Data sharing, Data overflow processing, and Security & privacy in AI Control Tower

  • Release version: Australia
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Data sharing, Data overflow processing, and Security & privacy in AI Control Tower

    This document outlines key settings in the AI Control Tower for managing data sharing, handling traffic overflow, and enforcing security and privacy controls. These capabilities enable ServiceNow customers to improve AI model accuracy, maintain system performance during traffic spikes, and monitor data integrity and potential security threats in large language model (LLM) inputs and outputs.

    Show full answer Show less

    Data sharing

    • By default, data sharing is enabled, allowing ServiceNow to collect data to enhance AI accuracy and user experience.
    • Customers can opt out to disable AI Control Tower data sharing; opting out stops contribution to AI improvements.
    • Opting out affects the ability to participate in ServiceNow’s AI product enhancement programs.

    Data overflow processing

    • By default, Now Assist traffic is managed within ServiceNow datacenters; during traffic spikes, it automatically redirects overflow to Microsoft Azure datacenters to maintain performance.
    • Customers may opt out to keep all traffic exclusively within ServiceNow datacenters.
    • Data overflow processing is inactive by default and available in sub-production instances in read-only mode when Multi-instance setup is active.

    Security & privacy

    The AI Control Tower provides multiple configurable charts and settings to monitor and protect data integrity and privacy in AI operations:

    Data integrity incident detection

    • Tracks potential violations of LLM guardrail policies via a dashboard chart.
    • Configurable parameters include:
      • Categories: Security and content moderation policies aligned with industry standards (e.g., OWASP Top 10, OpenAI specs).
      • Sampling rate: Percentage of transactions evaluated, balancing AI call volume and data accuracy.
      • Max skill calls per execution: Controls AI usage per execution, with a default of 1,000 calls.
      • Single or multiple analysis: Option to use one or multiple LLMs for detection, improving accuracy via majority voting with multiple models.
    • Past data remains visible for 90 days after inactivation.

    Agent goal deviation

    • Monitors AI agents for deviations from intended roles or unauthorized actions (e.g., prompt injection).
    • Configurable like data integrity detection with sampling rate, max calls, and single/multiple analysis options.
    • Due to probabilistic modeling, not all deviations may be detected.

    Output screening

    • Tracks AI agent outputs for potential Personally Identifiable Information (PII) and security vulnerabilities through dedicated charts.
    • Settings include:
      • Output Security Vulnerability: Detects vulnerable patterns such as cross-site scripting or SQL injection attempts in LLM outputs.
      • Output Extended PII: Detects additional PII types beyond standard data privacy specifications, like driver’s license or passport numbers.
      • Output PII Violation: Detects PII as defined by core data privacy rules, such as phone numbers or credit card data.
    • Charts retain data visibility for 90 days post inactivation.

    Sensitive data input and anonymization

    • Provides detection and anonymization of sensitive data patterns in LLM prompts to protect privacy.
    • Requires the Data privacy plugin to function.
    • This feature supports troubleshooting of sensitive data detection and anonymization charts.

    Score weight

    • Controls how different LLM guardrail categories contribute to an overall integrity score.
    • Allows adjusting or deactivating categories to customize scoring based on customer priorities.
    • The score represents an average across all managed AI assets.

    Practical benefits for ServiceNow customers

    • Improved AI model performance through controlled data sharing and integrated feedback.
    • Maintained system responsiveness during traffic spikes via data overflow processing with flexible datacenter options.
    • Robust monitoring of AI behavior to detect and prevent security incidents, unauthorized actions, and PII exposure.
    • Customizable settings enable balancing accuracy, privacy, and operational needs according to the customer’s compliance and performance requirements.

    Explore the Data sharing, Data processing, and Security & privacy sections.

    These settings help you improve AI models, manage datacenter traffic, and enabling metrics to measure the integrity of your data model and monitor potential threats in large language model (LLM) input and output.

    Data sharing

    By default, Data sharing is active. You can opt out to deactivate AI Control Tower and share your data with ServiceNow to improve AI accuracy, enhance user experiences, and gain a better understanding of business needs.

    Data sharing on the Configurations screen.

    Data sharing helps enhance ServiceNow products, but if you choose to opt out of the ServiceNow data sharing program, you’ll no longer be able to contribute data to improve ServiceNow AI products.

    For information on data sharing opt-out, see Opt out of data sharing.

    Data overflow processing

    By default, all Now Assist traffic is managed within ServiceNow datacenters. If there are traffic spikes, the system automatically redirects to Microsoft Azure datacenters to maintain performance. You can opt out of this feature to keep all Now Assist traffic exclusively within ServiceNow datacenters. By default, data overflow processing is inactive.

    Note:
    The Data sharing and Data overflow processing features are available for a sub-prod instance in read-only mode, when Multi-instance setup is configured and active.

    Security & privacy

    Data integrity incident detection
    These configuration settings control the Data integrity incident detection chart, which is designed to help show potential violations of certain LLM guardrail policies in LLM responses. To show data for this chart on the dashboard, select Configure, and then select Active. If you want to discontinue collecting data for the chart, clear Active.
    Note:
    If you inactivate the chart, past data shows on the chart for 90 days.
    You can configure these settings:
    • Categories – Security and content moderation policies grouped into categories that reflect industry practices that align with OWASP Top 10 Risk & Mitigations for LLMs and Gen AI Apps and the OpenAI model specification.
    • Sampling rate – The percentage of transactions that are evaluated. Selecting a rate lower than 100% results in fewer AI calls, but potentially less accurate data.
    • Max skill calls per execution – The amount of AI usage per call. The minimum is 10 calls; the default is 1,000 calls. Entering a lower number results in fewer AI calls, but potentially less accurate data.
    • Single or multiple analysis – Single analysis uses the default LLM to determine whether the model's output or behavior violates predefined security policies. Multiple analysis uses the results from three or more LLMs that ServiceNow supports to make a determination, using the majority result from the LLMs. Multiple analysis requires an odd number of LLMs.
    Agent goal deviation
    These configuration settings control the Agent goal deviation chart, which shows when AI agents may be deviating from their intended role or objective. For example, unauthorized actions or prompt injection attempts. To show data for this chart on the dashboard, select Configure, and then select Active. If you want to discontinue collecting data for the chart, clear Active.
    Note:
    If you inactivate the chart, past data shows on the chart for 90 days. Due to the probabilistic nature of the data model, not all occurrences may be identified.
    You can configure these settings:
    • Sampling rate – The percentage of transactions that are evaluated. Selecting a rate lower than 100% results in fewer AI calls, but potentially less accurate data.
    • Max skill calls per execution – The amount of AI usage per call. The minimum is 10 calls; the default is 1,000 calls. Entering a lower number results in fewer AI calls, but potentially less accurate data.
    • Single or multiple analysis – Single analysis uses the default LLM to determine whether the AI agent's or skill's response diverges from the expected output. Multiple analysis uses the results from 3 or more LLMs to make a determination, using the majority result from the LLMs. Multiple analysis requires an odd number of LLMs.
    Output screening
    These configuration settings control the AI agent output with PII detected and Agentic output injection detection charts, which show when agents' LLM output contains potential PII or potential security-vulnerable patterns. To show data for these charts on the dashboard, select Configure, select Active, and then select a setting for the data to collect. If you want to discontinue collecting data for the charts, clear Active.
    Note:
    If you inactivate the charts, past data collected shows on the charts for 90 days.
    You can configure these settings:
    • Output Security Vulnerability – Collect and show data in the Agentic output injection detection chart. The data is collected by analyzing LLM output for known potential vulnerable patterns and potential corresponding attack vectors. For example, HTML tags shouldn't have scripts associated with them for cross-site script attacks (XSS), or stacked SQL queries could result in SQL injection attacks.
    • Output Extended PII – Collect more potential PII data occurrences and show in the AI agent output with PII detected chart. The data is collected by analyzing LLM output for additional potential PII data patterns beyond those specified in Data Privacy. These PII data patterns include U.S. CA drivers license, U.S. passport number, and vehicle ID number.
    • Output PII Violation – Collect and show data in the AI agent output with PII detected chart. The data is collected by analyzing LLM output for potential PII sensitive data patterns specified in Data Privacy. For example, U.S. phone number or credit card number.
    Sensitive data input and anonymization
    This section shows the data patterns enabled in Data Privacy to detect and anonymize information in LLM prompts. Use this view as a quick reference when troubleshooting Sensitive data detected and Sensitive data anonymized charts. This feature requires the Data privacy plugin to be installed. For more information on how the data is sent and stored, see User data usage policy for Now Assist.
    Score weight
    This setting controls how the LLM guardrail categories that comprise the score are weighted. You can change the default weights or remove categories from the score by deactivating them. The score formula is an average across all managed AI assets.
    AI asset security score configuration with default weights shown.