Benny Morgan
Karla Spencer
Key Takeaway: ServiceNow acquires Armis for $7.75 billion to expand AI-powered security capabilities, signaling industry consolidation around integrated platforms.
ServiceNow Scoops Up Armis in Historic $7.75 Billion Security Deal
Enterprise software giant ServiceNow has agreed to acquire Armis, a leading cybersecurity exposure management startup, for $7.75 billion in cash—marking ServiceNow’s largest acquisition to date. The deal represents a significant bet on the future of artificial intelligence-driven security as organizations grapple with increasingly sophisticated digital threats and the challenges of managing complex, interconnected technology environments.
The acquisition announcement, made on December 23, 2025, underscores how major technology platforms are consolidating cybersecurity capabilities under unified ecosystems. Rather than relying on point solutions scattered across multiple vendors, enterprises are increasingly demanding integrated security platforms that can see, prioritize, and act on threats in real time.
What Armis Brings to the Table
Founded in 2015, Armis has emerged as a critical player in cyber-physical security—a specialized domain that manages risks across information technology (IT), operational technology (OT), the Internet of Things (IoT), and medical devices. The company’s flagship platform, Centrix, offers real-time visibility, risk assessment, and proactive protection capabilities that extend well beyond traditional IT security boundaries.
According to the latest figures, Armis has achieved $340 million in annual recurring revenue (ARR) with year-over-year growth exceeding 50 percent. This impressive trajectory reflects strong market demand for solutions that can address the expanding attack surface created by connected devices in critical infrastructure, manufacturing, healthcare, telecom, retail, and logistics sectors.
Armis notably reached a $300 million ARR milestone in August and was valued at $6.1 billion in a November 2025 funding round led by Goldman Sachs and CapitalG (Alphabet’s venture arm). The company has about 950 employees and was backed by prestigious venture investors including Sequoia Capital, Insight Partners, and others who collectively invested $1.45 billion in the startup.
One of Armis’s distinguishing technical features is its agentless security approach—it discovers and monitors devices without requiring software agents to be installed on endpoints. This capability proves especially valuable for protecting IoT devices, medical equipment, and industrial control systems that cannot run traditional security software.
The Strategic Vision: A Unified Security Stack
ServiceNow CFO Gina Mastantuono stated confidently: “Our security stack, with the acquisition of Armis, is very well positioned, so we won’t need to do any more M&A in the security space.” This declaration signals the company’s intention to offer a comprehensive, end-to-end security solution without additional major acquisitions.
The combined platform aims to create what ServiceNow describes as a “unified, end-to-end security exposure and operations stack” capable of seeing, deciding, and acting across entire technology environments. For organizations drowning in tool sprawl, this consolidation offers the promise of simplified operations and better security outcomes.
Amit Zavery, ServiceNow’s president and chief operating officer, emphasized the agentic AI angle: “In the agentic AI era, intelligent trust and governance that span any cloud, any asset, any AI system, and any device are non-negotiable if companies want to scale AI for the long-term. Together with Armis, we will deliver an industry-defining strategic cybersecurity shield for real-time, end-to-end proactive protection across all technology estates.”
Yevgeny Dibrov, Armis co-founder and CEO, added: “Armis safeguards the most vital environments and provides comprehensive real-time intelligence and management across entire cyber-physical attack landscape. ServiceNow contributes strong security workflows that enable organizations to convert intelligence into coordinated, repeatable actions.”
ServiceNow projects the deal will triple the market opportunity for its Security and Risk business, which already generated more than $1 billion in annual contract value during the third quarter of 2025.
The Market Reaction: Consolidation Meets Strategy
Cybersecurity analysts largely applauded the move while offering cautionary notes about its broader implications for the industry.
Scott Bickley, an advisory fellow at the Info-Tech Research Group, observed that ServiceNow is pursuing an integrated platform strategy rather than remaining a point solution: “ServiceNow is basically saying ‘We don’t want to be a point solution. We want to be the platform by which you coordinate and solve all of your problems.'” He noted this trend mirrors what happened in the enterprise resource planning (ERP) market, where large vendors increasingly dominate by bundling capabilities.
Kaveh Ranjbar, CEO of Whisper Security, highlighted that the acquisition signals an industry-wide acknowledgment: “For decades, the CIO’s white whale has been a precise, real-time Configuration Management Database (CMDB). Most are outdated the moment they are populated. This is an admission that in an era of IoT, OT, and edge computing, you cannot rely on manual entry or standard agents anymore.”
Sanchit Vir Gogia, chief analyst at Greyhound Research, characterized the deal as transformational: “This acquisition represents a fundamental repositioning of ServiceNow from a coordination layer into an operational authority. Buying Armis is not about expanding a security portfolio. It is about owning the upstream constraint that determines whether modern enterprises can govern complexity at all.”
Recent Developments: A Broader Security Push
The Armis deal caps off an exceptionally active year for ServiceNow’s security expansion. Just three weeks earlier, in December 2025, ServiceNow announced its acquisition of Veza, an identity security company, for approximately $1 billion. Veza’s core technology—the Access Graph—maps and analyzes access relationships across human, machine, and AI identities, providing visibility into who has access to what resources and why.
Earlier in the year, ServiceNow finalized its acquisition of Moveworks for $2.85 billion, gaining advanced AI capabilities for building scalable autonomous agents. These three acquisitions form a coherent strategy: visibility (Armis), identity governance (Veza), and autonomous action (Moveworks).
Together, these platforms enable organizations to address what many security experts describe as the critical challenge of the agentic AI era—governing autonomous systems that operate at scale while maintaining security, compliance, and auditability.
Historical Context: ServiceNow’s Security Evolution
ServiceNow, originally known for IT service management and workflow automation, has steadily built its security presence over recent years. The company introduced its AI Control Tower in May 2025, a centralized platform for managing, monitoring, and securing AI agents, models, and workflows. Within just seven months of launch, the AI Control Tower achieved its full-year new annual contract value target, illustrating strong market demand.
ServiceNow’s acquisition activity reflects a broader industry trend: major software platforms recognize that security must be embedded into the operational fabric rather than bolted on as an afterthought. The company’s statement about combining assets emphasizes that Armis data will power ServiceNow’s AI Control Tower, enabling real-time exposure intelligence to inform automated security workflows.
For context, Armis itself represents a significant evolution in cybersecurity thinking. Traditional security operates reactively—detecting and responding to attacks after they occur. Armis pioneered what the company calls “shifting left the boom”—using advanced AI engines and deception technologies to identify threat actor behaviors before attacks materialize. The company’s Early Warning system has identified threats anywhere from 75 to 693 days before they appeared in official government vulnerability catalogs, providing unprecedented advance warning capabilities.
Deal Timeline and Regulatory Considerations
ServiceNow expects the acquisition to close in the second half of 2026, subject to standard regulatory approvals and closing conditions. The company plans to fund the transaction through a combination of cash on hand and debt.
The extended timeline reflects both the complexity of integration and the evolving regulatory environment around technology acquisitions. U.S. regulators and others have increasingly scrutinized large technology companies’ acquisitions of cybersecurity startups, concerned about potential competitive impacts. However, ServiceNow’s strategic positioning as a workflow and orchestration platform, combined with Armis’s asset discovery capabilities, appears to complement rather than replace competing offerings—a factor that may facilitate regulatory approval.
Industry Implications: The Platform Wars
This acquisition signals a significant shift in how enterprises will purchase and deploy security solutions. Rather than piecing together best-of-breed tools across multiple vendors—a strategy that has dominated enterprise security for the past decade—organizations increasingly face pressure to consolidate around integrated platforms.
Yvette Schmitter, CEO of the Fusion Collective consulting firm, framed the deal as exposing deeper enterprise IT challenges: “This acquisition exposes more than ServiceNow’s strategy. It reveals the architectural debt hiding in every enterprise security stack that CIOs have been promising to address ‘next quarter’ for the past three years.”
For security teams, the acquisition validates that continuous asset discovery and visibility form the foundation of modern security operations. Without knowing what is connected across IT, OT, IoT, and cyber-physical environments, automated workflows and AI governance capabilities lose their effectiveness.
Competitive Landscape
ServiceNow’s aggressive moves position it against other software giants pursuing similar consolidation strategies. Microsoft, long a leader in enterprise security, continues embedding security capabilities throughout its cloud and productivity suites. Salesforce has invested in AI agents with integrated security governance, while Oracle has built autonomous agents with governance frameworks.
ServiceNow’s advantage lies in its deep expertise in workflow orchestration and its established presence in IT operations management—capabilities essential for translating security intelligence into coordinated, repeatable actions across organizations.
Other Related Post form securedetectives.com
- Spynger Review 2026: Best Monitoring App for Android & iPhone?
- ClevGuard Review – Kidsguard Pro Phone Monitoring Tools
- Hackers Steal $2.7B Crypto in 2025: Record Year
- Cybersecurity Acquisitions Surpassed $84 Billion in 2025
- 5 Best Keylogger Apps in 2025 – Secure, Reliable & Powerful Monitoring Tools
Looking Ahead
As the deal awaits closing in the second half of 2026, early value will likely come from integrating Armis’s continuous asset discovery capabilities with ServiceNow’s workflow automation. Full platform value realization will take longer, requiring careful integration decisions about packaging, roadmap clarity, and how capabilities combine across the existing ServiceNow portfolio.
For security leaders, the message is clear: the era of fragmented security tools is ending. The question for CIOs and CISOs is no longer whether to consolidate security capabilities, but whether their organizations will control the timing and terms of that consolidation.
Sources
SecurityWeek, CIO, and Forbes
