Now Assist AI Agents can plan tasks, collaborate through agentic workflows, invoke tools, retrieve enterprise data, and update work across ServiceNow and connected systems. AI Agent Studio, Orchestrator, Communicator, Analytics, Guardian, ACLs, user identities, role masking, supervised tools, and evaluation features provide substantial platform control. They do not decide who owns an incorrect execution plan, a privileged tool call, an Assist spike, an upgrade regression, or a ticket that the agent marked complete without delivering the expected result.
Datrick provides an ongoing operating layer for an agreed ServiceNow AI Agent estate. Named engineers correlate agentic workflows, AI agents, execution plans, decision logs, tools, identities, ACLs, platform logs, records, integrations, user reports, analytics, Assist consumption, releases, and target-system outcomes. ServiceNow Support remains the escalation path for platform defects. Datrick owns the client-specific diagnosis, containment, validation, communication, change, and prevention accepted in the service boundary.
Do you have Now Assist AI Agents but no team accountable for turning a failed plan, unsafe tool, access issue, latency change, or Assist spike into a verified business outcome? Start with one production workflow.
Define ownership across the agentic workflow, ServiceNow instance, tools, and outcomes
A production path can include a Now Assist panel, Virtual Agent, voice, API, automated trigger, or external channel; an agentic workflow; Orchestrator and Communicator; one or more AI agents; tools such as scripts, flows, subflows, skills, catalog items, knowledge, APIs, MCP or other agents; dynamic or dedicated AI-user identities; ACLs and role masking; Guardian; platform tables and applications; and external systems that create the actual outcome. Name which layers the managed service owns, observes, changes, coordinates, or excludes.
Document instances and releases, products and plugins, entitlements, workflows and versions, agents, tools, triggers, channels, identities, ACLs, integrations, records, support hours, severity, response and update targets, quality thresholds, telemetry, data classes, change authority, Assist budgets, fallback, and ServiceNow escalation. A service called “Now Assist support” must still state which agents, products, versions, and business outcomes are accepted.
Operate the complete ServiceNow AI Agent production surface
| Service area | Managed responsibility | Boundary to define |
|---|---|---|
| Agentic workflows and execution plans | Invocation, plan creation, agent coordination, execution status, decision log, latency, completion, abandonment, loops, and fallback. | Supported workflows and versions, triggers, channels, users, hours, SLO, expected result, and human handoff. |
| AI agents and tools | Instructions, task decomposition, agent selection, tool discovery and sequence, scripts, flows, skills, catalog items, APIs, validation, timeout, retry, and side effects. | Allowed tools, owner, input contract, action authority, approval, target SLO, idempotency, rollback, and emergency disable path. |
| Identity and security | Workflow, agent, and tool ACLs; dynamic or AI-user execution; role masking; supervised mode; downstream identity; Guardian evidence; and access review. | Principal model, least privilege, elevated actions, approval, data classes, security route, retention, and audit evidence. |
| Analytics and evaluation | Usage, efficiency, completion, execution status, latency percentiles, tool latency, quality, feedback, automated evaluation, baselines, dashboards, and alerts. | Data freshness, metrics, expected outcomes, test set, evaluator, thresholds, reviewer, alert path, and business KPI. |
| Platform and integrations | Plugin and application state, tables, ACLs, flows, scripts, knowledge, CMDB and service data, APIs, queues, credentials, external dependencies, and target records. | Platform owner, customization, data authority, integration support, credential owner, maintenance windows, and dependency SLO. |
| Release and lifecycle | Agent and workflow versions, tools, properties, models, plugins, update sets, instance upgrades, test gates, rollout, backout, and compatibility. | Source of truth, instances, change authority, update-set ownership, freeze, approval, canary, rollback, and acceptance evidence. |
| Assist consumption and value | Agentic workflow tier, executed tools, test and sub-production usage, skills, agents, retries, loops, attribution, contracted pool, forecast, anomaly, and outcome. | Entitlement owner, rate card, budget, threshold, business KPI, unit economics, test allowance, and optimization authority. |
Use analytics for trends and execution evidence for operational response
The AI Agent Analytics dashboard can expose workflow and agent usage, execution status, Assist consumption, efficiency, latency, and tool performance. ServiceNow documents that most indicators update daily while latency indicators update every 15 minutes. Data collection jobs populate the dashboard, and access requires specific AI Agent roles. Monitor the collectors, role access, dashboard configuration, data freshness, and the distinction between trend reporting and incident response.
For a specific failure, preserve the workflow, agent and version, invoking context, execution-plan record, decision log, selected agents, tool sequence, tool inputs and outputs, user identity, role mask, ACL results, platform and integration logs, target records, Assist tier, recent change, and user impact. A completed execution status is not enough. Verify that the incident, request, change, case, asset, entitlement, or external record reached its accepted state.
AI Agent Studio supports manual tests and automated evaluations. Manual workflow testing exposes Orchestrator and Communicator activity, the agent graph, and a downloadable decision log. Test with the same roles needed by the workflow and all downstream components. Maintain representative tasks for dynamic and AI users, insufficient roles, ambiguous goals, no-match conditions, unsafe requests, tool failures, partial side effects, long plans, and human approvals. Testing and sub-production executions can consume Assists, so isolate test attribution and budget.
Distinguish plan, tool, identity, platform, release, and consumption failures
| Symptom | Evidence to reconcile | Safe containment | Permanent control |
|---|---|---|---|
| Wrong or incomplete execution plan | Task, workflow and version, decision log, selected agents, instructions, tool choices, context, model, expected plan, target result, and recent release. | Stop automation, require human execution, restore accepted version, preserve evidence, and correct impacted records. | Representative plan tests, explicit constraints, evaluation, supervised critical tools, canary, and outcome SLO. |
| Tool fails or changes the wrong record | Tool definition, inputs, script, flow or API logs, identity, roles, target audit, timeout, retry, idempotency, and partial side effects. | Disable tool or workflow, block replay, revoke access if needed, isolate records, use manual fallback, and reconcile target state. | Contract tests, least privilege, validation, idempotency, approval, negative tests, monitoring, and rollback. |
| ACL, role, or identity failure | Invoker, workflow, agent and tool ACLs, dynamic or AI-user identity, role mask, downstream identity transition, required plugin roles, table ACL, and audit logs. | Stop sensitive path, remove excessive role, restore approved access, preserve evidence, and invoke security response when required. | Access matrix, least privilege, denied-access tests, AI-user review, role-mask policy, release check, and emergency disable path. |
| Latency or stuck execution | Dashboard latency, execution-plan status and timestamps, agent and tool latency, queue, integration response, retry, record locks, platform health, volume, and recent change. | Pause new invocations, terminate or isolate affected execution where safe, route work to humans, protect queues, and contact ServiceNow when indicated. | Latency SLO, tool timeout, queue alert, dependency monitoring, load test, plan limit, fallback, and capacity review. |
| Regression after release or upgrade | Agent and workflow version, tool and property changes, update set, plugin and instance release, model, test results, skipped records, conflicts, analytics, and user reports. | Stop rollout, back out accepted change where supported, deactivate affected workflow, restore fallback, and validate critical records. | Version inventory, update-set review, clone test, automated evaluation, permission test, canary, upgrade regression suite, and backout plan. |
| Unexpected Assist consumption | Usage logs, workflow tier, executed tools, agents and skills, sub-production tests, retries, loops, user volume, contracted pool, attribution, and business outcome. | Pause noncritical workflow, stop loops, narrow tools, cap traffic, suspend tests, route to human, and notify the entitlement owner. | Per-workflow attribution, budget and anomaly alert, test allowance, tool-count review, forecast, efficiency KPI, and unit economics. |
Safe replay is a business decision, not merely another agentic-workflow execution. Before restarting a failed plan, determine whether a tool already created, changed, approved, assigned, closed, or communicated a ServiceNow or external record. Check execution and target evidence, then use idempotency, target-state reconciliation, and human approval for consequential actions.
Separate invocation permission from execution authority
ServiceNow documents two distinct security questions: which users can invoke an agentic resource, and what that resource can access after invocation. ACLs at workflow, agent, and certain tool levels answer the first question. The run-as choice answers the second. A dynamic user carries the invoking context, while a dedicated AI user can hold stable, potentially elevated roles. Role masking narrows dynamic-user roles but does not apply to an AI user.
Trace identity changes through every downstream component because each ACL is evaluated against the identity passed from the preceding layer. Now Assist Skills and other agent tools run as dynamic users. Use supervised execution for tools that can perform sensitive or critical actions, and test both allowed and denied scenarios. A successful admin test does not prove that an end user has the intended authority or that an AI user is constrained safely.
Control versions, update sets, plugins, and instance upgrades
Test the exact workflow and AI-agent version intended for production. Track tool definitions, scripts, flows, skills, properties, ACLs, identities, plugins, model configuration, and dependent applications as one release surface. Move configuration through controlled update sets or the accepted application lifecycle, inspect contents and conflicts, test in a representative non-production instance, and maintain a backout path. Default update sets and undocumented direct production changes destroy release evidence.
ServiceNow platform and Store applications evolve independently. Maintain a compatibility matrix across the instance family, patch, Now Assist AI Agents plugin, dependent products, entitlement, and customizations. Re-run execution, access, integration, Assist, and business-state tests after upgrades. Treat a model, plugin, tool, property, or platform change as a production dependency even when no custom code changed.
Onboard through inventory, baselines, controlled failures, and shadow operations
- Inventory: instances, releases, plugins, entitlements, workflows, versions, agents, tools, triggers, channels, users, ACLs, integrations, telemetry, and outcomes.
- Responsibility: define supported layers, SLOs, severity, access, data handling, quality, change authority, Assist budget, dependencies, fallback, ServiceNow escalation, and exclusions.
- Baseline: measure executions, status, completion, latency, tool sequence and success, quality, user feedback, target-state success, data freshness, Assist use, and incidents.
- Controls: validate ACLs, dynamic and AI users, role masking, supervised tools, automated evaluation, update sets, safe replay, backout, consumption alerts, and human handoff.
- Exercise: rehearse a wrong plan, failed tool, duplicate side effect, identity escalation, denied access, stuck execution, analytics gap, upgrade regression, Assist spike, and platform incident.
- Transition: operate in shadow, close or accept material gaps, publish runbooks and escalation routes, and accept the steady-state support scope.
Start with the ServiceNow agentic workflows that already create service, security, employee, or customer consequence. Datrick can define the operating boundary, close material control gaps, and transition one portfolio into managed support.
Request a ServiceNow AgentOps reviewOfficial references and adjacent operating guides
- ServiceNow AI Agent Analytics dashboard
- Manually test an agentic workflow
- Security for ServiceNow AI agents
- Test execution, access controls, and Guardian logs
- Add tools and supervised execution
- ServiceNow Assist consumption overview
- ServiceNow update sets and deployment lifecycle
- White-label AI agent managed support for MSPs
- Managed human evaluation for AI agents
Frequently asked questions
What is included in ServiceNow AI Agent managed services?
A defined managed service can include AI Agent Analytics, execution-plan and decision-log troubleshooting, agentic workflows, AI agents and tools, dynamic or AI-user identity, ACLs and role masking, supervised actions, testing and evaluation, incidents, controlled releases, Assist consumption, runbooks, and service reporting. Scope depends on the instances, products, agents, tools, integrations, licenses, access, and accepted responsibility boundary.
Is the ServiceNow AI Agent Analytics dashboard real time?
Not for every indicator. ServiceNow documents that most AI Agent Analytics indicators update daily while latency indicators update every 15 minutes. Immediate operational support therefore also uses execution records, decision logs, tool and workflow logs, platform events, target records, user reports, integration monitoring, and explicit escalation rules.
How do you test a ServiceNow agentic workflow before production?
Test the accepted version in AI Agent Studio with representative tasks, users, ACLs, downstream components, tools, edge cases, denied access, unsafe requests, and target states. Review orchestration, communication, the decision log, tool sequence, output, and business side effects. Add automated evaluations and release thresholds, then run a production canary. Testing proves only the cases and identities included in the test set.
How do you secure ServiceNow AI Agents and tools?
Separate who can invoke an agent from what the agent can access after invocation. Configure ACLs at workflow, agent, and tool levels; choose dynamic-user or dedicated AI-user identity deliberately; use role masking where supported; apply least privilege; place sensitive tools in supervised mode; test denied access; monitor Guardian and execution evidence; and maintain an emergency disable path.
How long does ServiceNow AI Agent support onboarding take?
A focused onboarding commonly takes two to four weeks for a representative portfolio. It covers instance and agent inventory, ownership, analytics and execution baselines, identities and access, tools and target states, testing, open incidents, releases, Assist consumption, runbooks, controlled failure exercises, and acceptance of the steady-state service scope.
Need the same support model across several agent platforms?
Review white-label AI agent managed support for MSPs