Rethinking Cyber Resilience in the Age of AI Agents: Accenture and ServiceNow at Knowledge 2026

AI-led cyberattacks have already hit. Recent incidents involving agentic AI systems, including the widely discussed Claude Mythos case, have highlighted how quickly the threat landscape is evolving. The fragmented tools and siloed teams most enterprise security architectures rely on were built for a different attack surface, at a different speed.

At ServiceNow Knowledge 2026, Melody Brue sat down with Trevor Houck, Managing Director of Operational Technology (OT) Security Operations at Accenture, to break down what cyber resilience actually requires when AI agents are both the weapon and the defense.

The conversation goes into the realities most security discussions avoid: OT environments where shared accounts on industrial control systems are necessary for safety, not simply a compliance issue. It also explores how entitlement drift quietly builds up over time as HR and IT miss role-change cleanup, and why enterprises are falling behind on governance for AI agents. The discussion also examines how ServiceNow’s acquisition of Armis strengthens OT and IoT visibility when integrated into the AI Control Tower.

Houck's position on agents is straightforward: professionals not using multiple agents throughout their workday in a few years may be doing their jobs wrong. The same urgency applies to the governance layer underneath those agents.

Key Takeaways:

🔹 Every AI agent needs an identity, scoped permissions, and an audit trail from day one. A human with improperly scoped access creates one incident. An agent with the same problem generates thousands of actions before detection.

🔹 OT security breaks standard Identity and Access Management (IAM) assumptions. Life-safety constraints, shared control accounts, and legacy equipment require governance built for industrial reality, not retrofitted from enterprise IT frameworks.

🔹 Entitlement drift is continuous and largely invisible. Agents monitoring job profiles and role changes catch the privilege accumulation that manual HR and IT reviews consistently miss.

🔹 ServiceNow's Armis acquisition closes the OT and IoT visibility gap. Asset discovery feeding directly into ServiceNow's workflow engine and AI Control Tower turns manual risk decisions into automated ones.

🔹 Agentic defense is becoming foundational enterprise infrastructure. The organizations building identity governance, permissions, and control layers now aren’t just reducing current risk, they’re determining how safely and confidently AI can scale across the business over the next decade.

Disclaimer: Six Five Media is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.

TREVOR HOUCK:

In a couple of years, if we're not having multiple agents help you throughout your day, you may be doing your job wrong. And there's opportunities, I believe, for every role to kind of speed up that delivery.

‍

MELODY BRUE:

Hello, and welcome Six Five On The Road. I'm Melody Brue. Today, I'm going to be digging into what changes in security and the security landscape as AI goes across the enterprise. I am joined by Trevor Houck from Accenture.

‍

TREVOR HOUCK:

Thank you.

‍

MELODY BRUE:

How are you?

‍

TREVOR HOUCK:

Doing great today. 

‍

MELODY BRUE:

So the security landscape has changed in a big way. What does that mean for you and for your partnership with ServiceNow?

‍

TREVOR HOUCK:

Yeah. As we know, AI has changed this dramatically for us. We've always been talking about the dangers of accelerated cyber attacks for years, and what we've seen in the last couple of months now with Mythos and the number of AI-led cyber intrusions just forced us to change the way that we've been thinking. Typically, we look at traditional client problems that we've had and say, if we're solving this the same way we did six months or a year ago, then we're not doing the right way. We have an increased tax service, the speed of which it's happening is dramatically closer. We're also working with siloed security teams inside our client environments. And so one of the ways that we're trying to get on top of that is rethinking how we approach these things, how we're embedding AI tooling in our assessments, in our delivery, in our analysis of what we can actually do to solve our clients' problems, and trying to speed that up with both reducing the amount of time and increasing the precision in how we just deliver our service.

‍

MELODY BRUE:

Trust is a big factor in AI and in AI adoption. And so how do you kind of approach that hurdle to even get past that point to start talking about the security and looking ahead of what are not just the things that you can do now, but almost like the vaccinations for the future? How do you look at that?

‍

TREVOR HOUCK:

Yeah, precisely. So one of the things that we've, as an entire firm, not just our security practice, we've been doubling down on all of our AI investments, and not only just for our client-facing tools that we use for accelerated delivery, but also internally changing the processes of everything, as in As an end user of a number of our internal support tools, our HR systems, everything's gotten dramatically faster and more accurate as well, which, frankly, I'm happy about because it speeds up my time and allows me to spend more time on where I enjoy with my clients. The trust factor there is huge. I mean, it's really turned the whole identity space on its head now, too. We're not just worried about the identity profiles of users, but our agents, our machine-level accounts, et cetera. And so working with a number of our partners, like Anthropic, NVIDIA, to really drive them all that innovation. And not doing it in a bubble as well, but really leveraging our entire AI vendor ecosystem.

‍

MELODY BRUE:

Yeah, as we start to work as AI, almost like as a co-worker and as working autonomously, that's a lot of identity to be able to manage throughout the enterprise. So what should companies be thinking about and how are you guys approaching helping your customers kind of wrap their heads around that and really have visibility into the entire organization and the human identities as well as the non-human identities?

‍

TREVOR HOUCK:

Precisely, and this is actually near and dear to my heart because on my day-to-day I focus on OT cybersecurity and so there's a number of times that we have to struggle with solving identity problems because there's a lot of times where it's not safe to only have one user account on a control board because in a life-or-death situation where a relay needs to be switched, we don't have time for someone to unlock a workstation. or for a backup operator to come in. We need shared user accounts, shared control boards, and so very similar mindset of thinking of assigning identities to agent versus real people versus control operators. And one of the problems that we've had to work through is legacy obsolete equipment of those control environments as well. And so we're working with our major identity partners to solve those problems as well. And not just applying an old way of thinking with that, but basically rethinking about how we're doing everything. So not just traditional roles and permissions, but looking at the entire IGA layer of governance around those identity front schools as well.

‍

MELODY BRUE:

And from what I understand it, that identity management starts with almost like a human factor of like hire to retire in that agentic framework.

‍

TREVOR HOUCK:

Yes.

‍

MELODY BRUE:

So that's a very interesting way of looking at it. But when you kind of have to tell the difference between, okay, this was done by a human, I hear Accenture constantly talking about like humans in the lead, that you have to manage those agents. And often the human is responsible for the work of the agent, even if the agent is doing that. So from a security standpoint, from a risk standpoint, operationally, how do you kind of wrap that together to help customers get to that point of feeling safe within that environment?

‍

TREVOR HOUCK:

Yeah, that's a big item to address. And I was just listening to an interview of the CEO of NVIDIA, where they were talking about internal employees not using their entire quota of AI usage. And from the outside looking in, someone can say, well, that's not fair to measure it, because maybe they have the skills to do it themselves. But he used the example of, if we're paying a chip maker to make chips for us, we don't want them using pencil and paper to design it. We want them using computers. The most advanced. So really looking at AI as not a way to replace employees, but as a way to accelerate everything that they're doing. And in a couple of years, if you're not having multiple agents help you throughout your day, maybe doing your job wrong, right? And there's opportunities, I believe, for every role to kind of speed up that delivery. And one of the things I've been looking, or frankly excited for, is using agents to help with the identity process, not just hiring someone and when someone retires, but also when they're changing roles and responsibilities within their first same company. If someone has a critical need for a systems administrator role in an initial role they're hired for, in a couple years, they were promoted to a manager or director of a role where it's more oversight. Do they still need that level of administrative credentials? Probably not. And it's a very manual, thorough process. for someone in HR and IT and cyber to consolidate that. And frankly, it usually gets left by the wayside. So leveraging our agents to look at job profiles, job descriptions, and tying that to entitlements and organization is another way that we've been trying to lower the risk of organizations.

‍

MELODY BRUE:

You know, one of the things that's talked about a lot with AI is that Everybody has to be responsible for security across the organization. It used to be security was a function that lived, you know, under the CISO. And most employees didn't really need to worry too much about their day-to-day security, right? I mean, people had passwords that they had since second grade and things. That has changed a lot with AI, but also just from a learning standpoint, it seems like organizations are now approaching that more holistically across the organization. How do you look at really educating and upskilling every worker to understand their role in the security and risk of an organization?

‍

TREVOR HOUCK:

Yeah, that's a really good question. One that we get a lot. I think a lot of it is around increased awareness of certain actions or configurations or setting up a tool. So, for example, if we have an engineer out in the field setting up a relay at a transmission substation, In order to get it to work, they may open up every single port and protocol that's allowed on that device. They may open up access wherever for the troubleshooting process of getting it working, right? And it may check the box where it's working, but it also greatly expanded the attack surface of that device being able to be compromised. And so trying to set up uh devices applications offer in a way that meets the minimum requirements for connectivity and what what the goal of that device is to support the business and and restricting everything else is a big win and so understanding that we're not just in a space where we need something to work but we need it to work and be secure and it's it's also the human element too of humans Most of us generally like to be help fit, right? So when someone comes to ask for help, you have a natural tendency to want to be nice, to want to be helpful. But when you understand the ramifications of Maybe there's more at play here than being nice and being helpful, but we also need to understand what's the impact to the business if I grant elevated permissions to this user who's asked me to request that didn't go through the proper channels to just buy this, or opening up a piece of software or hardware to more than it needs to for business operations.

‍

MELODY BRUE:

And that security, that endpoint security is so important. And it's something that I sometimes get just shocked by where something was hacked because of somebody's smart toothbrush. And so if you can get through a toothbrush, you know, any endpoint out in the field is probably just as susceptible and has to be just as protected, right?

‍

TREVOR HOUCK:

Right.

‍

MELODY BRUE:

Let's talk a little bit about the Armis and acquisition and what that means. ServiceNow is Armis acquisition and what that means for you and your partnership and hey, how do you go out into your customers together with that new story?

‍

TREVOR HOUCK:

I was extremely excited to read about that announcement. I've been working very closely with ServiceNow over the last number of years, embedding their security products into our solution and our approaches. But as another job that I had inside of Accenture leading to security practice, was also managing our existing Armis alliance and partnership. And so it was a very natural connection there to bring that in. And I'm very excited. I've been working with the ServiceNow OT team for a number of years now. And as we're building out a managed service dedicated to OT, IRM, and TPRN, we're forward thinking right now in the building phase of what is the integration of Armis look like with this? I think ServiceNow has a great opportunity to essentially simplify the process for a lot of customers who recognize the need for doing better in OT security from not only a risk perspective, but just simply from just a visibility perspective of getting to the foundational build-up. I need to understand what all my assets are. I need to know what they're doing, what other devices they're talking to, what's their function in the organization, and then harnessing that base layer of its ability into ServiceNow's workflow engine for automation, leveraging AI control towers to make decisions on what to do next is just a win-win all around. Very exciting time to be in ServiceNow's security business.

‍

MELODY BRUE:

Yeah, it looks like a big opportunity and certainly a lot of excitement around it. Well, this was great. Very helpful. Thank you for joining us. Is there anything else you want to share before we wrap up?

‍

TREVOR HOUCK:

Thank you for your time here. No, I'm just very excited. I'm—in a very pivotal part in my own personal career, but also where we're going with Accenture and ServiceNow, and looking forward into the future.

‍

MELODY BRUE:

Good luck. It looks like good times ahead for both.

‍

TREVOR HOUCK:

Thank you very much.

‍

MELODY BRUE:

And thank you for joining us for this episode of Six Five On The Road. I'm Melody Brue. Please check out the socials and also on Six Five.com for more videos and we will see you next time.

‍