ServiceNow Automation Surface for W1 (Automation Types)
This document defines the ServiceNow automation surface relevant to W1: Agentic AI Exposure Discovery & Assessment. W1 is focused on making autonomous execution visible with deterministic, evidence-backed assessment.
Scope boundary for this document
Only the following ServiceNow automation categories are in scope for W1 (ServiceNow surface):
- Business Rules
- Script Includes
- Flows / Workflow (and artifacts within those modules)
- Scheduled Jobs
No other ServiceNow automation mechanisms are defined or implied here.
Execution modes
Execution mode describes how the automation is initiated, not who it runs as.
autonomous (in scope for W1)
Execution can occur without an active human session (e.g., schedule, event, record/data change).
operator_assisted (out of scope for W1)
A human initiates a request or trigger, and automation proceeds as a follow-on action (no continuous human control), but the initiation is human-driven (e.g., service catalog).
human_triggered (out of scope for W1)
Requires an active human session/click to execute.
Important: W1 can still bind execution to a human identity in cases where the surface records “run-as” authority as a user principal without implying an interactive session. Execution mode remains about initiation, not identity type.
Automation categories
1) Business Rules (in scope)
What it is: Record-driven server-side automation.
ServiceNow construct: Business Rules (stored in sys_script).
Typical execution mode: autonomous (record insert/update/delete).
W1 scope: In scope when evaluated as an autonomous execution unit.
2) Script Includes (in scope)
What it is: Reusable server-side script libraries called by other server-side logic.
ServiceNow construct: Script Includes (sys_script_include).
Typical execution mode: Not a trigger on its own; participates in the execution mode of its caller. (Enumerated as an autonomous execution type in the provided inventory.)
W1 scope: In scope as part of autonomous execution surfaces.
3) Flows / Workflow module (in scope, bounded by execution mode)
This category includes ServiceNow’s automation modules used to define multi-step workflow logic.
Flow Designer
What it is: Low-code flow definitions and their reusable actions. In-module artifacts (non-exhaustive, as described in provided material):
- Flow definitions (e.g.,
sys_hub_flow) - Reusable actions (e.g.,
sys_hub_action_type_definition)
Execution mode: Can be autonomous when triggered by schedules or record changes; other trigger styles may map to non-autonomous modes.
W1 scope: In scope only when execution mode is autonomous.
Workflow (legacy)
What it is: Legacy workflow activities executed within workflow runs.
In-module artifacts: Workflow activities (e.g., wf_activity).
Execution mode: Treated as autonomous in the provided inventory.
W1 scope: In scope when evaluated as autonomous execution.
4) Scheduled Jobs (in scope)
What it is: Time-based execution (timer/cron).
ServiceNow construct: Scheduled Jobs (stored in sysauto_script).
Typical execution mode: autonomous.
Notable surface attribute: Scheduled jobs can record a run-as / execution identity field (e.g., run_as) as part of the construct definition.
W1 in-scope summary (ServiceNow)
| Automation category | In scope for W1 | In-scope execution modes |
|---|---|---|
| Business rule | Yes | autonomous |
| Script include | Yes | Participates in in-scope autonomous execution surfaces |
| Flows / workflow module | Yes (bounded) | autonomous only |
| Scheduled jobs | Yes | autonomous |
W1 is discovery and assessment of autonomous execution exposure, bounded to deterministic, first-observable evidence, and does not include enforcement, remediation, or drift monitoring.