AppOmni Surfaces BodySnatcher AI Agent Security Flaw Affecting ServiceNow Apps
None
<p>AppOmni, a provider of a platform for securing software-as-a-service (SaaS) applications, this week disclosed it has discovered a flaw in the ServiceNow platform that could be used to create a malicious artificial intelligence (AI) agent.</p><p>Dubbed <a href="https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/">BodySnatcher</a> (CVE-2025-12420), AppOmni researchers discovered it was possible for an unauthenticated intruder to impersonate any ServiceNow user using only an email address, bypassing multifactor authentication (MFA) and single sign-on (SSO) frameworks that ServiceNow has adopted.</p><p>Once access was gained, AppOmni researchers discovered they could create an AI agent with escalated privileges that enabled it to access external environments via the Virtual Agent application programming interface (API) that ServiceNow developed.</p><p><a href="https://securityboulevard.com/wp-content/uploads/2026/01/[email protected]"><img fetchpriority="high" decoding="async" class="wp-image-2081318 aligncenter" src="https://securityboulevard.com/wp-content/uploads/2026/01/[email protected]" alt="" width="856" height="482" srcset="https://securityboulevard.com/wp-content/uploads/2026/01/[email protected] 300w, https://securityboulevard.com/wp-content/uploads/2026/01/[email protected] 768w, https://securityboulevard.com/wp-content/uploads/2026/01/[email protected] 1024w" sizes="(max-width: 856px) 100vw, 856px"></a></p><p>Since that discovery, ServiceNow has created a patch for customers that remediates this issue and there are no known instances of this exploit being used.</p><p>Aaron Costello, chief of security research for AppOmni, said as providers of SaaS applications deploy AI agents the BodySnatcher exploit should serve as an object lesson for potential risks. It’s still relatively trivial for cybercriminals to gain access to SaaS applications using stolen credentials or by bypassing MFA. Once access is gained, they can then compromise an AI agent to potentially take over an entire workflow, he noted.</p><p>The issue that organizations will ultimately need to come to terms with is the level of risk associated with deploying AI agents is significantly higher than previous generations of emerging technologies.</p><p>Unfortunately, <a href="https://techstrong.ai/features/survey-surfaces-rapid-adoption-of-ai-agents-across-the-enterprise/">the pace at which AI agents are being adopted is already exceeding the ability of many cybersecurity teams to keep pace</a>, added Costello. As such, it’s likely only a matter of time before a major cybersecurity incident involving AI agents is discovered and disclosed, he said.</p><p>Cybersecurity teams, meanwhile, would be well-advised to review the guardrails that SaaS application providers are putting in place to secure AI agents. Many of those efforts only provide a minimum level of security that can be easily circumvented, noted Costello.</p><p>It is, of course, challenging these days for any cybersecurity team to prevent any technology from being adopted, but nevertheless they need to find a way to at least make employees aware of the potential hazards. Cybersecurity professionals are generally reluctant to appear as “party poopers” as AI agents gain momentum but there needs to be more focus on end user education, noted Costello.</p><p>At the same time, cybersecurity teams should be preparing now to respond to a breach involving AI agents that has the potential to rapidly expand, especially if that AI agent has access to massive amounts of sensitive data. The potential blast radius of a breach involving an AI agent is huge, said Costello.</p><p>The degree to which providers of AI agents and platforms are aware of these issues is less clear. However, as cybersecurity researchers spend more time on reviewing the guardrails currently in place the greater the appreciation for the actual state of AI there will be. The hope then becomes finding a way to resolve these issues before cybercriminals are able to exploit them.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/appomni-surfaces-bodysnatcher-ai-agent-security-flaw-affecting-servicenow-apps/" data-a2a-title="AppOmni Surfaces BodySnatcher AI Agent Security Flaw Affecting ServiceNow Apps"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fappomni-surfaces-bodysnatcher-ai-agent-security-flaw-affecting-servicenow-apps%2F&linkname=AppOmni%20Surfaces%20BodySnatcher%20AI%20Agent%20Security%20Flaw%20Affecting%20ServiceNow%20Apps" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fappomni-surfaces-bodysnatcher-ai-agent-security-flaw-affecting-servicenow-apps%2F&linkname=AppOmni%20Surfaces%20BodySnatcher%20AI%20Agent%20Security%20Flaw%20Affecting%20ServiceNow%20Apps" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fappomni-surfaces-bodysnatcher-ai-agent-security-flaw-affecting-servicenow-apps%2F&linkname=AppOmni%20Surfaces%20BodySnatcher%20AI%20Agent%20Security%20Flaw%20Affecting%20ServiceNow%20Apps" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fappomni-surfaces-bodysnatcher-ai-agent-security-flaw-affecting-servicenow-apps%2F&linkname=AppOmni%20Surfaces%20BodySnatcher%20AI%20Agent%20Security%20Flaw%20Affecting%20ServiceNow%20Apps" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fappomni-surfaces-bodysnatcher-ai-agent-security-flaw-affecting-servicenow-apps%2F&linkname=AppOmni%20Surfaces%20BodySnatcher%20AI%20Agent%20Security%20Flaw%20Affecting%20ServiceNow%20Apps" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>