ServiceNow’s recent vulnerability, dubbed BodySnatcher, poses a serious risk by allowing unauthenticated users to exploit AI functionalities within its platform. Specifically, this flaw affects the Now Assist AI Agents and Virtual Agent API applications, enabling attackers to impersonate any user and create backdoor accounts with admin privileges. The vulnerability highlights the risks associated with rushed AI integrations in software products, as these features can inadvertently widen the attack surface. AppOmni's researchers characterized BodySnatcher as the most severe AI-related security issue uncovered to date. The flaw exploits the Virtual Agent API, which integrates external chat interfaces with ServiceNow’s platform, using simple authentication methods like static tokens and email address checks. Attackers can impersonate users by knowing their email and the API token. The platform’s evolution to support external AI agents further complicates security; an attacker can bypass normal authentication requirements by leveraging the existing Virtual Agent API. The researchers demonstrated that they could use this vulnerability to create a backdoor user with admin rights by manipulating the AI agent’s workflows, ultimately using the victim's email to reset the new user's password. ServiceNow has addressed the vulnerability by patching hosted instances and advising customers to update their applications. However, the security advisory detailing the issue was only made public after the patch was applied. AppOmni warns that the underlying misconfigurations that allowed for this exploit could still persist in custom code or third-party solutions. Their recommendations urge ServiceNow administrators to enforce multi-factor authentication for account linking and to closely review configurations to mitigate similar risks in the future.