ServiceNow (NYSE: NOW) to acquire Armis for $7.75bn as AI cybersecurity shifts from siloed tools to unified exposure management

ServiceNow (NYSE: NOW) has announced a definitive agreement to acquire cyber exposure management firm Armis for $7.75 billion in cash, marking a strategic push into full-spectrum security operations across IT, OT, cloud, and medical environments. The move signals ServiceNow’s ambition to build a real-time, AI-native security stack that addresses the rising complexity of enterprise threats amid accelerated AI adoption.

Armis, already recognized as a leader in agentless device visibility and cyber-physical risk mitigation, brings a differentiated dataset and operational layer that will pair with ServiceNow’s AI Control Tower and Security Operations workflow capabilities. Once complete, the transaction is expected to more than triple ServiceNow’s addressable market in the security and risk segment and strengthen its positioning as a proactive cybersecurity platform vendor.

Why is ServiceNow acquiring Armis and how does it fit into its AI-native cybersecurity roadmap?

At the core of this acquisition is a structural bet: that exposure management, asset intelligence, and end-to-end automated remediation will become inseparable components of next-generation cybersecurity. With AI expanding the digital attack surface, enterprises are seeking unified solutions that go beyond endpoint protection or siloed threat intelligence feeds.

ServiceNow’s acquisition of Armis is less about adding another security module and more about consolidating control of the cybersecurity value chain—from asset discovery to incident response—within its platform. Armis offers real-time agentless discovery of connected devices, including traditionally hard-to-monitor segments such as industrial control systems, healthcare equipment, and IoT sensors. Its strength lies in contextual awareness of unmanaged assets, something traditional endpoint detection and response tools have struggled to achieve.

Paired with ServiceNow’s Configuration Management Database (CMDB) and AI Control Tower, Armis’ data layer becomes operationally actionable—helping security teams not just understand where exposure exists, but route it through automated workflows based on business context, priority, and remediation playbooks.

The transaction is timed to capitalize on two converging trends: the surge in AI-generated threat vectors, and the institutional demand for scalable trust architectures. With over $1 billion in annual contract value now attributed to its Security and Risk business, ServiceNow appears to be cementing its shift from workflow automation provider to security operations backbone.

What does the Armis acquisition mean for ServiceNow’s position in enterprise cybersecurity?

The acquisition pushes ServiceNow into direct competition with incumbent security platform vendors, particularly those attempting to integrate exposure management, threat intelligence, and remediation—like Palo Alto Networks, CrowdStrike, and Tenable. But unlike traditional security vendors, ServiceNow approaches the problem from a workflow-first perspective, betting that long-term defensibility lies in the ability to automate resolution at scale rather than detect anomalies in isolation.

Armis complements this strategy by offering the real-time visibility layer required for such automation to be effective. The two companies already share integrations that map Armis’ asset intelligence into ServiceNow’s workflows. Now, under a single umbrella, those integrations can evolve into tighter system-wide coherence. Importantly, this also allows ServiceNow to extend its influence over operational technology security—a fast-growing but historically fragmented segment.

For large enterprises with sprawling device fleets and complex regulatory obligations, a consolidated view of exposure paired with enterprise-grade automation could drive material reductions in mean time to detect (MTTD) and mean time to remediate (MTTR), both of which remain critical security metrics.

How might this reshape market dynamics for AI-driven security operations platforms?

The combination of ServiceNow and Armis reframes the category of “Security Operations Platform” from an aggregation of detection tools into a forward-deployed risk mitigation system—closer to the AI-native Zero Trust enforcement models that public sector and critical infrastructure operators are increasingly being nudged toward.

ServiceNow is also positioning itself as a platform of platforms, one that orchestrates not just business workflows but AI agents, policy enforcement, and exposure response. This could attract cloud infrastructure players, regulated industries, and large integrators seeking an orchestration-first approach to AI security.

Armis, which surpassed $340 million in ARR with over 50% year-on-year growth, adds significant scale and cross-sector credibility. With over 35% of Fortune 100 and seven of the Fortune 10 already using Armis, ServiceNow gains not just a product, but a customer base that includes high-trust environments such as defense, manufacturing, and healthcare.

What are the potential risks and execution challenges in the ServiceNow–Armis integration?

While the deal offers strategic synergy, it also comes with execution risks typical of high-valuation acquisitions. At $7.75 billion, the acquisition will require substantial integration payoff to justify the cash outlay. ServiceNow expects to fund the purchase through a combination of cash and debt, which may draw scrutiny from investors looking for clarity on margin expansion and return timelines.

Moreover, the integration of Armis into the ServiceNow AI Platform will need to balance technical depth with customer ease-of-use. Overlapping capabilities, different data models, and varied go-to-market strategies between the two firms may slow down unified product delivery if not tightly managed.

Regulatory approvals could also introduce delays, given Armis’ visibility into critical infrastructure, public-sector contracts, and healthcare environments. Data sovereignty and cross-border compliance will be key watchpoints, especially as ServiceNow attempts to position itself as a global AI trust layer.

How are institutional investors and analysts likely to interpret this deal?

The Armis acquisition arrives amid a broader investor rotation into AI security platforms, and it reflects ServiceNow’s intent to not just ride the AI wave but anchor its growth in structural enterprise problems—cybersecurity being one of them. Analysts may interpret this as a signal that ServiceNow intends to consolidate more capabilities into its platform and shift more decisively toward the AI-native stack.

The transaction also offers forward indicators of ServiceNow’s M&A appetite. By targeting a high-growth cybersecurity vendor with both private and public-sector traction, ServiceNow could be telegraphing a broader push into regulated markets and defense-aligned enterprise infrastructure.

Investors may focus on whether this deal accelerates ServiceNow’s addressable market expansion in line with its long-term revenue targets and if the acquisition will contribute to higher gross retention and upsell opportunities across its existing customer base.

Will this acquisition accelerate convergence across cybersecurity, IT operations, and AI governance?

If executed well, yes. The ServiceNow–Armis combination is arguably a blueprint for what convergence looks like in the AI-native enterprise: integrated asset visibility, risk-aware workflows, continuous exposure reduction, and identity-governed automation. It also reflects a growing belief among CIOs and CISOs that cybersecurity is not a separate vertical, but a horizontal requirement for all AI workflows.

The AI Control Tower model being advanced by ServiceNow hinges on this premise. Armis’ device intelligence feeds could serve as one of several input layers to AI agents managing compliance, access, threat detection, and remediation in real-time. This would shift AI governance from static policy management to dynamic, asset-aware enforcement.

The coming months will determine whether ServiceNow can translate this thesis into product clarity and measurable security outcomes—or whether the complexity of integrating two ambitious platforms slows momentum.

What does the ServiceNow–Armis deal mean for the future of AI-native cybersecurity?

• ServiceNow is acquiring Armis for $7.75 billion to consolidate asset discovery, exposure management, and security workflow automation on a unified AI platform.
• The acquisition more than triples ServiceNow’s market opportunity in cybersecurity and reinforces its pivot toward full-stack, AI-native risk management.
• Armis brings agentless, real-time visibility across unmanaged devices, cloud, OT, and medical environments—areas underserved by traditional EDR tools.
• The combined platform could give ServiceNow a competitive edge over traditional cybersecurity vendors by offering remediation-first security operations.
• Institutional sentiment may favor ServiceNow’s strategic positioning, but clarity on integration timelines and ROI will be critical.
• The acquisition reinforces the growing convergence of cybersecurity, IT operations, and AI governance across sectors.
• Execution risk lies in technical integration, overlapping capabilities, and regulatory complexities related to Armis’ public-sector exposure.
• If successful, this deal could redefine enterprise expectations for cyber asset exposure management in the age of autonomous systems.