Wednesday 11 March 2026, 08:31 PM
Governing enterprise AI: Inside ServiceNow's Australia release and the AI Control Tower
Discover how ServiceNow's March 2026 Australia release uses the AI Control Tower, MCP, and Service Graph Connectors to govern AI assets in the CMDB.
For the last few years, we’ve been treating enterprise AI like magic. Developers spin up models, tweak system prompts, pipe sensitive data through third-party APIs, and hope for the best. It’s been an incredible era of rapid prototyping, but in my experience, it’s also created a governance nightmare. We are essentially watching the birth of Shadow IT on steroids.
When I look at the five-to-ten-year horizon for the tech industry, the companies that win won't necessarily be the ones building the most parameter-heavy foundation models. The real winners will be the ones that figure out how to govern, scale, and secure these models within existing corporate infrastructures.
That brings us to ServiceNow’s March 2026 Australia release. With the introduction of their updated AI Control Tower, we are finally seeing a paradigm shift: AI is transitioning from an experimental black box into a strictly governed, trackable IT asset.
Taming the black box with the AI Control Tower
If you want to understand how an enterprise actually functions, you look at its Configuration Management Database (CMDB). Historically, AI lived outside of this. With the Australia release, ServiceNow is forcing granular AI components—specifically prompts, datasets, and agentic servers—into the CMDB as standard Configuration Items (CIs).
This is a massive step for practical innovation. Within the AI Control Tower, organizations can now designate these components as either "managed" or "unmanaged." This dual-track system is a smart nod to how development actually works here in the Valley. We need sandboxed, unmanaged environments to iterate and break things. But when an AI asset touches production, it requires strict lifecycle management.
However, we have to be critical here: the unmanaged asset designation is a glaring loophole. If newly formalized "AI Stewards" aren't diligent, developers will absolutely use the unmanaged tier to bypass governance protocols. As we stare down the barrel of the EU AI Act and frameworks like ISO/IEC 42001:2023, leaving that loophole unmonitored is a massive liability.
The Model Context Protocol is the new standard
The unsung hero of this release is the integration of the Model Context Protocol (MCP). Originally developed by Anthropic, MCP was donated to the Linux Foundation in December 2025. I cannot overstate how important this transition was. By cementing MCP as an industry-wide open standard, we finally have a vendor-neutral interoperability layer for AI. We can stop relying on brittle, bespoke REST APIs.
ServiceNow has engineered its platform with a dual MCP architecture, acting as both an MCP Host/Client and an MCP Server. This bidirectional capability is exactly the kind of scalability I look for. It means a ServiceNow AI Agent can securely reach out to an external tool to pull data, while an external model like Claude or ChatGPT can directly access ServiceNow skills—like searching a record or creating an incident—right through the protocol.
To manage this traffic, the Australia release introduces an AI Gateway featuring Global MCP Clients and an MCP Catalog. Administrators can centrally manage and authorize MCP server access across the entire enterprise. It fundamentally streamlines the onboarding of new agentic capabilities while tracking the metrics that actually matter to security teams, like authorized versus failed access attempts.
Automated discovery across the hyperscalers
Of course, governance only works if you actually know what’s running on your network. To solve this, ServiceNow deployed native Service Graph Connectors specifically engineered for the AI Control Tower.
These aren't your standard API hooks. They enable the automated discovery and ingestion of AI assets directly from major hyperscalers like AWS, GCP, and Azure. More impressively, they also pull telemetry from agentic orchestration frameworks like LangGraph and n8n. Centralizing all this metadata into the CMDB provides a single pane of glass for AI security and cost optimization.
Looking at the next decade of enterprise AI
We are moving past the hype cycle. The next decade of AI isn't going to be defined by flashy vaporware; it's going to be defined by infrastructure, accessibility, and accountability.
By treating AI models, prompts, and datasets as boring, highly regulated IT assets, ServiceNow is laying the tracks for sustainable enterprise AI. It’s a necessary maturation for the industry. If we want AI to genuinely act as "tech for good" at a global scale, we need the guardrails to ensure it behaves. The Australia release proves that the tools to build those guardrails are finally here. Now, it's on us to use them correctly.