ServiceNow Armis and the Agent-Era Control Plane

On April 22, 2026, ServiceNow announced the acquisition of Armis for $7.75 billion.

The number got the headline. The structural story is more important and most enterprise security commentary missed it.

Armis is an asset visibility and posture management company. Their core product is a registry of every connected device in an enterprise environment, with a security posture assessment on each one. They built the company over a decade. The market they own is OT, IoT, medical devices, building systems, and the long tail of unmanaged connected things that traditional endpoint security never covered.

ServiceNow does not buy a $7.75 billion company because they want OT visibility. ServiceNow buys a $7.75 billion company because they want the position that company holds in the next-generation control plane.

The pattern is older than enterprise AI. It is the cloud-era pattern, repeating.

The cloud-era three-layer control plane

In the cloud era, enterprise security infrastructure consolidated into three architectural layers. The layers were defined by what they controlled, not what they marketed.

Layer 1: Identity. Okta.

Who can sign in. What roles they have. What groups they belong to. What systems they have access to. Okta won this layer by being the IdP that worked across every SaaS application the enterprise bought. The layer is defined by the question: who is this person?

Layer 2: Network access. Netskope.

What sites the person can reach. What data they can send and receive over the network. What categories of content the network policy allows or blocks. Netskope and the CASB category won this layer. The layer is defined by the question: where can this person’s traffic go?

Layer 3: Network security. Zscaler.

What gets inspected before it leaves the enterprise perimeter. What threats get blocked at the gateway. What data loss prevention rules apply to traffic in flight. Zscaler became the dominant pure-play in this layer. The layer is defined by the question: what is in this person’s traffic and is it safe?

Three layers. Three categories. Three vendors that became platform companies. Most regulated enterprises bought all three. The CISO who tried to consolidate on a single vendor across all three layers ended up with weak posture in at least one of them.

The agent-era three-layer control plane

The agent era splits the control plane the same way, with different vendors and different specific questions.

Layer 1: Identity. Veza.

Who is the agent. What identity does it inherit. What human delegated authority to it. What scope was that authority. Veza is the closest analog at the agent-identity layer to what Okta was at the human-identity layer. The layer is defined by the question: who is this agent, really?

This is the layer that requires cryptographic identity binding. Each agent constructed as a distinct principal. Anchored to a verified human at NIST IAL2/AAL2. Bound to a trusted registry. These are the controls the Five Eyes joint advisory specifies. Veza, SailPoint, and a small number of agent-identity startups are competing for this layer.

Layer 2: Agent inventory and posture. Armis (post-acquisition).

Every agent operating in the enterprise. The posture of each agent. The drift from the agent’s intended behavior. The lifecycle state. The layer is defined by the question: what agents do we have and are they behaving?

This is the layer ServiceNow just bought. Armis already does this for connected devices. Extending the same architecture to AI agents is straightforward and ServiceNow is going to do it fast. The $7.75 billion price reflects what the layer is worth as agent deployments scale. ServiceNow’s existing workflow stack provides the integration surface. Armis provides the registry and posture engine.

Layer 3: Agent runtime governance. (Open.)

What did the agent actually send to the model. What came back. Was the prompt redacted before transmission. Was the response logged with identity attribution. Was the MCP tool call governed at the point of invocation. The layer is defined by the question: what is in the agent’s actual data path?

This is where APERION sits. SmartFlow is the enterprise product at this layer. On-premises, Kubernetes-native, inline at every prompt, response, and MCP tool call.

The pure-play vendor at this layer has not been claimed by a $7.75 billion acquisition yet. The market is still settling. Existing AI gateway companies address parts of this layer. None of them have consolidated the full set of controls at enterprise scale.

Why the runtime layer matters most

Of the three agent-era layers, the runtime layer carries the most immediate procurement pressure for regulated enterprises.

The reason is regulatory. When an agent sends customer PII to a public model, the regulatory exposure is at the runtime layer. The identity layer can prove who delegated authority. The inventory layer can prove the agent existed and was tracked. Neither layer can prove what data left the enterprise perimeter or whether it was redacted before leaving.

The runtime layer produces the evidence regulators ask for. SR 11-7 model risk management requires evidence of what the model was given and what it produced. FINRA 3110 supervision requires evidence of every communication with a representative-equivalent system. EU AI Act conformity requires evidence of input data governance and output traceability. HIPAA requires evidence that PHI did not leave the covered environment.

Every one of those evidence requirements is a runtime-layer requirement. The identity layer and the inventory layer are necessary, but the runtime layer is where the regulator’s question gets answered.

A CISO at a Tier 1 bank can pass a regulatory examination with weak identity governance if the runtime layer is strong. The CISO cannot pass with strong identity governance and weak runtime governance. The regulator does not care who you said you were. The regulator cares what you actually sent.

What the next eighteen months looks like

The agent-era control plane is being assembled vendor by vendor. Read the M&A and product announcements as a procurement map.

Identity layer (Layer 1). Veza is the public-market signal. The category will see additional consolidation as identity vendors recognize that agent identity is a separate problem from human identity. Expect Okta, SailPoint, and Ping to make either acquisitions or product launches in 2026 to address agent identity directly.

Inventory layer (Layer 2). ServiceNow Armis is the public-market signal. CrowdStrike, SentinelOne, and Palo Alto Networks will face pressure to address agent inventory and posture in the same architectural pattern. Some will buy. Some will build. The category will have multiple competitive entrants by Q4 2026.

Runtime layer (Layer 3). This is the layer where the M&A signal has not yet arrived. The reason is that the pure-play runtime-governance category is younger than the inventory and identity categories. The vendors that will define the layer are in seed and Series A stages today. By Q1 2027 the category will look obvious to acquirers. By Q3 2027 the pricing will be set by the first major acquisition.

If you are a CISO procuring at this layer in 2026, you have the unusual situation of buying into a category before the major M&A defines it. That has procurement consequences: the vendor you choose will likely be the vendor your acquirer asks you to support after consolidation.

The architectural answer

Most enterprise security architecture today treats AI governance as a single budget line item. One vendor for AI governance. One signature on the procurement document.

That is the wrong shape. AI governance is at least three layers. Probably four if you count audit and evidence as a separate layer, which is the position APERION takes with the Trust Fabric.

The CISO who consolidates on a single AI governance vendor across all three layers will end up with the same weakness pattern that single-vendor consolidation produced in the cloud era: strong posture in the vendor’s strongest layer, weak posture everywhere else. The architectural answer is to procure each layer separately, integrate them at the data plane, and budget accordingly.

ServiceNow paying $7.75 billion for Armis is a leading indicator that the category boundaries are settling. The vendors who win each layer will become platform companies of significant scale. The vendors who try to win all three layers will become uncompetitive in each of them.

The runtime layer is still open. The procurement decisions made in the next twelve months will set the category for the next decade.

Technical companion: SmartFlow Platform Overview. Runtime governance architecture, controls, and integration patterns.

Where APERION sits in the Trust Fabric: Trust Fabric architecture page. The runtime layer in the three-layer agent-era control plane.

The Five Eyes advisory and runtime controls: Careful Adoption of Agentic AI Services.