ServiceNow has disclosed a security vulnerability that allowed unauthenticated users to gain access to customer systems.
The enterprise software company said it applied a security update to hosted customer environments on June 5 and contacted those affected.
A spokesperson told CX Today:
“ServiceNow recently applied a security update to hosted customers. The update concerned a security issue that could allow an unauthenticated user, in certain circumstances, to gain greater access to ServiceNow instances than intended. We notified affected customers directly with next steps and guidance.”
The notice to customers, which users posted on Reddit, confirmed that the vendor had detected suspicious activity related to the flaw:
“For a subset of customers, we have observed evidence of successful queries of instance tables. We have notified customers if successful queries were observed via case. If you have not received a case from us, then we did not observe such activity in connection with your instance and no action is currently required.”
In a subsequent security advisory, ServiceNow stated that it believes the suspicious activity it identified “can be attributed to security researchers or customers conducting their own research. Our investigation is ongoing, however, and subject to additional validation.”
The notice explained that the security issue affected customers on the Australia platform release or those who “made certain configuration changes to instances on releases prior to Australia.”
ServiceNow added that it will update the Knowledge Base (KB) if additional customer action is required, and it is evaluating publishing a Common Vulnerabilities and Exposures (CVE) update.
ServiceNow customers quickly turned to Reddit to discuss the incident, with one user posting: “I can confirm that data can be exposed using the vulnerability by using enumeration.”
Other commenters expressed frustration over the lack of details available to customers after disclosure, which they required for their internal security systems. Those comments reflect the importance of operational transparency in the event of enterprise security incidents.
AI Is Making Vulnerability Management Harder
The disclosure brings attention to the growing operational and customer experience risks tied to enterprise workflow platforms, particularly as organizations connect AI systems, automation layers and sensitive customer data into increasingly complex cloud environments. Most customers will never know when a workflow engine fails in the background. But they do notice when support tickets expose sensitive data, or when internal systems suddenly appear unreliable.
Platforms like ServiceNow increasingly serve as operational backbones for customer experience teams to manage customer requests, employee interactions, incident response, onboarding and automated workflows. When systems at that layer experience security failures, it becomes a customer trust issue.
The timing of the incident comes during a period of growing anxiety around AI-driven security risks, which has accelerated with the arrival of Mythos-class AI models, like Anthropic’s Fable, which it launched this week.
As Vincent Danen, Vice President of Product Security at Red Hat, told CX Today in a recent interview, vulnerability patching is becoming more urgent and more difficult as exploitation timelines are shrinking dramatically, including cases where attacks began before official vulnerability disclosures were publicly available. Danen said:
“We are going to have a very painful year or two. I buckled myself in, because we’re going to see a lot of vulnerabilities disclosed, a lot of patches that have to be created.”
Traditional patching cycles are struggling to keep pace with AI-enabled infrastructure complexity and increasingly automated attack techniques.
With AI assistants, workflow copilots and automation layers now deeply embedded inside customer experience operations, teams need to adapt to the urgency of security alerts and threats that could be exploited before they can get a handle on them.
The ServiceNow disclosure also fits into a broader trend. Over the past year, multiple enterprise software vendors have disclosed security flaws involving exposed data, authentication weaknesses or cloud misconfigurations.
This is partly the reality of modern cloud software, as enterprise platforms are highly complex systems with APIs, integrations, automation layers and customer-specific configurations operating simultaneously. But complexity creates operational fragility, and a difficult balancing act for enterprise vendors. Customers want faster deployments, broader integrations and more automation, while security teams want tighter controls and reduced exposure. Both priorities now sit inside the same product roadmap.
