The Risk Wheelhouse
The Risk Wheelhouse is designed to explore how RiskTech is transforming the way companies approach risk management today and into the future. The podcast aims to provide listeners with valuable insights into integrated risk management (IRM) practices and emerging technologies. Each episode will feature a "Deep Dive" into specific topics or research reports developed by Wheelhouse Advisors, helping listeners navigate the complexities of the modern risk landscape.
The Risk Wheelhouse
S7E2: The Autonomous Enterprise And The AI Control Tower
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
You can feel the shift happening when you stop picturing “AI tools” and start picturing “AI workers.” From the floor of ServiceNow Knowledge 26 in Las Vegas, we zoom out from the shiny security headlines and explain what John A. Wheeler argues is the real story: autonomous integrated risk management is the first credible blueprint for governing an enterprise where non-human identities execute the majority of actions.
We break down the AI control tower mechanics in plain language: the continuous loop of sense, decide, act, secure, plus the five control functions that make governance real at scale (discover, observe, govern, secure, measure). We also get brutally specific about the nightmare scenario many organizations are living through right now: AI agents operating with identity permissions originally designed for humans. When an agent “wears” a cloned human badge, traditional perimeter security can be blind to catastrophic actions happening at machine speed.
Then we map the key architectural puzzle pieces: Armis for agentless visibility across IT and operational technology, Vesa for real-time authorization graph mapping and least-privilege enforcement, and the action fabric that turns third-party models like Anthropic’s Claude into governable actors by controlling their actions, not their internals. We also unpack the NVIDIA partnership and why open AI infrastructure makes workflow-aware governance the premium differentiator.
Finally, we ground it all in outcomes (hours saved, dormant identities eliminated, compliance timelines crushed) and connect the dots to the regulatory wave coming fast: ISO/IEC 42001, the NIST AI Risk Management Framework, and the EU AI Act. If you’re making platform decisions for the next decade, this is the week the vendor questions change. Subscribe, share this with your security or architecture team, and leave a review with the biggest governance risk you’re trying to solve.
Visit www.therisktechjournal.com and www.rtj-bridge.com to learn more about the topics discussed in today's episode.
Subscribe at Apple Podcasts, Spotify, or Amazon Music. Contact us directly at info@wheelhouseadvisors.com or visit us at LinkedIn or X.com.
Our YouTube channel also delivers fast, executive-ready insights on Integrated Risk Management. Explore short explainers, IRM Navigator research highlights, RiskTech Journal analysis, and conversations from The Risk Wheelhouse Podcast. We cover the issues that matter most to modern risk leaders. Every video is designed to sharpen decision making and strengthen resilience in a digital-first world. Subscribe at youtube.com/@WheelhouseAdv.
Invisible AI Workforce And CISO Panic
Ori WellingtonSo uh I want you to imagine for a second that you could put on a pair of like augmented reality glasses.
Sam JonesOkay, I like where this is going. Right.
Ori WellingtonSo you put these glasses on and you just walk straight into the headquarters of a massive, you know, Fortune 500 company. And through these AR lenses, you don't just see the normal everyday stuff. You don't just see the human employees sitting at their desks or, you know, drinking their morning coffee or walking into conference rooms.
Sam JonesYou're seeing the invisible workforce. Trevor Burrus, Jr.
Ori WellingtonExactly. You're seeing the digital workers, the AI agents. And through these glasses, they look like um like these bright streaks of light just zooming between servers and databases and external networks at light speed.
Sam JonesAaron Powell Yeah. And if you were actually wearing those glasses today in a real corporate environment, what you'd see would probably well, it'd induce a full-blown panic attack for most chief information security officers. Trevor Burrus, Jr.
Ori WellingtonOh, absolutely.
Sam JonesBecause you'd look around and realize that the human beings in the office are essentially standing completely still while these streaks of light, these non-human identities, are just moving at blinding speeds everywhere.
Ori WellingtonAaron Ross Powell Right. And it's the sheer volume that really shatters your perspective, I think.
Sam JonesYeah.
Ori WellingtonBecause the streaks of light, they outnumber the human employees by this massive, just overwhelming margin now.
Sam JonesAaron Powell It's not even close.
Ori WellingtonAaron Powell No, it's not. And we aren't talking about, you know, simple background scripts anymore. We're talking about non-human identities that are actually making complex decisions.
Sam JonesThey're accessing highly sensitive customer data.
Ori WellingtonAaron Powell Yes. And they're executing financial trades, approving supply chain workflows, interacting directly with third-party vendors. I mean, it's a whole different ballgame.
Sam JonesTrevor Burrus, Jr. It really is a profound structural shift in how a business actually operates at its core.
Ori WellingtonYeah.
Sam JonesAnd uh for those joining us, I'm Sam Jones, an advisor with Wheelhouse Advisors.
Ori WellingtonAaron Powell And I'm Aury Wellington, also an advisor with Wheelhouse. And we are broadcasting this week's deep dive directly from the floor of ServiceNow's Knowledge 26 event right here in Las Vegas.
Sam JonesAaron Powell Yeah. And the atmosphere inside this convention center right now is honestly, it's completely consumed by this exact reality we're talking about. I mean, the neon lights out on the Vegas strip are buzzing, sure, but the real electricity is happening inside these keynote halls.
Ori WellingtonOh, without a doubt.
Sam JonesBecause the industry has finally truly collided with the consequences of deploying AI at scale. Autonomous IRM has finally hit the marketplace, which is huge for us because Wheelhouse has been covering this emergence for over a year now.
Ori WellingtonOver a year of tracking this, yeah. Which brings us really to the core mission of today's deep dive. We're going to unpack a dispatch straight from the ground here. It's a frankly phenomenal piece of analysis written by John A. Wheeler. Trevor Burrus, Jr.
Sam JonesThe founder of Wheelhouse Advisors, yeah.
Ori WellingtonExactly. And this piece was just published in the Risk Tech Journal. Now, if you're just reading the initial press releases coming out of this Knowledge 26 event, the massive announcement from ServiceNow, it basically looks like a major cybersecurity update.
Sam JonesRight. That's how it reads on the surface. Aaron Powell Yeah.
Ori WellingtonBut Wheeler is arguing in this dispatch that the headlines are entirely missing the plot. Like completely missing it. This isn't just about patching firewalls or stopping hackers?
Sam JonesNo, no, it's way bigger than that.
Ori WellingtonAaron Ross Powell We are witnessing the arrival of what he calls the autonomous enterprise. And the fundamental question we have to answer for you today is how on earth do we keep these millions of non-human identities from just going completely off the rails?
Sam JonesAaron Powell Well, to understand why the headlines miss the mark so badly, you kind of have to look at how the first wave media coverage digested the opening keynote here. Right. The press, you know, they latched onto the most easily digestible narrative available to them, which was the security angle. Because ServiceNow, they heavily featured their new autonomous security and risk suite.
Ori WellingtonAaron Powell Oh, yeah, they put that front and center.
Sam JonesAaron Powell They did. They paraded out these new uh AI specialists, which are essentially these highly specialized digital workers assigned specifically to handle phishing incident response and like vulnerability remediation.
Ori WellingtonAaron Powell And they paired all that with the integration of Armis.
Sam JonesRight.
Ori WellingtonWhich is an acquisition they closed just, what, two weeks prior to this event. Trevor Burrus, Jr.
Sam JonesTwo weeks ago, yeah. So it was very fresh.
Ori WellingtonAaron Ross Powell Right. And you know, I can totally see why a tech journalist on a tight deadline would just frame this as a standard security story. I mean, cybersecurity is this universal visceral headache for everybody. Trevor Burrus, Jr.
Sam JonesEvery single company feels that pain.
Why The Headlines Miss Autonomous IRM
Ori WellingtonTrevor Burrus, Jr. Exactly. Every executive on the planet understands the threat of a ransomware attack. So when ServiceNow gets up on that keynote and announces that their own internal security operations center is currently running on this platform and they're handling incidents seven times faster than before. I mean, come on, that is an incredibly shiny metric.
Sam JonesIt really is.
Ori WellingtonAI fixes hacks 700% faster is basically a headline that writes itself for these tech blogs.
Sam JonesOh, totally. And to be fair, the security framing isn't factually incorrect, right? Like those elements are very real and they're currently deployed.
Ori WellingtonRight, it's not a lie.
Sam JonesNo, not at all. The Armis acquisition is a massive piece of the puzzle, and those AI specialists are legitimately altering the fundamental math for security operations centers. Yeah. But Wheeler is sounding a massive alarm in his dispatch because treating this as merely a new security tool is just dangerously myopic. Trevor Burrus, Yeah.
Ori WellingtonI was trying to think of a good parallel here. And uh focusing only on the security aspect of this announcement.
Sam JonesYeah.
Ori WellingtonIt feels kind of like looking at the invention of the electric grid.
Sam JonesRight. Right. Yeah.
Ori WellingtonAnd you're staring at a single light bulb and you conclude, oh wow, Thomas Edison just invented a slightly better reading lamp.
Sam JonesAaron Powell That is a perfect analogy. Yes.
Ori WellingtonTrevor Burrus Like it completely ignores the entire infrastructure that is literally going to power an entire century of industrial revolution.
Sam JonesTrevor Burrus Exactly. That captures the scale of the oversight perfectly. You're looking at one very specific end user application, the security suite, and you're missing the underlying architecture that makes it possible. What ServiceNow has actually announced here, according to Wheeler's core thesis, is the electric grid itself. They have unveiled the arrival of autonomous integrated risk management or autonomous IRM. Trevor Burrus, Jr.
Ori WellingtonBut okay, let me push back a little on this, or at least play devil's advocate for the listener here.
Sam JonesSure.
Ori WellingtonIf these AI specialists are legitimately speeding up security operations by a factor of seven, I mean that is a monumental lead.
Sam JonesIt's massive.
Ori WellingtonBecause in a modern SOC, a security operations center, the analysts are just drowning in alert fatigue. They're dealing with thousands of false positives every single day.
Sam JonesJust staring at dashboards, yeah.
Ori WellingtonExactly. So if an AI can suddenly triage that data, identify the true phishing payload, isolate the compromised machine, and do all of that seven times faster, I mean that saves companies millions of dollars.
Sam JonesRight, easily.
Ori WellingtonAnd it potentially saves them from those catastrophic board-level breaches. So why is Wheeler saying that framing is incomplete? Like what is fundamentally different about autonomous IRM that makes the security angle too small?
Sam JonesThat's the key question. And the answer is because the mechanism that allows that specific AI specialist to isolate the phishing payload, it isn't actually a security mechanism.
Ori WellingtonAaron Powell Wait, it's not.
Sam JonesNo, it's fundamentally a governance mechanism. The security tools are just applications running on top of this foundational enterprise-wide governance layer. And Wheeler and the Risk Tech Journal, they've been tracking the emergence of this autonomous IRM category since October 2024.
Ori WellingtonAaron Powell Yeah, it's been a long road.
Sam JonesAaron Powell It has. And what ServiceNow finally dropped here at Knowledge 26 is the first complete commercial architecture that's designed to govern an entire enterprise that is fundamentally run by AI. Right. We have officially moved way past the era of AI helps humans do their jobs better. Trevor Burrus, Jr.
Ori WellingtonYeah, the co-pilot era is over.
Sam JonesTrevor Burrus, Jr. Exactly. We're entering the era of AI is doing the job entirely independently, and we desperately need a system to manage the AI.
Ori WellingtonAaron Ross Powell Okay, so we're really talking about the engine of this entire operation.
Sam JonesYes.
Ori WellingtonBecause in the keynote, ServiceNow chairman and CEO Bill McDermott, he presented this as the AI control tower. And the imagery there is super striking. Like you immediately picture an air traffic control tower at a massive international airport like JFK or Heathrow.
Sam JonesRight.
Ori WellingtonBut instead of directing, you know, physical 747s, it's directing those millions of streaks of light we visualized early in our AR glasses analogy. Trevor Burrus, Jr.
Sam JonesDirecting the digital workers, yeah.
Ori WellingtonBut let's strip away the marketing jargon for a minute. Because control tower sounds great on a slide. But mechanically speaking, as an enterprise architect, how does this engine actually work?
Sam JonesAaron Ross Powell So the architecture McDarnett presented organizes all these enterprise AI workflows around four core operational motions.
Ori WellingtonAaron Powell Okay, four motions. Right.
Sam JonesThey are sense, decide, act, and secure. This is the continuous, unbreakable loop of the autonomous enterprise.
Ori WellingtonAaron Powell Sense, decide, act, secure.
Sam JonesTrevor Burrus, Jr.: Exactly. So let's trace a hypothetical scenario through that loop just to make it concrete. Let's say an AI agent is tasked with routing global supply chain logistics.
Ori WellingtonAaron Powell Okay, a logistics agent. So the first step in the loop is sense, meaning the AI is continuously monitoring the environment, right? It's ingesting data from the ERP system, it's reading supplier emails, scanning global weather patterns, checking inventory levels across like 50 different global warehouses.
Sam JonesAaron Ross Powell It's pulling telemetry from dozens of APIs simultaneously. Trevor Burrus Right.
Ori WellingtonAnd it's doing this ingestion phase at a scale that human brains just literally cannot process. Trevor Burrus, Jr.
Sam JonesNot even close. So that sense. Then comes the second motion decide. The AI evaluates all that ingested telemetry against its program parameters and crucially against dynamic risk policies. So let's say it senses that a major typhoon is going to shut down a critical shipping port in Taiwan.
Ori WellingtonOh wow.
Sam JonesIt instantly decides that in order to avoid a massive manufacturing delay at their plant in Germany, it needs to instantly reroute a shipment of microchips via air freight from a secondary supplier over in South Korea.
Ori WellingtonOkay, so it senses the storm, it decides on the South Korea Air Freight backup plan. Then we move to the third step act. And this is where it gets crazy. Because the AI doesn't just draft an email to a human logistics manager asking for permission, does it?
Sam JonesNo, it doesn't wait for human approval. It actually executes the decision. It interfaces directly with the South Korean supplier's digital system. It negotiates the shipping rate based on pre-approved financial thresholds.
Ori WellingtonThat's wild.
Sam JonesIt issues the purchase order and it updates the entire company's inventory forecasting models.
Ori WellingtonInstantly. Which brings us to the final and honestly probably the most critical step of the four. Yes. Secure.
Sam JonesTrevor Burrus, Jr. Yes. The governance piece.
Ori WellingtonAaron Powell Because the system has to ensure that the action the AI just took was actually within compliance. Trevor Burrus Right.
Sam JonesExactly.
Ori WellingtonTrevor Burrus It logs the entire decision-making matrix for auditing purposes. It verifies the financial transaction against budget controls, and it hardens the workflow against potential fraud. So it's sense, decide, act, secure. And this isn't some linear checklist that happens once a day. This is a continuous millisecond by millisecond loop happening millions of times across the enterprise.
Sam JonesAaron Powell Millions of times a day. And that makes the operational loop clear. But Wheeler's dispatch also details five very specific risk management functions that sit within this AI control tower.
Ori WellingtonTrevor Burrus Right. The functions.
Sam JonesRight. So if the first four motions, sense, decide, act, secure, are the engine of the car. These five functions are the braking system and the steering wheel. Aaron Powell Okay.
Ori WellingtonWhat are the five functions?
Sam JonesDiscover, observe, govern, secure, and measure.
Ori WellingtonAaron Powell Discover, observe, govern, secure, measure. Let's break down what these actually do at like a code and architecture level. Because I feel like this is where the control tower really earns its name.
Sam JonesIt is.
Ori WellingtonLet's start with discover. I assume the system is constantly scanning the enterprise environment to inventory every single AI agent operating within the company.
Sam JonesAaron Powell That's exactly it. And that is so much harder than it sounds.
Ori WellingtonAaron Powell Oh, I bet. It's not like every AI agent just politely registers itself with the IT department and says, hello, I'm here.
Sam JonesNo, of course not. You have this massive problem of shadow AI.
Ori WellingtonRight, shadow AI.
Sam JonesYou've got marketing teams buying random sauce tools on a corporate credit card that have embedded AI agents. You have rogue developers spinning up test environments using open source models they downloaded off GitHub.
Ori WellingtonYeah, that's a mess.
Sam JonesDiscovering all of them requires incredibly deep network inspection because you cannot govern what you don't fundamentally know exists.
Ori WellingtonAaron Powell Right. So once the system finally discovers them, it moves to observe, meaning it continuously scores the risk of these agents. And it isn't just looking at their static configuration files, right? It's watching their actual behavior in real time.
Sam JonesReal time telemetry, yeah.
Ori WellingtonLike it's asking, why is this customer service chatbot suddenly trying to access the payroll database? Or why is this marketing copy generator attempting to execute Python code in a production server environment?
Inside The AI Control Tower Loop
Sam JonesExactly. And when it sees that anomalous behavior, that leads directly into the next two functions, govern and secure. The system enforces real-time access controls, and it literally halts that weird behavior before the damage occurs.
Ori WellingtonOkay, but the fifth function, measure, that one seems a little different. That seems like the actual bridge back to the outside world, like the human world.
Sam JonesIt is. Measure is the function that produces an immutable audit trail that is actually acceptable to external regulators.
Ori WellingtonOh.
Sam JonesAnd this introduces just a massive structural shift in how we think about time in the corporate world because for decades, enterprise governance has operated at what we can call human speed.
Ori WellingtonAaron Powell Oh, human speed is agonizing. Anyone listening who has ever survived a corporate compliance audit knows exactly what human speed looks like.
Sam JonesOh, the spreadsheets.
Ori WellingtonIt's annual control testing, it's quarterly risk reviews where everyone sits in a room for three hours. It's a team of internal auditors spending like three months pulling random samples from a SharePoint spreadsheet just to verify if some random guy in accounting had access to a sensitive folder he shouldn't have had.
Sam JonesRight. And honestly, that model barely even functioned when humans were the ones doing the work. But if you have an AI agent that is making 10,000 decisions a second, decisions about real financial transactions, data routing, global supply chain logistics, you simply cannot wait for a quarterly review to find out if it experienced model drift.
Ori WellingtonRight, or if it just hallucinated a terrible decision.
Sam JonesExactly. Buying human speed governance in an AI-driven world is well, it's like trying to moderate a high-frequency Wall Street trading floor using a fax machine. Wow. By the time the paper even prints out of the fax machine, the transactions have already settled, the market has moved, and the money is completely gone.
Ori WellingtonThat is a terrifying thought.
Sam JonesSo governance must fundamentally shift to machine speed, continuous real-time auditing.
Ori WellingtonYou know, I'm putting myself in the shoes of a chief information security officer right now. And honestly, just talking about this, my blood pressure spikes.
Sam JonesI am blaming you.
Ori WellingtonBecause it's one thing to talk about sense decide act on a flashy keynote stage with great lighting. It's an entirely different reality to try and actually map out thousands of invisible AI agents operating across a legacy enterprise IT environment. Trevor Burrus, Jr.
Sam JonesAn environment that was probably duct taped together over the last 20 years. Trevor Burrus, Jr.
Ori WellingtonRight. With legacy mainframes and on-premise servers mixed with cloud stuff. How is ServiceNow actually pulling this off without just breaking everything in the company?
Sam JonesAaron Powell It is arguably the defining engineering challenge of this entire era. And in the dispatch, Wheeler highlights a terrifying reality that a lot of organizations are currently just ignoring. And this is the actual root cause of that CISO's nightmare.
Ori WellingtonAaron Powell What's the root cause?
Sam JonesRight now, in the vast majority of standard enterprises out there, AI agents are operating under identity permissions that were originally designed for human beings.
Ori WellingtonWait, really? Let's get extremely specific here because that sounds like a disaster. How does a machine end up with a human identity profile in the system?
Sam JonesAaron Powell Okay, consider a hypothetical financial analyst. Let's call her Sarah.
Ori WellingtonOkay, Sarah.
Sam JonesSarah works in the FPA Department Financial Planning and Analysis. Now Sarah has a set of digital permissions that were granted to her by IT when she got hired. Right.
Ori WellingtonStandard onboarding.
Sam JonesShe can view the raw sales database, she can download financial reports, and she can upload next quarter's financial forecasts to the secure cloud. That is a human identity with human-level access controls. Makes sense. Now fast forward a bit. The company buys a fancy new AI tool to automate all the tedious parts of Sarah's daily workflow. To get the tool up and running quickly because they're impatient, the IT admin just goes into the system, clones Sarah's permission profile, and assigns it to the AI agent.
Ori WellingtonAaron Powell Oh no, so they essentially just hand this machine a copy of Sarah's digital ID badge and give it a set of master keys to the finance department.
Sam JonesAaron Ross Powell Exactly. And the massive problem here is that Sarah is a human being, which means she is subject to physical and psychological constraints. Right. Sarah logs off at 5.00 PM to go home. Sarah can only physically read maybe a few hundred rows of an Excel spreadsheet per minute. And most importantly, Sarah possesses human common sense.
Ori WellingtonRight. She's not going to just suddenly decide to compress the entire global customer database into a zip file and FTP it to some unrecognized server in Eastern Europe just because a weird phishing email tricked her.
Sam JonesExactly. But the AI agent. If that agent is compromised by, say, a clever prompt injection attack, or if it simply hallucinates a really bizarre path to achieving its programmed goal, it can execute that massive data exfiltration in a fraction of a single second.
Ori WellingtonAaron Powell And the really scary part is that the traditional security systems probably won't even flag it as a breach, right? Because the AI is using Sarah's legitimate IT-approved access credentials. It looks like Sarah is doing it.
Sam JonesIt looks exactly like Sarah. It is the absolute wild west out there right now. You have these AI agents literally roaming the corporate network, wearing human ID badges, operating at machine speeds, and the traditional security perimeters are completely blind to them. This is why the AI control tower is an existential requirement, not just a nice-to-have software upgrade. And to understand how ServiceNow actually solves that mapping problem, we have to look at the specific technological puzzle pieces they assembled to build this thing. Specifically Armis and Vesa.
Ori WellingtonOkay, let's dissect those integrations. Because ServiceNow didn't just build this control tower from scratch in a total vacuum, right? The dispatch specifically highlights these two technologies as the foundational sensors for the whole architecture. So let's start with Armist. What is the actual operational impact of plugging Armist into this enterprise environment?
Sam JonesSo Armis solves the visibility problem, but it does so across the entire physical and digital spectrum.
Ori WellingtonAaron Powell What do you mean by that?
Sam JonesWell, standard IT security tools, they're usually agent-based, meaning you have to physically install a piece of software, an agent, on the laptop or the server for the security tool to even know it exists. Trevor Burrus, Jr.
Ori WellingtonRight.
Sam JonesExactly. But you can't install a software agent on an internet connected thermostat, or a robotic assembly arm on a factory floor, or a hospital MRI machine.
Ori WellingtonOh wow. Yeah, of course not.
Sam JonesAaron Powell So Armist provides real-time visibility into operational technology, or OT, using agentless, passive network traffic analysis.
Ori WellingtonAaron Ross Powell So instead of installing software, it's just analyzing the actual data packets moving across the local network. Like it's looking at ME addresses, broadcast traffic, D-packet inspection. Exactly. Just to identify what a device is and what it's doing without needing any permission from the device itself.
Sam JonesAaron Powell It literally sweeps the entire enterprise landscape and identifies every single connected asset: laptops, servers, cloud workloads, manufacturing PLCs, HVAC systems, medical sensors, all of it.
Ori WellingtonThat's incredible.
Sam JonesIt provides the foundational discover and observe functions of the control tower we talked about earlier. Because in modern cybersecurity, a blind spot isn't just an annoyance anymore. It is the exact vector of a catastrophic breach.
Ori WellingtonYeah. Hackers rarely kick down the heavily fortified front door of your main database server anymore, right? Right.
Sam JonesNo, they don't have to.
Ori WellingtonThey find an unpatched, internet connected fish tank thermometer in the lobby, they compromise that, and then they pivot laterally into the main network.
Sam JonesExactly. And Armis illuminates all of those blind spots.
Ori WellingtonOkay, wait, let me stop you there. Because if Armist is already showing me every single device, every workload, every piece of operational technology, why do I need Visa? Isn't knowing where the AI agents are basically half the battle?
Five Functions And Shadow AI
Sam JonesWell, finding the agent is only half the battle. You also have to deeply understand what that specific agent is actually allowed to do. And that is exactly where Visa comes in. Yep. We have to conceptually separate authentication from authorization.
Ori WellingtonAuthentication versus authorization. Break that down for me.
Sam JonesAuthentication is essentially the bouncer checking your physical ID at the front door of a nightclub. That's your standard single sign-on provider like Okta or Microsoft Intra. It just proves you are who you say you are. Authorization, on the other hand, is the network of internal security cameras, making sure that once you're already inside the club, you don't just walk behind the bar and start pouring yourself drinks or try to open the manager safe in the back office.
Ori WellingtonGot it. And enterprise authorization is notoriously a complete and total nightmare to manage.
Sam JonesOh, it's awful. It's this tangled web of role-based access controls, legacy active directory groups that haven't been updated in a decade, and localized permissions. Yeah. What Vesa does is it connects via APIs directly to your data systems, your Snowflake databases, your AWS environments, your Sauce applications, and it builds this massive real-time graph database of every single read, write, and execute permission across the entire company.
Ori WellingtonSo Vesa provides a granular map of who and more importantly what has access to what.
Sam JonesExactly.
Ori WellingtonBut going back to our earlier example, Vesa is the mechanism that looks at that cloned ID badge our hypothetical AI agent is wearing and immediately flags the anomaly. It maps the authorization graph and realizes wait a minute, you are a machine learning script designed to parse resumes in the HR system. Why on earth do you have right access to the core financial ledger?
Sam JonesIt untangles that entire permissions matrix, making all those invisible authorization pathways totally visible to the control tower. It enforces the principle of least privilege, but it does it at machine speed.
Ori WellingtonOkay, that structural mapping is honestly brilliant, but it raises a really massive strategic red flag for me. Oh. Because usually when a massive tech giant like ServiceNow builds this intricate, highly effective governance system like the control tower, they lock it down, right?
Sam JonesYeah, typically.
Ori WellingtonThey build a walled garden, they go to their enterprise customers and tell them, you can use our incredible governance, but only if you use our proprietary AI agents. But Wheeler's dispatch indicates they did the exact opposite here.
Sam JonesAaron Powell They did. And it is a fascinating, really bold strategic maneuver. Wheeler highlights a new connector in the architecture that they're calling the action fabric.
Ori WellingtonThe action fabric.
Sam JonesRight. This is an API gateway that explicitly opens the control tower to third-party AI models that are built completely outside of the ServiceNow ecosystem. In fact, Anthropics Claude was announced as one of the very first design partners for this.
Ori WellingtonI am genuinely surprised by that. So you're telling me I can bring in an external, third-party, large language model like Claude, which operates as a total black box to ServiceNow and plug it directly into this enterprise governance environment.
Sam JonesYes, you can.
Ori WellingtonBut how do you govern an AI model you didn't even build?
Sam JonesAaron Powell Well, that's the genius of it. You don't govern the model itself, you govern the actions the model attempts to execute within your specific environment. ServiceNow clearly recognized a fundamental reality of the market right now. Enterprises are simply not going to standardize on a single AI vendor. It's not going to happen. Trevor Burrus, Jr.
Ori WellingtonRight, it's a multi-model world.
Sam JonesExactly. A Fortune 500 company is going to use Claude for heavy tech synthesis. They'll use OpenAI for coding assistance. They might use open source models for localized data processing, plus dozens of specialized microagents. Trying to force a vendor lock-in at the model layer was a losing battle from day one.
Ori WellingtonSo instead of fighting this massive wave of multi-model adoption, they just built the toll booth on the highway.
Sam JonesThey built the toll booth. They are telling the entire enterprise market, look, bring whatever AI models you want into your infrastructure, we don't care. But if that AI is going to execute an action on our platform, if it is going to touch your HR workflows or alter an IT ticket or modify a customer record, it must pass through our action fabric.
Ori WellingtonAnd pay the toll, essentially.
Sam JonesRight. Its API payloads will be inspected, its risk will be scored, and its actions will be securely logged by our AI control tower. They force all these disparate third-party agents through a single unified governance checkpoint.
Ori WellingtonThat is an incredibly powerful choke point to own in the enterprise software space.
Sam JonesIt really is.
Ori WellingtonBut that brings us to another massive partnership that was announced here at Knowledge 26, which is the integration with NVIDIA.
Sam JonesOh yeah.
Ori WellingtonBecause Jensen Huang, the founder and CEO of NVIDIA, actually shared the stage with Bill McDermott. And according to the dispatch, ServiceNow is integrating the entire NVIDIA AI infrastructure stack directly underneath the AI control tower.
Sam JonesYes. And this partnership is actually the resolution to a strategic question that we at Wheelhouse Advisors posed in a research note back in, I think it was April 2026.
Ori WellingtonRight. The NemeClaw question.
Sam JonesI called it the NEMAClaw strategic question. Yeah. Trevor Burrus, Jr.
Ori WellingtonBreak down the mechanics of NemeClaw for me because it sounds like we're moving out of pure software governance and getting into the raw economics of AI infrastructure.
Sam JonesAaron Powell We are. So the fundamental building blocks of artificial intelligence, the massive compute clusters, the foundational models, the containerized inference microservices, all of that is rapidly becoming commoditized. Right. Nvidia's Nemo framework and their NIMS NVIDIA inference microservices, they make it incredibly easy for any enterprise to just spin up really powerful AI models?
Ori WellingtonAaron Ross Powell Because the compute is basically ubiquitous now.
Sam JonesExactly. The infrastructure is becoming open and widely accessible. So the NemoClaw question essentially asked. As the base layer of AI infrastructure becomes completely commoditized, does a proprietary governance architecture still command a premium valuation in the market? Will enterprise buyers actually pay top dollar for a proprietary control tower when the underlying engine is essentially open source and cheap?
Ori WellingtonSo if the foundation of the house is free and open to everyone, can you still charge a premium price for the roof?
Sam JonesThat's the perfect way to put it. And the entire industry was watching to see how ServiceNow would position itself relative to NVIDIA's massive dominant footprint. Right. And Wheeler writes in the dispatch that ServiceNow's answer here at Knowledge 26 was definitive. Proprietary governance remains the differentiating premium, but only when it sits on top of open infrastructure rather than alongside it.
Ori WellingtonAaron Ross Powell That distinction is so crucial because it means ServiceNow isn't attempting to build their own silicon chips, right?
Sam JonesNo, definitely not.
Ori WellingtonAnd they aren't trying to out-engineer NVIDIA on foundational model training, which would be financial suicide anyway. They are totally conceding the infrastructure layer. They are letting NVIDIA and open initiatives like Project Arc handle all the heavy lifting of raw compute and model serving.
When Agents Wear Human Badges
Sam JonesExactly. Because the raw compute isn't actually where the enterprise friction is. You know, I've heard skeptics ask: well, if the NVIDIA stack is completely open, what stops a massive hyperscaler like Google or Microsoft from just building their own control tower on top of it and absolutely crushing service now?
Ori WellingtonRight. What is the moat?
Sam JonesThe answer to that lies in the agonizing microscopic complexity of enterprise workflows.
Ori WellingtonRight. Because training a large language model is ultimately just a math problem. I mean a very expensive math problem, but ultimately it's just linear algebra at scale. But mapping the bureaucracy of a global corporation, that is a fundamental organizational plumbing problem.
Sam JonesAaron Powell It is a labyrinth. It's legacy systems, bespoke compliance frameworks, regional data sovereignty laws, localized access controls. ServiceNow has spent the last decade deeply embedding its IT service management and IT operations management platforms into the molecular operational DNA of the Fortune 500.
Ori WellingtonThey already own the workflow pipes.
Sam JonesThey own the pipes. They understand exactly how an HR ticket becomes an IT provisioning request, which then triggers a localized compliance check in Germany, which then requires a manual approval from a VP sitting in London.
Ori WellingtonAnd you can't just spin up an open source LLM and expect it to navigate that level of corporate bureaucracy out of the box. The moat isn't the artificial intelligence itself. The moat is the intimate historical knowledge of enterprise workflow complexity. The control tower commands the premium because it translates raw open source AI capability into compliant enterprise grade action.
Sam JonesExactly. But you know, theory and architectural diagrams are intellectually satisfying for us to talk about, but enterprise buyers don't spend tens of millions of dollars on theory. Aaron Powell No, they do not. They demand empirical proof. And this is where Wheeler's dispatch really elevates from just analysis to hard validation. Because he provides concrete customer outcomes from the first quarter of this platform's general availability.
Ori WellingtonAaron Powell And the numbers he reports here are just staggering. They move the conversation completely out of the theoretical clouds and right down into the server room. The first outcome Wheeler highlights is from a global energy company operating across more than 70 countries.
Sam JonesAaron Powell Let's consider the operational reality of a 70 country footprint for a second.
Ori WellingtonAaron Powell It's massive.
Sam JonesYou are dealing with highly fragmented regulatory environments, linguistic barriers across localized IT teams, and the geopolitics of energy infrastructure, which is obviously a prime target for a nation-state cyberattack. Right. You have security operations centers operating on follow-the-sun models, constantly handing off critical threat alerts across time zones.
Ori WellingtonAnd according to the dispatch, this specific energy company saved 1.2 million hours by automating their security operations with this platform.
Sam JonesIt's hard to even conceptualize that number.
Ori WellingtonIt is. Right.
Sam JonesThe system senses the anomalous lateral movement. It decides that movement violates a dynamic risk policy. It acts immediately by severing the network connection to the compromised host. And it secures the environment by writing all the forensic data to an immutable log.
Ori WellingtonBoom. Done.
Sam JonesAnd the human security team. They arrive the next morning, drink their coffee, review the log, and just validate the machine's decision.
Ori WellingtonAaron Powell The fact that they pulled this off in a complex energy company makes me wonder how this applies to pure financial infrastructure. Which brings us to the second outcome in Realer's Piece a major United States bank.
Sam JonesOh, this one is fascinating.
Ori WellingtonAaron Powell The dispatch reports that the control tower eliminated 96% of their dormant non-human identities. Now we touched on identity mapping earlier, but we really need to go deep on the mechanics of this because dormant service accounts are literally the silent killers of enterprise IT.
Sam JonesTrevor Burrus, Jr. They are. They are the digital technical debt that eventually bankrupts your entire security posture. Let's trace how a dormant identity is actually born, because it happens innocently enough.
Ori WellingtonOkay, let's trace it.
Sam JonesLet's say five years ago, a software engineer at this bank, we'll call him Dave, needed to automate a crucial data pipeline.
Ori WellingtonAaron Powell Classic Dave.
Sam JonesRight. Dave wrote a script to pull customer transaction data from a really old legacy mainframe and push it into a modern cloud analytics platform every single night at 2.m.
Ori WellingtonA completely standard, highly useful piece of automation. No problem there.
Sam JonesExactly. Now to make it work, Dave had to create a service account in Active Directory, a non-human identity. He gave it a super cryptic username like SVC DataBridge 04. He gave it a password that was set to never expire because he didn't want the script breaking every 90 days. Right. And he gave it the high-level read-write permissions required to touch both the sensitive mainframe and the cloud database.
Ori WellingtonAaron Powell Okay, so fast forward three years, the bank decides to migrate to a totally new analytics platform. Dave's script is now completely obsolete. The data pipeline is decommissioned. In theory, the IT department should go in, delete the script, and revoke that service accounts permissions, right?
Sam JonesIn a perfect world, yes. But in the real world of enterprise IT, Dave left the bank two years ago for a startup. Right. The Active Directory environment contains literally tens of thousands of groups and accounts. No one currently working there remembers what SBC Data Bridget 4 actually does. So it just becomes a dormant non-human identity.
Ori WellingtonIt's just sitting there.
Sam JonesIt still has a fully active password and top-tier access to the mainframe, but it is entirely disconnected from any active business workflow.
Ori WellingtonAnd to a hacker who manages to breach the perimeter, that dormant account is the holy grail.
Sam JonesOh, it's jackpot.
Ori WellingtonBecause if they compromise a human employee's account, the employee might notice anomalous behavior, right? Yeah. Their password suddenly stops working, or they get an unexpected multi-factor authentication prompt on their phone. But absolutely no one is actively monitoring a five-year-old service account that Dave made. The hacker can hijack it, dwell inside the mainframe for months, and quietly siphon off data. So the obvious question from a listener is why doesn't the bank just run a simple script to delete any account that hasn't logged in for 90 days?
Sam JonesBecause of the scream test culture in IT.
Ori WellingtonThe scream test, yes. Uh explain that.
Sam JonesIf a systems administrator sees a cryptic account named SVC Databridge 04, they are absolutely terrified to delete it. What if it's tied to an annual regulatory reporting job that only runs in December? What if it's somehow a hidden dependency for the entire ATM routing network? If they delete it and the ATMs go offline nationwide, that administrator is getting fired instantly. Yeah. So finding out what these accounts actually do requires agonizing human speed forensic investigation. Nobody has time for that.
Armis Visibility Meets Vesa Permissions
Ori WellingtonBut the AI control tower, utilizing that VSAN integration we talked about, can map the entire dependency tree at machine speed.
Sam JonesYes.
Ori WellingtonIt can analyze the access logs, trace every API call, understand the business context of the service account, and mathematically prove that it is completely disconnected from any active system.
Sam JonesAaron Powell And then it safely terminates it, no scream test required. Eliminating 96% of dormant identities doesn't just clean up an active directory database. It mathematically shrinks the bank's attack surface to a fraction of what it was yesterday.
Ori WellingtonAaron Powell Wow. But you know, even if you clean up the identities and contain the threats, you still have to deal with the regulators. And that's where the third outcome Wheeler highlights really caught my eye.
Sam JonesThe aerospace one.
Ori WellingtonAaron Powell Yeah. A Fortune 100 aerospace manufacturer reduced their control attestation time by 75% and their compliance gap closure time by 85%. Trevor Burrus, Jr.
Sam JonesMassive.
Ori WellingtonBecause if you are building airplanes, regulators do not care how fast your AI is. They care about the paper trail.
Sam JonesAaron Ross Powell Exactly. The regulatory burden in the aerospace sector is just immense. You are dealing with FedRAMP requirements, NIST 853 controls, strict defense supply chain audits. Trevor Burrus It's endless. Trevor Burrus And control attestation is just the tedious process of proving to an external auditor that your security controls actually exist and are currently functioning. It usually involves highly paid compliance officers manually taking screenshots of server configurations, pulling firewall logs, and manually mapping them to a massive compliance spreadsheet.
Ori WellingtonAaron Powell It is entirely non-value added labor. So by automating all that evidence collection and reducing attestation time by 75%, the platform frees up those compliance officers to focus on strategic risk modeling rather than just filling out digital paperwork. And closing gaps 85% faster means that when a vulnerability scanner finds an unpanched system, the AI remediates it and documents the fix before an auditor can even write the citation.
Sam JonesExactly. So you have three drastically different industries energy, finance, aerospace, all achieving these structural operational transformations. These are not just security wins, they are hard proof that autonomous IRM changes the fundamental unit economics of enterprise operations.
Ori WellingtonAnd Wheeler drives that exact point home by pointing to another major reveal from the Knowledge 26 keynote. Because proved that this architecture isn't just confined to the Security Operations Center, ServiceNow announced the massive pivot to autonomous CRM.
Sam JonesCustomer relationship management, yeah.
Ori WellingtonThis is where the universal applicability of the whole architecture becomes apparent. They took the exact same governance engine, the AI control tower, with its Sense, Decide, Act, Secure Motion, and applied it to entirely different business units. Sales automation, customer support, self-service portals.
Sam JonesIt's brilliant. The exact same invisible bouncer that's checking API payloads at the serve room door is now also running the customer service desk, negotiating contract renewals, and routing sales leads.
Ori WellingtonAaron Powell Because the underlying mechanism of governance is universal, right?
Sam JonesIt is. Let's say an autonomous AI agent is interacting with a really angry enterprise customer over a billing dispute. Aaron Powell That agent must operate under the exact same sense, decide, act, secure framework as the AI that's hunting malware. Trevor Burrus, Right. It senses the customer's intent through natural language processing. It decides on a resolution by checking the customer's lifetime value against the dynamic refund policy. It acts by instantly issuing a credit to the account. And it secures the transaction by logging the exact justification for the refund to the CRM audit ledger. Trevor Burrus, Jr.
Ori WellingtonSo the application changes. But the governance chassis remains absolutely identical. And this universal governance framework isn't just a matter of like operational efficiency or saving money on support tickets. It is the only way these companies are going to survive what Wheeler describes as an incoming regulatory tsunami.
Sam JonesOh, the tsunami is coming. The regulatory landscape for artificial intelligence is hardening so rapidly, and the technical demands are totally unprecedented. Wheeler's dispatch lists the major incoming standards. You've got ISO IES 42001, the NIST AI Risk Management Framework, and of course the massive shadow of the EU AI Act.
Ori WellingtonAaron Powell Let's translate those acronyms into operational reality for an enterprise architect listening right now. The EU AI Act in particular is radically different from previous data privacy laws like GDPR, right? Like what does it actually demand from a technical perspective?
Sam JonesAaron Powell Well the EU AI Act categorizes AI systems by risk level. So if an enterprise deploys an AI system that falls into a high-risk category, for example, an AI agent that filters resumes for job applicants, or an agent that determines creditworthiness for a loan or manages critical infrastructure. Trevor Burrus, Jr.
Ori WellingtonSo those are all high risk.
Sam JonesTrevor Burrus, Jr. The compliance requirements for those are brutal. You have to submit to formal conformity assessments. You have to mathematically prove your model isn't exhibiting statistical bias against protected groups. And you have to guarantee data provenance, meaning you can track exactly which data set influenced a specific decision the AI made.
Ori WellingtonAnd the penalties for noncompliance are severe. We aren't talking about a slap on the wrist here. The fines can be a significant percentage of global corporate revenue.
Sam JonesAaron Powell Which suddenly elevates AI compliance from a frustrating IT headache to a board-level existential threat. Yeah. And the technical reality is that you simply cannot retroactively engineer that level of explainability into a black box model.
Ori WellingtonTrevor Burrus You can't just bolt it on later.
Sam JonesTrevor Burrus No. If an auditor knocks on your door and asks why your AI sales agent offered a 20% discount to one customer and only a 5% discount to another, and your only answer is, well, the neural network weighted it that way, you fail the audit immediately and you pay the massive fine.
Ori WellingtonYou must have a system that continuously logs the inputs, the policy parameters, and the outputs at the exact millisecond the decision was made.
Sam JonesExactly. And the NIST AI risk management framework in the US echoes these exact demands with its core functions. Map, measure, manage, and govern. If a company attempts to meet these requirements using human speed governance, relying on a team of compliance officers to manually review small samples of AI decisions every quarter, they will fail spectacularly. They simply won't be able to produce the telemetry the regulators demand.
Ori WellingtonWhich brings Wheeler to a really stark binary conclusion for software buyers. Vendor selection over the next 12 months is fundamentally different than it was a year ago.
Sam JonesTotally different.
Ori WellingtonYou are no longer just comparing workflow features? You are no longer deciding if software A has a slightly more intuitive user interface than software B.
Sam JonesIt is a profound structural choice, you have to ask. Are you buying a platform architected for an enterprise where humans execute the majority of the workflows? Or are you buying a platform fundamentally architected to govern autonomous AI agents acting independently?
Ori WellingtonRight.
Sam JonesBecause if you buy the former, you are deploying a legacy system that physically cannot survive the regulatory scrutiny of the next decade.
Ori WellingtonAnd that realization is really driving the grand paradigm shift that Wheeler outlines at the end of his dispatch. And I think we need to zoom out and look at the macro implication of autonomous IRM for the future of global business here.
Sam JonesLet's do it.
Ori WellingtonBecause it's a shift from the technology company era to the risk management company era.
Action Fabric And NVIDIA Partnership
Sam JonesYeah, Wheeler makes a brilliant historical comparison here. He says go back 15 or 20 years to the height of the digital transformation craze. The prevailing mantra back then was every company is a technology company.
Ori WellingtonOh, I remember that shift vividly. The realization was that it didn't matter if he sold pizzas or manufactured athletic shoes or ran a retail bank. If you didn't treat software engineering and digital infrastructure as your core operational capability, you were going to be disrupted by a competitor who did.
Sam JonesExactly.
Ori WellingtonDomino's Pizza realized they were essentially an e commerce routing company that just happened to deliver food. Software ate the world.
Sam JonesSoftware became the ultimate foundation of how value was delivered. And Wheeler is arguing that we are crossing an identical threshold right now, but the foundation has fundamentally changed. His boldest claim is that every business must now become a risk management company.
Ori WellingtonI want you to really explain the logic behind that, why risk management. Because historically, risk and compliance departments were viewed as the ultimate department of no.
Sam JonesOh, totally. They were viewed as an operational drag, a necessary cost center. Right. The product teams build the cool innovation, the sales teams drive the revenue, and the compliance team is just the overhead tax you pay to keep the regulators from shutting you down. Risk technology was just a niche software category bought by the audit department.
Ori WellingtonAaron Powell But if non-human identities are now executing the vast majority of your company's actions.
Sam JonesExactly. If the AI agents are the ones actually interacting with customers, trading securities, managing the supply chain, and fighting off cyber attacks, then risk management is no longer an adjacent back office function. Trevor Burrus, Jr.
Ori WellingtonIt's the core.
Sam JonesGovernance is the operational foundation of how AI gets deployed at scale. You cannot deploy an AI agent to close complex sales deals at lightning speed if you cannot mathematically prove you govern its behavior. Right. The governance isn't the friction slowing the car down anymore. The governance is the high-performance braking system and the steering chassis that allows the AI engine to safely hit 200 miles an hour.
Ori WellingtonSo if you are a senior executive listening to this, or if you are an IT leader aspiring to the C-suite, this completely inverts your career trajectory.
Sam JonesIt changes everything. Trevor Burrus, Jr.
Ori WellingtonCompliance and risk are no longer the necessary evil. They are the primary engine of hyperscaled growth.
Sam JonesAaron Powell Which is why Wheeler emphasizes that this requires immediate attention from the very top of the org chart. This is no longer just an implementation detail for the IT department to figure out. No. This is a structural transition that CEOs, CFOs, and corporate boards must actively lead. They survived the every company is a tech company transition, and now they have to navigate the transition to the autonomous enterprise.
Ori WellingtonBecause the streaks of light, the AI agents, they will not slow down. They are compounding in speed, capability, and autonomy every single day. Governance has to scale to match them. And to be clear, while ServiceNow has established the first major commercial reference architecture with this control tower, Wheeler notes that they won't be the only players in this space. Trevor Burrus, Jr.
Sam JonesNo. The autonomous enterprise will inevitably be a multi-vendor ecosystem. We discussed how the action fabric allows seamless integration with third-party models. Right. Other hyperscalers and massive tech vendors are going to analyze this exact architecture and realize they must either build their own machine speed governance structures from scratch or build heavy integrations to plug into this one. Different vendors will make different architectural bets over the next few years.
Ori WellingtonBut the baseline has been firmly established. ServiceNow has drawn a line in the sand and provided a working commercial definition of what machine speed governance actually looks like. Every subsequent product launch in the AI enterprise space is going to be evaluated against the standard set here at Knowledge 26.
Sam JonesThat's the reality of the market now. Let's recap the conceptual journey we've mapped out today, because we started with a very narrow view of a press release and ended up dismantling the entire future of enterprise architecture.
Ori WellingtonWe did cover a lot of ground. We started by looking at the shiny metrics that captured the media's attention, AI security specialists resolving phishing attacks seven times faster, and the strategic acquisition of Armis for deep network visibility. But thanks to John Wheeler's dispatch from the ground here in Vegas, we realized that viewing this through a pure security lens completely misses the actual revolution.
Sam JonesRight, and we unpacked the mechanics of the AI control tower, moving past the marketing terminology to understand the sense, decide, act, secure operational loop. We explored how the integration of Vesa solves the terrifying reality of AI agents operating with human-level permissions by mapping the authorization graph at machine speed.
Ori WellingtonWe analyzed the strategic brilliance of the action fabric, creating a governed toll booth for third-party models like Claude, and how building the control tower on top of NVIDIA's open infrastructure allows ServiceNow to capture the proprietary premium of enterprise workflow governance.
Sam JonesAnd then we validated the architecture with hard empirical outcomes. The global energy company reclaiming 1.2 million hours, the major bank eliminating 96% of its dormant attack surface, and the aerospace manufacturer crushing its compliance attestation times.
Ori WellingtonLeading us to the inevitable conclusion that as autonomous CRM scales and the EU AI Act looms over everyone, every enterprise must fundamentally transform into a risk management company.
Sam JonesYes.
Proof Points And A Final Question
Ori WellingtonIt is a massive structural shift in how we think about work, technology, and organizational control. Now, if you are the leader responsible for guiding your organization through this transition, Wheeler's dispatch mentions some crucial, highly technical follow-up materials that you really need to engage with.
Sam JonesYes. He points to an upcoming RTJ Bridge research note scheduled for May 12. That note will provide a much more detailed architectural mapping, a comprehensive vendor analysis, and specific guidance on meeting the technical requirements of the new regulatory frameworks we discussed.
Ori WellingtonHe also heavily references a foundational piece of research published on May 4, titled Governing AI at the Speed of AI, which lays out the mathematical argument for why human-paced governance is effectively dead.
Sam JonesHighly recommend that one.
Ori WellingtonBoth of these deep dives are available through Wheelhouse Advisors subscription research platform at wheelhouseadvisors.com, Forwards has RTJ-Bridge.
Sam JonesThe questions enterprise software buyers need to ask their vendors have fundamentally changed this week. That research maps out exactly what those new procurement questions must be.
Ori WellingtonIt really is a watershed moment for the industry. The beginning of this deep dive, I asked you to imagine putting on those augmented reality glasses. To visualize the streaks of light, the invisible autonomous AI workers moving at blinding speeds across your network, vastly outnumbering the human beings sitting at their desks.
Sam JonesA reality that is already executing code inside your infrastructure right now, whether your current security tools can see it or not.
Ori WellingtonSo as we wrap up our coverage from ServiceNow Knowledge 26, I want to leave you with a final lingering question to mull over as you analyze your own enterprise architecture. Think about the massive data pipelines, the automated customer interactions, the automated supply chain routing. If John Wheeler is right and non human identities already dictate the operational tempo of your organization, who is actually executing the majority of your company's actions right now? And more importantly, as you look at your governance dashboards, are you managing them or are they managing you?