ServiceNow is reportedly in talks to acquire cybersecurity startup Armis in a deal that could be valued at as much as $7BN, a transaction that would be ServiceNow’s largest acquisition to date and underscore how cybersecurity is becoming a core pillar of enterprise customer experience strategies.
The takeover could be announced in the coming days, according to Bloomberg, although the deal is not a foregone conclusion and Armis could attract a competing bidder. If completed, the acquisition would bring the firm’s exposure management platforms into ServiceNow’s expanding portfolio of AI-enabled workflow, security and risk management products.
How Armis’s Device Exposure Management Secures Customer Interactions
Armis was founded in 2016 by Israeli cyber intelligence veterans Yevgeny Dibrov and Nadir Izrael. The startup has built a reputation around real-time visibility and risk management for connected devices.
The firm’s Centrix platform automatically discovers and tracks devices ranging from laptops and smartphones to medical equipment and industrial control systems, as well as building infrastructure, to identify cyber threats and quarantine suspicious devices before they connect to corporate networks. Centrix’s agentless design monitors an organization’s full digital attack surface without requiring software installation on the devices.
That capability is increasingly critical. Customer journeys now depend on complex, always-on digital environments.
Airlines and manufacturers depend on operational technology, hospitals rely on connected medical devices, and smart buildings underpin everything from employee experience to customer-facing services. A single compromised device can cascade into service outages, regulatory exposure, and reputational damage.
Armis’s client roster reflects that reality. The company counts among its customers big-name enterprises across healthcare, manufacturing, government, and critical infrastructure, such as Allegro MicroSystems, Colgate-Palmolive, DocuSign, Mondelēz International, Takeda Pharmaceuticals, and United Airlines. More than 40 percent of the Fortune 100 companies use its services, giving Armis deep reach into the systems that directly and indirectly shape customer experience.
Last week, Armis announced a strategic partnership with KODE Labs and IntelliBuild to combine its device intelligence with KODE Labs’ performance trends and analytics, which are then put into action by IntelliBuild’s governance and reporting.
Armis to Abandon IPO Plans
The timing of the potential ServiceNow deal is worth noting, as just last month Armis raised $435MN in funding from investors led by Growth Equity at Goldman Sachs Alternatives, valuing the company at $6.1BN, with a view to preparing for an initial public offering (IPO) in 2026 or 2027. Other investors include Google’s venture capital arm CapitalG, General Catalyst, Brookfield Technology Partners, and Evolution Equity Partners. At the time, the company said it had recently surpassed $300MN in annual recurring revenue (ARR), growing by more than 50 percent. It has a three-year target to reach $1BN in ARR.
Armis has raised a total of $1.17BN across seven financing rounds since 2017. The acquisition by ServiceNow would be its second major exit, as venture capital and private equity firm Insight Partners acquired a $1.1BN stake in the startup in 2020. That was reportedly the largest ever deal for a private Israeli cybersecurity firm.
More broadly, the potential deal comes at a time when vendors are looking to bolster their security credentials amid a string of high-profile breaches that have exposed customer data. This is accelerating a wave of consolidation in the cybersecurity industry.
Google’s parent company Alphabet agreed to acquire cloud security firm Wiz for $32BN in March, while Palo Alto Networks moved into identity security in July, acquiring CyberArk for around $25BN.
Private equity giant Thoma Bravo, which has also been on an acquisition spree of late, had reportedly been in talks earlier this year to buy Armis for $5BN.
Armis itself has acquired three companies over the past two years to broaden its capabilities, including Israeli cybersecurity startup Silk Security.
These transactions reflect that cybersecurity has become a foundational capability embedded directly into cloud, AI and workflow platforms.
ServiceNow’s Expanding AI and CX Security Acquisition Strategy
For ServiceNow, Armis would extend an already aggressive acquisition strategy.
Earlier this month, the vendor announced plans to acquire identity management firm Veza, which has developed an AI-native Access Graph that maps and analyzes access relationships across data systems, SaaS apps, infrastructure and AI agents. And just this week, ServiceNow said it has completed the acquisition of employee-facing AI assistant provider Moveworks for $2.85BN, its largest ever deal so far. The Armis buy would far surpass that amount.
ServiceNow CEO Bill McDermott has positioned these deals as complementary to the company’s core mission of tightly connecting AI models with existing enterprise systems rather than displacing them. That approach is designed to reduce friction across internal workflows while improving reliability and trust in the security of customer-facing services.
Adding Armis would strengthen ServiceNow’s cybersecurity and risk portfolio, at a time when the separation between IT and customer experience is rapidly disappearing.
As digital services become inseparable from physical operations, whether in smart factories, connected hospitals, or intelligent buildings, cybersecurity failures increasingly show up as customer experience failures. Service downtime, customer data breaches and safety incidents erode trust far faster than poor UI design ever could.
By embedding exposure management directly into its workflow and AI platform, ServiceNow aims to make security proactive, automated, and largely invisible to customers, while still protecting their experiences.
