ServiceNow Unauthenticated API Access Vulnerability
In June 2026, a critical broken access control vulnerability was identified in ServiceNow hosted instances, allowing unauthenticated actors to gain unauthorized access to customer environments, likely via API exploitation. The flaw permitted potential data exposure and administrative access. While ServiceNow deployed a security update on June 5, 2026, to mitigate the risk, the incident was complicated by bug bounty researchers whose testing triggered security alerts in several organizations, creating false-positive breach notifications. Organizations should audit API logs for anomalous unauthenticated calls and unauthorized administrative activity to determine if their specific instance was compromised prior to patching.
EVA-Bench Data 2.0: Standardizing Agentic AI Governance and Security
The transition of Large Language Models (LLMs) from conversational interfaces to "Agentic AI" necessitates a shift toward autonomous systems capable of executing complex workflows through tool manipulation. EVA-Bench Data 2.0 serves as a standardized benchmarking framework designed to quantify the reliability, security, and reasoning efficacy of these autonomous agents. By testing 121 diverse tool/API schemas across 213 task-specific scenarios and three domain models, the dataset evaluates critical failure points such as tool-calling accuracy and reasoning latency. This research is vital for identifying "Agentic Prompt Injection" vulnerabilities and quantifying the risk of unauthorized autonomous tool execution within production IT and data center environments.