ServiceNow's Knowledge Conference wrapped up last week, and the message across every keynote was clear. The conversation has shifted from whether to adopt AI to how to scale it, secure it, and make it something enterprises can actually trust.
The concept of trust kept coming up. But the conversation about what trust actually requires in practice, specifically who is accountable when AI acts inside a critical workflow, is one we don't think fully landed. That's the question we want to pick up here.
The attack that changed the conversation
In 2023, attackers brought down MGM Resorts and Caesars Entertainment. Not with sophisticated malware, not with a zero-day exploit, but with a phone call.
An attacker impersonated an employee, convinced a helpdesk agent to reset credentials, and used that access to move laterally and deploy ransomware. The total estimated impact ran into the hundreds of millions of dollars. The initial access method was a conversation.
That attack put helpdesk social engineering on every board's risk radar. But it didn't change the underlying process at most organizations. Agents are still verifying identity with security questions, manager callbacks, and judgment calls, methods that rely on information an attacker can research from LinkedIn, lift from a previous breach, or now generate with AI in seconds.
This is the problem that sits underneath every conversation about scaling AI and building workflows that execute. Before you can trust what AI does inside your workflows, you have to be able to trust who authorized it to act.
The identity question AI can't answer
Identity providers verify accounts. They don't verify humans.
When an agent pulls up a ticket in ServiceNow, they can see which account is associated with the request. What no credential-based system can tell them is whether the human on the other end of the call actually owns that account. The credential authenticated successfully. That's not the same thing as the human being who they claim to be.
This is the space where social engineering lives. A password can be phished. A security question can be answered with information from LinkedIn. A manager's voice can now be cloned in minutes with commercially available tools. None of these attacks defeat the account. They defeat the assumption that the account and the human behind it are the same thing.
According to Verizon Data Breach Investigations Report, 80% of breaches begin with identity compromise. The attacker calling your helpdesk today is more convincing than the one from two years ago, and the verification process most teams rely on hasn't changed.
As AI gets embedded into the workflows handling password resets, account changes, and access requests, this assumption becomes more dangerous. AI moves fast. But the accountability question doesn't disappear just because AI initiated the action. Someone has to be able to answer which verified human authorized this.
That's the identity question AI can't answer on its own. It requires a different kind of verification entirely.
What it looks like when you verify the human, not the account
Most tools give agents more signals to interpret. Nametag gives them a decision.
When a recovery request comes in, the agent sends a verification request from inside the ServiceNow ticket with one click. The employee verifies on their phone, a biometric check against a government-issued ID that takes as little as 27 seconds on first use. The agent sees a clear pass or fail without leaving ServiceNow. No security questions. No judgment call. No new system to learn. The ticket closes with a verified, auditable identity decision attached automatically.
For employees who don't need to reach the queue at all, a self-service recovery microsite lets them verify and reset credentials on their own, in as little as 3 seconds for returning users. The tickets that consistently miss SLA are often the ones that never needed an agent in the first place.
An attacker armed with someone's employee ID, manager's name, and date of birth still can't pass. The system verifies the face, not the answers.
This is what it means to verify the human rather than the account. And once that foundation is in place, every downstream workflow, including the ones AI is running, has something it didn't have before — a verified human at the start of the chain.
Bringing it back to Knowledge '26
The closing keynote at Knowledge '26 asked what it actually means to build progress people trust. It's the right question, and the answer starts earlier in the stack than most organizations realize.
Trust in AI isn't abstract. It's operational. It means that when an AI-embedded workflow handles a sensitive request, a verified human authorized it and you can prove it. It means the service desk isn't a door that a convincing caller can walk through. It means every identity decision is consistent, documented, and defensible.
The organizations that win with AI won't just be the ones who scale fastest. They'll be the ones who were intentional about who was accountable for what it did. That accountability has to be built in from the start — and for most enterprises, the place to start is the helpdesk.
Learn more about the Nametag and ServiceNow integration.
