SNOW-21.1: Agent Script Accessing Sensitive Table Without Privacy Guard
๐จ Critical ยท ServiceNow Data Exfiltration
Detects agent-accessible scripts that query sensitive ServiceNow tables (sys_user, sys_user_has_role, cmdb_ci, incident, hr_case, sys_attachment) without data privacy classification guards. When an AI agent ingests PII fields into its context window, data can be exfiltrated to unauthorized users or leaked through external API integrations.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | SNOW-21.1 |
| Severity | Critical |
| Category | ServiceNow Data Exfiltration |
| Platforms | servicenow |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to SNOW-21.1.