Security Operations/Exposure Management.
IT Operations Management (ITOM).
Integrated Risk Management/Third-party Risk Management.
IT Asset Management.
AI Control Tower.
Strategic Portfolio Management.
With Autonomous IT and Security, improvements in one functional area can trigger improvements in other areas; improvements are revealed in key performance indicators (KPIs) specific to each area. One potential improvement can be reducing in the number of Tier 1 tickets. If only applying Autonomous IT to ITSM, some level of improvement occurs. However, applying Autonomous IT across multiple operations, such as ITSM, ITOM, and IT asset management, can potentially amplify operational efficiency gains. By achieving a reduction in IT asset spending due to maximizing their utilization of IT resources, organizations can experience fewer operational issues and further decrease time to resolution, as well as reduce the number of Tier 1 tickets. Eventually, applying this solution across multiple IT functions can enable organizations to arrive at a self-healing and self-defending state; the entire organization significantly minimizes the amount of “break-fix” encountered daily. This frees up the time and effort for working on strategic IT initiatives.
While the ideal is to arrive at a self-healing and self-defending state, organizations can leverage a modular approach when leveraging Autonomous IT and Security. The solution can be applied to a specific area of IT or security. As organizations apply Autonomous IT and Security to other areas, improvements in KPIs tracked within and across functional areas of IT and security can potentially build upon one another.
Although manual intervention can be significantly reduced, ServiceNow recognizes that humans desire to supervise and govern the autonomous actions taken to ensure that issues are resolved correctly according to established company policies and procedures. By maintaining the “human in the loop,” ServiceNow strives to establish trust with its implementation of Autonomous IT and Security.
Omdia technical validation
Omdia validated the benefits that organizations can gain from using the ServiceNow AI Platform to enable Autonomous IT and Security. Using briefings and online demonstrations, we specifically focused on how ServiceNow helps organizations redirect human effort to focus on strategic business initiatives, enable proactive resilience against security threats and attacks, and build intelligent defenses for mitigating security and business risk.
Re-focusing human effort on strategic business initiatives
IT continues to face the constant onslaught of “break-fix,” reviewing reported trouble tickets and alerts, performing triage and root cause analysis, and resolving issues defined by some level of priority. Needing to constantly resolve problems is a necessary evil for IT or they risk having their organization incurring unwanted operational downtime. Yet, organizations recognize that the never-ending “break-fix” takes valuable time and effort away from working on IT initiatives that help achieve strategic business objectives.
By implementing ServiceNow’s Autonomous IT framework, organizations can achieve the desired level of operational efficiency with the support of agentic AI, workflow automation and orchestration, and unified data models. Not only are repetitive tasks automated—whether related to resolving commonly known issues or performing maintenance activities (e.g., software patches or updates)—but AI agents also proactively identify and resolve issues before they emerge as operational problems.
Omdia Analysis
Omdia considered the case in which an ITOps team member has been alerted to a potential issue: an unavailable virtual machine due to a lost connection. When dealing with any IT issue, the first step is to “triage and analyze” the alert. As shown in Figure 3, the processes and systems used for alert triage and analysis are accessible via disjointed tool interfaces and, most likely, managed by different teams.
Figure 3. Processes and data that support alert triage and analysis
Source: Omdia
With Autonomous IT and Security, ITOps team members can complete alert triage and analysis, with little manual intervention, using ServiceNow’s agentic AI. Figure 5 illustrates how an end user employs ServiceNow Now Assist, a suite of generative AI features within the ServiceNow platform, to kick off the relevant agentic AI workflow. As illustrated in Figure 4, Omdia observed how the “triage and analysis” workflow was initiated for “Alert0020887” by entering “Triage and analyze alerts” into Now Assist. This alert, classified as “Critical,” flagged the unavailability of a host on a Kubernetes cluster.
Figure 4. Kicking off agentic AI workflow for “triage and analyze”
Source: Omdia
Before the workflow is executed, Omdia observed how Now Assist listed the steps to be completed automatically: acknowledge and assign the alert, perform alert analysis, analyze past occurrences, check relevancy, and analyze related incidents when applicable (shown in Figure 5). The ServiceNow AI Platform then initiated the workflow, using the unified data model to gain the proper context and orchestrate the relevant AI agents to complete these steps.
Without Autonomous IT and Security, Omdia recognizes that ITOps would need to manually perform the same steps, with multiple disjointed tools, easily extending the time an issue remains unresolved and potentially reducing end-user productivity. Collecting and correlating data from different processes (e.g., event management, change management, and configuration management shown in Figure 3) is tedious and time-consuming, especially when the relevant data resides in siloed systems, such as the configuration management database (CMDB), alerts, and incident reports. Omdia noted that Autonomous IT and Security can significantly reduce the time and manual effort spent on investigation and resolution.
Experience level is eliminated as a barrier to accurately analyzing alerts, thus reducing time to remediation. While hands-on experience can reduce the time and manual effort, not all members of the ITOps team can be expected to possess the same level of institutional knowledge and maintain consistent mean time to repair (MTTR).
To ensure that the institutional knowledge is preserved, Omdia observed that Autonomous IT and Security drafted a post-mortem report once the issue was resolved (see Figure 5). ITOps can publish this report as a Knowledge Base post as a reference for when similar incidents occur in the future. As more post-mortems are generated, Autonomous IT and Security can access these reports via the unified data model to further decrease MTTR.
Figure 5. Generating post-mortem report
Source: Omdia
As ServiceNow’s agentic AI learns continuously about workflows and processes related to specific IT operations, organizations can begin achieving a self-healing state as agentic AI proactively solves more issues. When applying Autonomous IT and Security to multiple workflows across the business, improvements in one area can propagate. Eventually, organizations can arrive to a self-healing state in which key performance indicators across multiple areas of the business are minimized, with little human intervention.
To illustrate how organizations can achieve a self-healing state, Omdia first reviewed how Autonomous IT and Security goes beyond reducing the time and effort spent on issue resolution by proactively identifying system anomalies. Omdia navigated to the CMDB Discovery and Insights interface that listed health and performance anomalies across all IT assets proactively identified to date with ServiceNow’s agentic AI (see Figure 6).
Figure 6. Proactive identification of system anomalies
Source: Omdia
While these anomalies had been flagged based on thresholds predefined by ITOps for IT system checks, agentic AI can eventually take over to detect patterns indicating that an anomaly exists. Using this list, organizations can get ahead of any operational and service impact these anomalies can cause, subsequently lowering MTTR.
Proactively resolving anomalies can trigger improvements in related IT functions. For example, reducing overall MTTR within ITOps can trigger improvements in IT service operations downstream. As the IT infrastructure supporting IT services becomes more reliable and available, fewer Tier 1 trouble tickets are submitted.
Identifying and resolving anomalies before impact can also translate into increased IT asset availability and reliability. As shown in Figure 7, Omdia observed how Autonomous IT and Security flagged performance (tuning) checks requiring remediation. Instead of manually scheduling and performing these checks, agentic AI can proactively audit and adjust IT assets to optimize performance and resource allocation, ensure compliance, and reduce noise in security monitoring. With this proactive activity, Omdia sees how the “health check” score in Figure 7 would increase as agentic AI assumes more responsibility in resolving anomalies autonomously.
Figure 7. Monitoring real-time IT asset health and performance
Source: Omdia
Since Autonomous IT and Security can reduce the time and effort spent on maintenance, Omdia noted that improvements in IT asset management can occur. Specifically, IT operations shift to a proactive mode driven by agentic AI, going away from the typical “break-fix” cycle. Instead of relying on detected anomalies to fix system performance and availability, deviations in IT asset performance and availability can be continuously monitored and corrected with agentic AI. One example is detecting when hardware or software upgrades need to occur when performance degradation is detected, rather than relying on a set upgrade schedule. With this approach, the useful life of IT assets can also increase, leading to lower total cost of ownership and return on investment, as shown in Figure 8 when monitoring actual and projected IT asset savings.
Figure 8. Facilitating better IT asset management
Source: Omdia
Why This Matters
Struggling with alert fatigue and false positives drowns SecOps teams in manually driven work. This leaves little time for closing security gaps and fortifying an organization’s security posture.
Omdia validated that ServiceNow Autonomous IT and Security can help increase the impact of work performed by SecOps in fighting against threats and attacks. By employing agentic AI, organizations can cut through the alert volume and focus on security issues that are identified to pose the largest (negative) business impact and the biggest risk. With Autonomous IT and Security, organizations can more effectively bolster the existing security perimeter, especially as AI agents start to proactively remediate security issues with little to no manual intervention.
Building intelligent defenses for mitigating security and business risk
Identifying and eliminating security and compliance risks can be difficult without an end-to-end, comprehensive, and up-to-date view for assessing operational resilience. With ServiceNow’s approach to Autonomous IT and Security, organizations can proactively mitigate potential threats and remove compliance risks across SecOps and compliance teams. This approach can support building intelligence defenses, proactively identifying risk areas and related security issues that, when addressed, can maximize the effectiveness of an organization’s security defenses.
Omdia analysis
To evaluate how Autonomous IT and Security can help in proactively managing security and compliance risk, Omdia observed how security and compliance teams can view a summary of the risks related to business activities across the organization, such as those related to payroll and IT, to identify those posing the most risk (see Figure 12). Seeing that “Retail Payments” currently has a higher risk rating compared to other activities in our demonstration, we then navigated to the current risk metrics associated with “Retail Payments” to see what is contributing to the risk score, such as the “Non-complaint dependencies” listing IT assets and processes that support “Retail Payments.”
Figure 12. Summary of security and compliance scores and ratings across business activities
Source: Omdia
Since the compliance score is also higher compared to other scores presented in the summary, Omdia reviewed how risk sources can be identified. Figure 13 depicts risks associated with “Retail Payments” originating from non-compliance with industry and regulatory standards (e.g., PCI) and vulnerabilities, as well as those supporting upstream and downstream IT assets and processes. This aggregate view enables security and compliance teams to identify and select higher-priority teams to address and resolve.
Figure 13. Mapping sources, security, and compliance risk to “retail payments”
Source: Omdia
Why This Matters
Addressing security and compliance risk can be increasingly complex, as these areas can easily overlap, but the respective teams may not be completely aligned in their view of the problems to be addressed. As the amount of security and compliance issue data continually increases, correlating this data to locate where the largest organizational risks lie can be overwhelming and time-consuming. While these teams can improve their individual risk profiles, the chances to improve the organizational risk profile can be lost.
Omdia validated that ServiceNow’s Autonomous IT and Security can optimize an organization’s security and compliance risk profile simultaneously. With ServiceNow’s agentic AI, SecOps and risk management teams can acquire an integrated view of how security vulnerabilities and identified areas of non-compliance relate. By employing ServiceNow’s solution, organizations can learn the higher-priority areas of risk and related vulnerabilities to resolve, subsequently building the required defenses to prevent these issues from reoccurring.
Conclusion
Agentic AI has emerged as a strategic priority for many organizations with its potential to significantly increase operational efficiency. However, the technology can go beyond increasing the efficiency of a single set of operational workflows and processes. By integrating the data used by ITOps, SecOps, and risk management to accomplish their daily tasks, organizations have the opportunity to increase operational efficiency with reported issues as well as increase the chances that issues spanning IT, security, and risk can be proactively identified and resolved, achieving a self-healing state. Once reaching this state, organizations can spend their time and resources on the strategic initiatives that can easily be put aside when constantly addressing operational issues.
ServiceNow’s approach to Autonomous IT and Security is designed to help organizations ultimately arrive at a self-healing and self-defending state. Autonomous IT and Security draws on ServiceNow's knowledge graph and CMDB to supply the contextual intelligence AI agents need to determine the next best course of action and act on it autonomously across the entire IT estate. This context is developed with a unified data model that combines data from all IT assets and processes supporting IT, security, and risk management operations. As the AI agents solve more issues, they learn continuously so that they can proactively identify and resolve issues, further optimizing KPIs key to multiple areas across the business.
Omdia’s evaluation of ServiceNow’s Autonomous IT and Security validates that organizations benefit by:
• Re-focusing human effort on strategic business initiatives, as the manual intervention spent on gathering and correlating data to identify an IT issue’s root causes and resolution can be significantly reduced, while triggering improvements in related IT functions.
• Enabling proactive resilience against security threats and attacks to minimize alert fatigue and attention to false positives.
• Building intelligent defenses for mitigating business risk by proactively locating and highlighting prioritized security and compliance gaps to be closed.
Based on our evaluation, Omdia believes that ServiceNow’s Autonomous IT and Security can drive the operational efficiency organizations need not only to resolve business-impacting issues faced within multiple IT functions but also drive additive improvements in key business metrics across the organizations, regardless of where organizations choose to start implementing agentic AI. We suggest further examining ServiceNow Autonomous IT and Security should you seek to reap the benefits of agentic AI across your organization.
Copyright notice and disclaimer
The Omdia research, data, and information referenced herein (the “Omdia Materials”) are the copyrighted property of TechTarget, Inc. and its subsidiaries or affiliates (together “Informa TechTarget”) or its third-party data providers and represent data, research, opinions, or viewpoints published by Informa TechTarget and are not representations of fact.
The Omdia Materials reflect information and opinions from the original publication date and not from the date of this document. The information and opinions expressed in the Omdia Materials are subject to change without notice, and Informa TechTarget does not have any duty or responsibility to update the Omdia Materials or this publication as a result.
Omdia Materials are delivered on an “as-is” and “as-available” basis. No representation or warranty, express or implied, is made as to the fairness, accuracy, completeness, or correctness of the information, opinions, and conclusions contained in Omdia Materials.
To the maximum extent permitted by law, Informa TechTarget and its affiliates, officers, directors, employees, agents, and third-party data providers disclaim any liability (including, without limitation, any liability arising from fault or negligence) as to the accuracy or completeness or use of the Omdia Materials. Informa TechTarget will not, under any circumstance whatsoever, be liable for any trading, investment, commercial, or other decisions based on or made in reliance of the Omdia Materials.
The ServiceNow Platform for enabling Autonomous IT and Security
Source: Omdia
ServiceNow’s approach to Autonomous IT and Security goes beyond simple automation, which typically focuses on executing pre-defined steps to address isolated and previously encountered issues. The resolution is executed in the same manner each time the issue arises. With the ServiceNow AI Platform, agentic AI uses a unified data model created from the integration of data from all systems supporting ITOps, SecOps, and risk management processes and workflows to supply the relevant context on why an issue arises so that the appropriate action is taken. As ServiceNow’s agentic AI solves issues, it continues to learn. Eventually, the AI agent can proactively identify and resolve business-impacting issues before they are reported and recorded by a human.
With ServiceNow’s Autonomous IT and Security, organizations can significantly reduce the number of reported issues and outages as well as the human effort spent on manual and repetitive tasks. Time and effort can then be redirected toward more strategic business initiatives, such as modernizing legacy systems or creating new digital customer experience platforms.
Enabling the capabilities of this solution involves the combination of the ServiceNow AI Platform along with one or more ServiceNow products supporting IT and security functions currently offered, including:
© {{CurrentYear}} TechTarget, Inc. d/b/a Informa TechTarget. All rights reserved. The Informa TechTarget name and logo are subject to license. All other logos are trademarks of their respective owners. Informa TechTarget reserves the right to make changes in specifications and other information contained in this document without prior notice.