ServiceNow shipped something interesting at Knowledge 2026 last week, and the coverage has been predictably adequate. The company expanded its Now Assist governance layer with two specific additions: per-agent policy scoping, which lets administrators define behavioral constraints at the individual agent level rather than at the workflow or role level, and activity attestation, which generates signed activity logs for each agent action with configurable attestation intervals and a chain-of-custody record that persists across the agent's operational lifetime. Both features sit inside Now Assist's enterprise workflow orchestration layer. Both are being positioned as AI oversight controls, the kind of thing a CISO can point to when the board asks how the company is governing its AI agents.
The obvious read writes itself: enterprise buyers demanded governance controls for AI agents, ServiceNow responded, the governance layer is now more capable. That read is accurate. It is also the least interesting thing you can say about this move.
Here is the question I've been sitting with since the Knowledge announcements: at what point does a governance layer become an identity authority? And does it matter whether ServiceNow intends for that to happen?
Precision matters here, because "identity authority" carries a lot of conceptual freight. An identity authority is not just a system that knows who someone is. It is a system that performs three specific functions: it logs what an entity did, it scopes what that entity is permitted to do, and it attests to that entity's activity in a form that other systems can verify and rely on. Those three functions are the core anatomy. Everything else, the credential issuance, the federation protocols, the certificate hierarchies, is downstream of those three functions. The authority is constituted by the functions, not by the product category.
Per-agent policy scoping is the second function. Activity attestation is the third. The first function, logging agent behavior, has been part of Now Assist since its initial release. ServiceNow has now assembled all three.
This is the puzzle the obvious read misses. ServiceNow completed the functional anatomy of an identity authority inside a workflow platform. Whether it knows that is a separate question.
ServiceNow's financials are load-bearing here, because the structural argument runs from incentives, not from intent. In the Q1 2026 earnings call, CFO Gina Mastantuono disclosed the following:
| Metric | Q1 2025 | Q1 2026 |
|---|---|---|
| Now Assist embedded in new enterprise agreements | 44% | 71% |
| Now Assist annualized contract value | $195M | $380M |
CEO Bill McDermott described the governance expansion specifically as a "platform depth" investment, language that, in ServiceNow's investor communications, is a reliable signal for stickiness strategy rather than feature competition.
That framing matters. Platform depth, in ServiceNow's model, means features that make the platform harder to displace, not because they're better than point solutions, but because they embed the platform more deeply into the customer's operational architecture. The more a customer's AI agents are governed by Now Assist, the more Now Assist becomes the authoritative record of what those agents did, what they were permitted to do, and whether their behavior was attested. Displacing Now Assist then requires not just replacing a workflow platform but migrating an authoritative record. That is a different kind of switching cost.
The structural incentive to deepen that authority is therefore present regardless of whether anyone at ServiceNow has named it that way. The business model rewards it. The platform economics demand it. The open question is how far down the path ServiceNow will go before it either names what it's doing or encounters a structural limit.
I want to be honest about the inferential step here. I'm reading a business model incentive and projecting a product trajectory. That inference is strong but not certain. ServiceNow could decide that the governance layer is sufficient, that the credential-issuance market is too contested, or that formalizing identity authority creates regulatory exposure it doesn't want. I'll come back to those conditions when I make the prediction. For now, the incentive exists and is visible in the numbers.
The historical parallel I keep returning to is AWS IAM, and it's worth spending a moment on it because the structural logic is almost identical.
AWS IAM launched in 2011. It was not positioned as an identity platform. It was positioned as a way to control access to AWS resources, a permissions system for EC2 instances and S3 buckets. The original use case was straightforward: you have cloud resources, you need to control who can touch them, here is a mechanism for doing that. Identity was not the point. Access control was the point.
What happened over the next decade was not a product decision. It was a structural inevitability. If you control what a workload can do, you become the authority on what that workload is. IAM began issuing credentials (access keys, instance profiles, role ARNs) because the access control function required them. It began logging activity through CloudTrail because the governance function required it. It began scoping permissions at increasingly granular levels because the security function required it. By the time AWS launched IAM Identity Center in 2022, it was formalizing an identity authority that had been implicit in the architecture for over a decade.
Nobody at AWS in 2011 was saying "we are building an identity authority." They were building a permissions system. The identity authority emerged from the structural logic of the functions they were performing.
The parallel to ServiceNow is direct. ServiceNow is not building an identity authority either. It is building a governance layer for AI agents. But the governance layer performs the same three functions that constitute identity authority (logging, scoping, attesting) and the structural incentive to deepen those functions is identical to what drove IAM's expansion. The platform that controls what AI agents can do becomes the authority on what those agents are. That is not a product roadmap decision. It is a structural consequence.
The difference between IAM in 2011 and Now Assist in 2026 is that we have the IAM story as a reference. We can see the endpoint from the starting point. That is either a reason to expect ServiceNow to follow the same path more quickly, or a reason to expect the identity governance market to resist it more actively. Probably both.
Let me name the framework explicitly, because I think it has utility beyond this specific ServiceNow analysis.
Platform-as-identity-authority is what happens when a workflow or orchestration platform becomes the system of record for AI agent behavior — the authority is implicit in the architecture before it is ever formalized in a product.
It does not require intent. It does not require a product announcement. It does not require a partnership with an identity vendor or a certification from a standards body. It requires only that the platform perform the three functions: log what agents did, scope what they're permitted to do, attest to their activity in a form that other systems can rely on.
Once those three functions are present, the platform is performing identity authority regardless of what it calls those functions. The governance layer is the identity layer. The activity log is the audit trail. The policy scope is the permission model. The attestation artifact is the credential precursor. The naming is different; the function is the same.
This matters because it changes the competitive analysis. ServiceNow may have already entered the identity market by a different door, and the market hasn't fully processed it. The Knowledge 2026 governance expansion has been covered almost entirely as an AI oversight story, not as an identity architecture story. That framing gap is where the interesting analysis lives.
There is an objection worth absorbing here: maybe the governance layer and the identity authority are genuinely different things, and I'm collapsing a distinction that matters. The objection would go something like: identity authority requires credential issuance, a persistent, portable artifact that represents an entity's identity and can be verified by systems outside the issuing platform. ServiceNow's activity attestation is a log, not a credential. The chain of custody is internal to the Now Platform. Without portability and external verifiability, you have a governance record, not an identity credential.
That objection is correct as a description of the current state. It is not a refutation of the structural argument. It is, in fact, precisely the gap that the structural incentive will push ServiceNow to close. The governance record becomes a credential when it needs to be verified by a system outside the Now Platform. As AI agents in ServiceNow workflows interact with external systems, which is the entire point of enterprise workflow orchestration, the demand for portable, externally verifiable agent identity will emerge from the architecture itself. The attestation artifact that is currently internal will face pressure to become external. That pressure is the mechanism of the prediction.
In a piece I published in November 2024, I made a claim about Now Assist that I want to score explicitly, because I got it partially wrong. I wrote that Now Assist's governance features were:
"a compliance overlay rather than an architectural commitment — the kind of checkbox capability that satisfies an RFP requirement without changing the platform's fundamental relationship to identity."
The May 2026 expansion refutes the "compliance overlay" framing. Per-agent policy scoping is not a checkbox. It is a genuine architectural capability that changes how the platform relates to individual agent behavior. I was right that the November 2024 state was shallow. I was wrong to project that shallowness forward as a stable condition. ServiceNow moved faster and deeper than I expected.
I'm noting this not as self-flagellation but because the correction is informative. The pace of the Now Assist governance buildout, from basic audit logging in 2024 to per-agent policy scoping and activity attestation in May 2026, is faster than I modeled. That pace is itself evidence for the structural incentive argument. ServiceNow is not building these features because they appeared on a product roadmap three years ago. It is building them because the market is pulling them forward, and that pull is the same structural logic I've been describing.
Here is the prediction, stated as precisely as I can manage.
Within 18 months of the May 2026 Now Assist governance expansion (so by November 2027), ServiceNow will ship a dedicated credential-issuance mechanism for AI agents operating within the Now Platform. By "dedicated credential-issuance mechanism," I mean a specific thing: a mechanism by which the Now Platform issues a persistent, portable identity artifact, a token, certificate, or signed attestation, that represents an AI agent's identity and authorization state and can be verified by systems outside the Now Platform itself. The portability and external verifiability are the operative criteria. An internal attestation record that gets more sophisticated is not this. A partner integration that routes through a third-party identity provider is not this. The prediction is about ServiceNow issuing the credential itself.
My confidence is 62%. I want to explain what that number reflects, because it is not a hedge.
The structural case for the prediction is strong. The incentive is visible in the financials. The functional anatomy is assembled. The historical parallel is precise. The architectural pressure from external system integration is real and will intensify as agentic workflows mature. If I were betting on the structural logic alone, I would be above 70%.
What pulls the number down is the competitive and regulatory environment. The identity governance market is not passive. Dedicated identity vendors have been watching the platform-as-identity-authority dynamic develop and have strong incentives to contest it, both by building workflow-native integrations that make the credential-issuance layer portable without requiring ServiceNow to build it, and by lobbying enterprise security teams on the risks of single-platform identity authority for AI agents. If that contest is effective, ServiceNow may find that the governance layer is sufficient for its platform stickiness goals without the additional complexity and regulatory exposure of formal credential issuance.
There is also a timing question I genuinely cannot resolve from the outside. ServiceNow's product organization has historically moved in 18-month cycles on major architectural additions. The May 2026 governance expansion may represent the completion of one cycle, with the next cycle not yet committed. If the credential-issuance decision is not already in the roadmap, 18 months is tight. If it is already in the roadmap (and the pace of the governance buildout suggests it might be), 18 months is comfortable.
What would falsify the prediction: ServiceNow announces a formal partnership with a dedicated identity vendor for agent credential issuance, explicitly positioning that vendor as the credential authority and Now Assist as the governance consumer. That would be the structural alternative, ServiceNow capturing the governance stickiness without taking on the identity authority function directly. I think this is less likely than the internal build, because the partnership model introduces a dependency that conflicts with ServiceNow's platform economics. But it is a real possibility.
What would confirm the prediction before the 18-month mark: A developer preview or early access program for any Now Platform feature described using the words "agent identity," "agent credential," or "agent certificate." ServiceNow's product release cadence means that a GA capability in November 2027 would likely surface as a developer preview by Q1 2027 at the latest. Watch the developer documentation and the Knowledge 2027 session catalog.
The thing I find genuinely interesting about this moment, and I want to be careful not to overstate it, is that ServiceNow is probably not having the conversation I'm describing. The people who built per-agent policy scoping were solving a governance problem. The people who built activity attestation were solving a compliance problem. The product managers who assembled these features into the May 2026 release were responding to enterprise buyer demand for AI oversight controls. All of that is true.
The structural argument does not require that anyone at ServiceNow intended to build an identity authority. It requires only that the functions they built constitute one. Intent and consequence are different things in platform architecture. AWS did not intend to build an identity authority in 2011. The architecture forced the consequence anyway.
That is the pattern I'm watching for. Not the announcement, not the keynote, not the product marketing language. The architecture. When the Now Platform's activity attestation artifacts start appearing in security incident investigations as the authoritative record of what an AI agent did, when a CISO says "we pulled the Now Assist attestation log" the way they currently say "we pulled the CloudTrail logs," the identity authority will have been formalized in practice before it is formalized in product.
The credential-issuance mechanism, if it comes, will be the product catching up to the architecture. That is how these things tend to go.
On Signal publishes competitor commentary in The Outer Ring on a rolling basis. Predictions are logged with dates and scored when the window closes. The November 2024 ServiceNow claim referenced above appeared in issue 31.