SmartAI Ops is now live on the @ServiceNow Store.
Most teams putting AI to work on ServiceNow can't answer two basic questions: what is it costing us, and who is actually using it? They see activity. They don't see economics. That gap gets expensive fast, and it is exactly the gap we built SmartAI Ops to close.
SmartAI Ops extends ServiceNow AI Control Tower into AI operations and financial governance. AICT owns responsible AI: the policy, risk, and oversight side. SmartAI Ops adds the operational and financial layer on top: cost analytics with attribution and anomaly detection, developer and user productivity insights, MCP and tool observability, and operational alerting for whatever needs attention right now.
The two work together. AICT tells you whether your AI is governed and safe. SmartAI Ops tells you what it costs, who is using it, and what is breaking. Standalone scoped app, installs independently, runs alongside AICT or on its own.
The base version is free to download right from the Store. Reach out to Will Thomson or Maggie Davis for a walkthrough, help getting set up, or to see what the full version adds.
Most defense contractors are still watching the November 2026 CMMC deadline. Their primes already stopped waiting.
When the CMMC rule took effect last November, the headline was the timeline: self-assessments now, third-party Level 2 certification required for CUI contracts in late 2026. That part is true, and it buries the part that is already reshaping the market.
CMMC requirements flow down to every tier. That makes primes contractually accountable for the compliance of every subcontractor that touches Controlled Unclassified Information. So they are not waiting for the deadline. Many are already making Level 2 certification a condition of new purchase orders and pulling non-compliant suppliers out of program work.
This changes the problem on both sides.
Subcontractors who assumed self-assessment bought them another year are learning that their largest customer disagrees. And primes are discovering they cannot easily answer a basic question: which of our suppliers are certified, at what level, with what score, on which task order?
That is where this stops being a policy question and becomes an operational one. We help organizations manage CMMC scope and supplier readiness directly inside @ServiceNow, mapping where FCI and CUI live, tracking control health across the supply chain, and turning flow-down from a spreadsheet scramble into a governed program.
If you are a prime trying to get visibility across your suppliers, or a sub racing to certify before you lose eligibility, let's talk. Reach out to Will Thomson or Maggie Davis.
#CMMC #ServiceNow #DefenseContracting #Cybersecurity #Compliance #ThirdPartyRisk #C1Secure
@FedRAMP 20x is quietly changing what "compliance" even means for cloud providers, and most teams haven't fully clocked it yet.
The old model: implement a control, write it up, collect screenshots, survive an annual audit. The result was a giant pile of documentation that was out of date the moment you published it.
20x flips the unit of compliance. Instead of controls and paperwork, you work from capability statements: plain-English security outcomes, called Key Security Indicators, that you prove with evidence and keep proving on a recurring cadence. FedRAMP publishes these KSIs as structured data, updated regularly, so the catalog is live. This is continuous assessment, not a once-a-year event.
Here's the trap most tools fall into: they treat KSIs as just another control type and jam them into an old control library. KSIs are not controls. Force-fitting them loses the continuous posture 20x is built for.
So we built C1 SmartRAMP 20x, native to @ServiceNow and built around the actual shape of 20x. The KSI Explorer gives you a live view of all 46 Key Security Indicators inside ServiceNow, with their linked NIST controls. As FedRAMP updates the catalog, yours updates too.
Our take: 20x is the right direction. Compliance that reflects the live state of your environment beats documentation that's stale on day one. Credit to FedRAMP and Pete Waterman's team for rebuilding the model instead of patching it.
If you're a Cloud Service Provider, Federal Agency, or 3PAO figuring out what 20x means for you, comment below.
@ServiceNow said ship faster. Build Agent, Autonomous Platform, AI agents everywhere. We just built SmartReady to give Platform Owners a way to govern what ships.
Release assurance for ServiceNow. Available now.
#ServiceNow#C1Secure#AIGovernance
"Compliance is a cost center and slows us down." We think that's backwards.
Our CEO, Tom Thomson, sat down to make the opposite case: compliance, run the right way on @ServiceNow , becomes a competitive edge, especially now with the additions of @ArmisSecurity and @vezainc.
The conversation digs into AI compliance and what changes when governance lives inside ServiceNow instead of scattered across spreadsheets.
A first look below. Full conversation coming soon.
Thanks to the BrightTALK team.
Every federal agency just got a new compliance clock, and most don't know it started.
On May 22, OMB released M-26-14, replacing the federal logging directive that has driven agency security spending for years. The old approach of hoarding raw log data with no operational purpose is officially dead. The new mandate: risk-based, prioritized logging built around real-time monitoring and threat response.
Once CISA publishes the Logging Reference Architecture, agencies face hard deadlines:
→ 90 days: Submit an Agency Logging Plan
→ 120 days: 70%+ of IT, OT, and IoT assets inventoried → 180 days: 80%+ with daily inventory updates
→ 320 days: 90%+ inventory with 70% tuned alert coverage
The part most teams will underestimate: maturity is scored on a lowest-watermark basis. One weak element drops the entire agency rating to Level 0. Partial credit does not exist.
Everything in this memo rests on one prerequisite many agencies have not met: a complete, continuously verified asset inventory across IT, IoT, and OT. @ServiceNow 's acquisition of @ArmisSecurity addresses that visibility layer directly. But visibility alone is not compliance.
Agencies still need security incident response, vulnerability management, and continuous monitoring operationalized on the same platform. That is where we come in. @c1_secure builds the operational backbone on ServiceNow that makes programs secure by design.
If your team is planning around this, let's connect.
Comment "OMB" below to learn more!
@a16z 202% growth and the work still mostly happens in spreadsheets. The opening isn’t new compliance software. It’s AI that does the drafting, scoring, and evidence work inside the systems these teams already run.
Open an attestation record. Ask the AI to explain the control. Get back an evidence-grade response that holds up under audit.
That is the SmartAI Compliance Analyst, the first reasoning worker shipping on SmartWorks, our governed AI platform on @ServiceNow.
SmartWorks is a governed AI hub on ServiceNow with support for multiple AI providers, configurable table-level access controls, and full tracking of every action, tool invocation, and table touch on the platform. The Compliance Analyst is the first of what we are calling SmartWorks SmartAI Analysts: role-scoped, record-embedded reasoning workers built to compose into ServiceNow's Autonomous Workforce. It reasons across NIST, CMMC, FedRAMP, SOC 2, ISO, HIPAA, PCI, and more, all governed by AI Control Tower and activated through SmartAI Ops.
Our Analysts are complementary to ServiceNow AI Specialists, not parallel. Specialists run the operational workforce. Our Analysts run the reasoning workforce, producing work that holds up outside the platform. The Compliance Analyst is one of many, and the catalog underneath is broader than what we are showing today.
This is our third release in three weeks. Three weeks ago we shipped SmartAI Ops, giving CIOs and CFOs visibility into AI operations paired with ServiceNow AI Control Tower. Last week, SmartReady, release assurance with App Passports for every AI-built and business-built app heading to production. Today, SmartWorks and the SmartAI Compliance Analyst.
More coming.
@ServiceNow said ship faster. Build Agent, Autonomous Platform, AI agents everywhere. We just built SmartReady to give Platform Owners a way to govern what ships.
Release assurance for ServiceNow. Available now.
#ServiceNow#C1Secure#AIGovernance
Biggest Knowledge yet for C1Secure. Partner of the Year award, a product launch, and a platform direction from @ServiceNow that lines up with everything we are building.
#ServiceNow#Knowledge2026#K26#C1Secure
This week we joined @ServiceNow for an AI Control Tower Deep Dive Workshop on governing AI and delivering value safely.
C1Secure 's focus: extending AICT with the layer that converts governance intent into an executable program.
#AIControlTower#AIGovernance#C1Secure#Servicenow
The biggest drain on GRC is translation. The back-and-forth between owners and reviewers over control objectives stalls progress for weeks.
C1 SmartCompliance Suite on @ServiceNow bridges this gap, moving to a standard of continuous assurance.
#GRC#AI#ServiceNow#C1Secure
At C1Secure, we help organizations get AI-ready, then deploy agents that act, automate, and scale.
The maturity gap is real. Let’s close it.
Comment, send us a DM, or go to our website to learn more about our AI capabilities.
#AIStrategy#EnterpriseAI#Automation
One of the most striking insights from the AI Summit:
AI maturity dropped 20%.
Why? Most organizations are still stuck in pilots and proofs of concept.
POCs don’t scale. Pilots stall. ROI never shows up.
AI maturity isn’t about flashy demos. It’s about embedding agents directly into workflows that automate, accelerate, and deliver measurable outcomes.
FedRAMP ConMon is stuck in the past. 🕰️
C1 SmartConMon 20x brings it to the future:
⚡ Automates POAM + FIIW
⚡ Delivers machine-readable KSMs
⚡ Cuts reporting time by 80%
Ready to leave manual ConMon behind? Comment "C1" to request a demo.
#FedRAMP#SmartConMon#C1Secure
Just wrapped the ServiceNow AI Summit in Atlanta
Proud to sponsor and even prouder of the C1Secure team that makes it easy to showcase how we’re driving AI-powered automation, security, and compliance forward
On to what’s next 📈
#ServiceNow#AISummit#AI#Automation#C1Secure
AI is transforming security & risk.
Join us at @ServiceNow Summit Atlanta on Aug 26 to see GenAI in action.
Atlanta, GA | Free to attend
Linke to register in comments
#ServiceNow#C1Secure#AI#GenAI