Enterprise security teams are drowning in blind spots. The average large organization now manages 100,000s of connected assets, ranging from cloud workloads to industrial sensors. However, most security tools can only see a fraction of them. Unmanaged IoT devices, for example, remain largely invisible to traditional security platforms, creating exposure gaps that threat actors increasingly exploit. On acquiring Armis, ServiceNow is betting $7.75 billion that the answer lies in unifying cyber exposure management with automated workflow remediation.
The acquisition arrives as worldwide information security spending accelerates toward $240 billion in 2026, driven primarily by AI-related threats and the expanding attack surface. For tech buyers evaluating security architecture decisions, the ServiceNow-Armis combination raises several critical questions.
How ServiceNow and Armis Intend to Address the Asset Visibility Gap
Yevgeny Dibrov, co-founder and CEO of Armis, commented:
“AI is transforming the threat landscape faster than most organizations can adapt. Every connected asset has become a potential point of vulnerability.”
Dibrov’s company built its reputation on the agentless discovery of devices that traditional security tools often miss, including industrial controllers that can’t support endpoint agents, medical devices running outdated operating systems, and the shadow IoT that bypasses IT procurement.
This visibility gap creates measurable business risk. A compromised industrial controller can halt production lines, resulting in significant financial losses for manufacturers, estimated at millions of dollars per hour. Healthcare breaches are increasingly targeting connected medical devices, posing a threat to both data security and patient safety. As enterprises deploy AI agents with access to sensitive systems, the inability to maintain comprehensive asset inventories undermines governance frameworks before they even begin.
ServiceNow’s existing Configuration Management Database (CMDB) maps IT assets to business services, but lacks the real-time, agentless discovery capabilities that Armis provides for cyber-physical environments. The combination promises contextual understanding, not just of what assets exist, but also of which vulnerabilities pose the most significant business risk and which remediation actions should be prioritized.
From Detection to Security Automated Response
Visibility alone doesn’t prevent breaches. The strategic value proposition centers on connecting Armis’ exposure insights to ServiceNow’s workflow automation. Rather than generating alerts that security teams manually triage, the integrated platform would automatically route findings to appropriate teams and trigger remediation workflows at scale.
Amit Zavery, president and chief product officer at ServiceNow, framed the vision:
“In the agentic AI era, intelligent trust and governance that span any cloud, any asset, any AI system, and any device are non-negotiable if companies want to scale AI for the long-term.”
For tech buyers, this raises practical questions about integration timelines and delivery. The transaction is expected to close in late 2026, and meaningful platform integration typically requires 12-24 months post-acquisition. Organizations evaluating this approach need clarity on what’s available now versus the future roadmap, and how existing Armis customers will be affected during the transition.
The Security Platform Calculus for ServiceNow and Armis
ServiceNow’s Security and Risk business surpassed $1 billion in annual contract value in Q3 2025, establishing credibility beyond its roots in IT service management. Armis adds $340 million in annual recurring revenue, achieving 50 percent+ growth, and has a customer base that includes 35 percent of the Fortune 100. The combined entity expects to more than triple ServiceNow’s addressable market in security and risk.
Yet platform consolidation presents trade-offs. Organizations heavily invested in competing platforms, such as Palo Alto Networks, CrowdStrike, or Microsoft’s security stack, face integration complexity and potential redundancy. The promise of unified workflows must be weighed against the risks of vendor dependency and the possible loss of innovation velocity that often accompanies acquisitions.
ServiceNow’s Strategic Positioning: Building the AI Control Tower
The Armis acquisition caps an aggressive 2025 acquisition strategy that reveals ServiceNow’s broader ambition to become the enterprise AI operating system.
Earlier this month, the company completed its acquisition of Moveworks, adding conversational AI capabilities that make workflow automation accessible through natural language. The company also acquired identity security platform Veza and announced integration with Zoom’s AI agents through the Agent2Agent protocol, enabling cross-platform AI collaboration with Google Agentspace and other enterprise systems.
This Armis deal represents ServiceNow’s seventh major acquisition in 2025, a deliberate strategy to build what Zavery calls the “AI Control Tower,” a unified platform that onboards, governs, and manages AI across the enterprise. ServiceNow is conspicuously assembling the infrastructure layer for agentic AI at scale, combining workflow automation (core platform), conversational interfaces (Moveworks), identity governance (Veza), asset visibility (Armis), and cross-platform interoperability (A2A protocol).
