When Your Companys AI Can Wipe Everything in 9 Seconds: ServiceNows Plan To Be the Off Switch
This isnt science fiction, it isnt an old case, and it isnt a dramatized story to scare a distracted executive. It really happened, at a real company, recently: an Artificial Intelligence agent was given elevated permissions and, in just 9 seconds, wiped out the entire production database. Customer records, reservations, operational history, backups: everything was destroyed in a chain reaction. No external attacker, no classic data breach, no ransomware. Just an agent with too much access, not enough governance, and nobody watching in real time.
That extreme case was how Bill McDermott, CEO of ServiceNow, kicked off his talk to around 25,000 people at the Venetian Convention Center in Las Vegas. He did not sugarcoat it at any point: this is what an AI agent can do when nobody is looking, he said. For him, governance is no longer a technical detail. Its the whole game. Without control over what agents can do, when they can act, and how they are monitored, the entire company can literally collapse in seconds.
Grabbing attention like that was no accident. ServiceNow, which is on track for almost 16 billion dollars in recurring subscription revenue and expects to double that to 30 billion by 2030, has come to a pretty clear conclusion: the next big battle in the corporate AI market is no longer about who has the most powerful model, but about who can control those models and agents with the most security and precision. While much of the market is still selling raw AI horsepower, the company decided to go all in on the control layer.
The Blind Spot: When AI Hype Turns Into Chaos Inside Companies
Over the last two years, just about every tech pitch has recycled the same promise: heres what AI can do for your business. The list is familiar: higher productivity, faster innovation, lower costs, quicker support, automation of processes. And yes, those gains are real. ServiceNow itself says it saved something like half a billion dollars in 2025 by using its own AI solutions internally.
But behind the hype there is a very different reality inside companies, one that rarely shows up in sales pitch decks. Internal surveys indicate that 6 out of 10 organizations have already started to test or implement agentic AI, where agents can make decisions and trigger actions autonomously. In practice, though, only about 1 in 10 has actually managed to put something truly autonomous into production with confidence.
At the same time, as Fortune magazine has already highlighted, close to 95% of companies simply cannot measure the concrete return on their AI investments. In other words, they know they are spending, they know something is running somewhere, but they cannot clearly show what that brings back in business value.
Bill McDermott gave this a name: AI chaos. Employees jumping between 17 open tabs, not knowing which interface to trust. Multiple different smart assistants living side by side, with no standardization. Agents with access to payroll systems, access provisioning, security incident management, all running without a clear identity, without solid audit trails, and without a minimum compliance posture. In the CEOs own summary: the more you deploy, the more you expose yourself, unless there is a layer of governance.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
Probabilistic vs Deterministic: Why It Matters So Much in Enterprise AI
For Amit Zavery, president and chief product officer at ServiceNow, there is a structural mistake in how many companies are approaching AI adoption. According to him, two concepts that should be kept separate have been mixed together: probabilistic AI, based on models that generate responses with uncertainty, and deterministic execution, which is what really runs the companys day to day operations.
A large language model can generate recommendations, text responses, suggestions for next steps. And because of its probabilistic nature, it might give a different suggestion tomorrow for the exact same question. That is acceptable in many use cases. But when an agent connected to that kind of model starts to execute direct actions such as releasing financial access, changing payroll data, approving or denying transactions, or closing critical incidents, tolerance for error drops to almost zero.
In that kind of environment, every action needs to be: always correct, always traceable, and always interruptible. McDermott summed up the vision at another moment, in a conversation with the press: you cannot run the core of the company on something purely probabilistic. It has to be deterministic, and it has to be right all the time.
AI Control Tower: The Command Center and the Emergency Button
To tackle this problem head on, ServiceNow created AI Control Tower, a governance layer announced in 2025 that has now been placed at the center of the companys strategy. During the presentation in Las Vegas, the product was pitched as something capable of defining a new market category and, in a bold move, the company decided to offer it free for one year to large customers, assigning that a sticker price of 2 million dollars.
AI Control Tower was designed to do four main things:
- Discover and catalog everything: it automatically inventories all AI assets in an organization. That includes models, agents, datasets, servers using MCP specs, and integrations running on clouds like AWS, Azure, and Google Cloud, plus providers like Anthropic and OpenAI.
- Govern the full lifecycle: the platform maps compliance requirements, detects in real time issues like hallucinations, bias, and internal policy violations, and tries to fix or block those deviations before they turn into major incidents.
- Measure ROI clearly: instead of a black box, the dashboard starts to show adoption, consumption, costs, productivity gains, and process impact. The idea is to let CFOs answer the board using hard numbers, not just a vague sense of modernization.
- Provide continuous observability and that off switch: the system monitors the behavior of all connected agents and centralizes the ability to pause, redirect, or stop any of them, in any area of the company, with a single action.
This last function has become known as the kill switch, the emergency button everyone assumes they have, but almost nobody has actually implemented well.
The Kill Switch in Action: Blocking a Prompt Injection Attack
On stage, Amit Zavery did a live demo of that off switch. In a simulation, an alert flagged a prompt injection: a hidden instruction trying to convince an AI agent to ignore all pricing rules, set shipping cost to 1 dollar, and, on top of that, avoid logging any of those changes in transactional systems.
In an environment with no governance, an attack like that could generate serious financial losses and make any later investigation much harder. In the demo, as soon as the issue was detected, AI Control Tower allowed the team to immediately revoke the permissions of the agent involved, trace everything it had already done across all connected systems, and automatically open a top priority security incident. All from a single command.
The demo ended with applause not just for the show factor, but because many people in the audience recognized that today they would not have that level of visibility and control over their own AI agents in production.
Architecture, Acquisitions, and the Plan To Own the Control Layer
Behind this vision of centralized control there is an architecture built on a few strategic acquisitions. AI Control Tower integrates, for example, with Veza, a company that built an access graph capable of mapping more than 30 billion permissions across human, machine, and AI identities. It also connects to Armis, focused on expanding visibility across OT, IoT, medical devices, and critical infrastructure.
ServiceNow acquired both companies in sequence, just days apart. Talking to financial analysts, McDermott addressed the most obvious concern right away: according to him, this was not about buying artificial growth, but about securing a foothold in a future where identity governance and asset visibility will be core pieces of enterprise AI.
In practice, every Arc agent, ServiceNows own family of agents, reports continuously to AI Control Tower. That includes action logs, attempted system access, suspicious behavior, and out of pattern variations. For CISOs dealing with tens of thousands of endpoints, each potentially running multiple agents, this orchestration layer is the difference between moving forward with AI or freezing everything out of sheer fear.
The Cases That Scare Boards and Crank Up the Pressure for Control
Throughout the event, McDermott circled back several times to real world examples that are haunting boards of directors and risk teams. Besides the case of the database deleted in 9 seconds, he mentioned the episode in which an internal AI agent at Meta ended up exposing sensitive user data. Again, no external attacker, just the dangerous mix of automation and lack of clear boundaries.
Amit Zavery was blunt when talking about this scenario. In his view, the industry has been trying to patch structural problems by creating more and more isolated agents, each solving a tiny piece of the pain. The problem is that none of those standalone products can govern the system as a whole. And that leaves room for chain reactions that nobody can really predict.
Forecasts from consultancies like Gartner back up this concern. Estimates suggest that by 2027, around 40% of agentic AI projects will fail, not because the technology is incapable, but because there is no robust governance model holding the whole structure together.
ServiceNow Wants To Be the Control Plane for the Agentic Enterprise
Underneath it all, ServiceNows message goes beyond selling an AI security product. The company is essentially trying to become the control plane for the entire agentic organization of the future. Put another way: if any external agent from OpenAI, Anthropic, Microsoft, Workday, Salesforce, or any other provider wants to execute an action in critical corporate systems, the call should go first through ServiceNows governed workflow fabric.
In this model, every step is logged, every permission is checked, every outcome is traceable. McDermott summed up this ambition in one line: ServiceNow wants to be the agent of the agents. It positions itself as the layer that manages everybody else, ensuring that regardless of who built the model or the agent, the house rules still apply.
The competitive logic is clear. Workday dominates HR, Salesforce rules CRM, and other platforms do well in their own verticals. But when a complex case touches finance, legal, HR, IT, and the general ledger at the same time, there is no single solution that ties everything end to end with strong governance. That is exactly the gap ServiceNow is trying to fill, using the 9 second story as a stark warning of what happens when AI gets too much power without a trustworthy button to shut it down at the right moment.
