ServiceNow BodySnatcher flaw enabled AI agent takeover via email address

Jan 2026

CVE-2025-12420 (CVSS 9.3) allowed unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing MFA and SSO. Attackers could then execute Now Assist AI agents to override security controls and create backdoor admin accounts, described as the most severe AI-driven security vulnerability uncovered to date.

Incident Details

Perpetrator:AI agent platform

Severity:Catastrophic

Blast Radius:ServiceNow instances with Now Assist AI Agents and Virtual Agent API

Tech Stack

ServiceNow Now AssistVirtual Agent API

References

AppOmni: BodySnatcher agentic AI vulnerability in ServiceNow ↗The Hacker News: ServiceNow Patches Critical AI Platform Flaw ↗CyberScoop: ServiceNow patches critical AI platform flaw ↗