EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

ServiceNow patches critical AI platform flaw enabling unauthenticated impersonation

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-13 11:47 UTCUpdated 2026-01-13 21:44 UTC
rss
servicenowai_platformvulnerabilitypatchingunauthenticated_accessimpersonation
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
'Most Severe AI Vulnerability to Date' Hits ServiceNow
Dark Reading · News · darkreading.com · 2026-01-13 21:44 UTC
limited source diversity in top sources
View all evidence
Overview

A newly disclosed, now-patched vulnerability in ServiceNow’s AI Platform is being framed as a high-severity example of how adding agentic AI capabilities onto existing chatbot/automation components can expand attack paths. Coverage centers on the risk of unauthenticated user impersonation and the downstream impact of acting as another user across connected systems.

Score total
0.99
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • ServiceNow publicly disclosed details of the now-patched issue.
  • Multiple outlets highlighted the flaw’s severity and AI/legacy integration angle.
Why it matters
  • Unauthenticated impersonation can enable arbitrary actions as another user.
  • AI features layered onto legacy components may widen exposure to connected systems.
  • High-severity scoring and prominent coverage can drive urgent patch prioritization.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • ServiceNow disclosed and patched a critical flaw in its AI Platform that could allow an unauthenticated attacker to impersonate another user and perform actions as them.
  • The vulnerability is tracked as CVE-2025-12420 with a CVSS score of 9.3, and was codenamed “BodySnatcher” by AppOmni.
  • Dark Reading characterizes the issue as stemming from agentic AI being added onto a largely unguarded legacy chatbot, potentially exposing customer data and connected systems.
How sources frame it
  • The Hacker News: neutral
  • Dark Reading: questioning
Two outlets report on a now-patched critical flaw in ServiceNow’s AI Platform that could enable unauthenticated user impersonation.
All evidence
All evidence
'Most Severe AI Vulnerability to Date' Hits ServiceNow
Dark Reading · darkreading.com · 2026-01-13 21:44 UTC
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
The Hacker News · thehackernews.com · 2026-01-13 11:47 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • Dark Reading (1)
  • The Hacker News (1)
Top origin domains (this list)
  • darkreading.com (1)
  • thehackernews.com (1)