ServiceNow, Inc. (NOW) Earnings Call Transcript & Summary

Thank you for joining us today. My name is Karl Klaessig. Along with me is Tim Boswell. Tim, if you want to introduce yourself?

Thank you, Karl. Hi, everyone. I'm Tim Boswell, I'm from outbound product management for security operations. And I do want to warn you, I'm not a real product manager. I used to run the security operations center here at ServiceNow. And the reason why I warn you about that is I may throw in a few war stories along the way as we present today.

We're counting on that, Tim. Thanks so much. So I lead product marketing, working with Tim and others in product management. And really looking forward to spending the time with you today to talk about how AI optimizes security operations and response. So again, Karl, Tim, we're going to go ahead and spend that time. And let's jump in now quick, I want to go through the agenda with you. So with the agenda, we're going to spend some time on a bit of a market overview. In other words, why is AI so important? What are some of the challenges we all face out there? A bit about ServiceNow with security operations to kind of make you understand and realize what are the areas we cover and where do we focus to get you a real good feel for where AI comes into play and how important that is. And then Tim is going to spend some time walking through our Now Assist for security operations, our GenAI and where that fits in and where it helps. And we'll go ahead and spend some demo time and then we'll open things up for questions. So straightforward agenda with you all today and looking forward to it. So we're going to dive in right now. And one of the things that we wanted to touch on right away was that current state of cybersecurity. And many of you, I'm sure, like myself and Tim and that been around this quite a while. And we see those same challenges over and over again. This is what these data points tell you, particularly on the side I'm going to touch on quick around prioritization and response, which is that there is that significant disruption as a result of a breach that's still going on. None of that's changed, right? I use a lot of things we've been talking about for a long time. And as threats get more advanced and more entrenched, it's that much more of a potential disruption and that higher risk. And again, these are where AI can really play strongly to help us in that prioritization and that response right out of the gate. And we always are facing the resources. Tim can talk to you from the trenches, as he worked in the security operations center here at ServiceNow. He's been there, done that. And we still have this high number of orgs that have that lack of skilled security workers. So as you hear Tim and I touch on the overall what you can do with automation and that ability to quickly prioritize and get all the right data to the right people. And AI can help with all of that, that's that much more of a capacity to scale team. So that's a very exciting thing for us to share with you today and learn some more about. Tim, do you want to touch on the incident responses and the automation, how that starts to kick in?

Yes, absolutely. So we're talking about here where you see that 43% under manual processes. What we're talking about is that companies that are able to replace their manual processes with automation, and things like Playbooks, they're able to reduce the cost of a breach. And what I'm talking about is not just okay, we've had this breach, and we have to pay out these fines and things like that. But when a breach happens, there's a lot of work that has to be done to contain that and to do that forensics work and gathering all that evidence and the auditors come in, law enforcement might come in, getting outside counsel. And the sooner that you can contain that attack and contain that breach and get it under control and the less forensics you can do, the more money you're going to save. I remember the previous CISO here at ServiceNow hired me. He always used the term, he used to say, have we stopped the bleeding? And what he meant by that was, have we stopped the bleeding so that where we don't have to keep spending money to try to contain this is really what he was talking about. And so that's very important. That's why automated processes are important even if there is a breach, not just when we're talking about containing an attack or something like that. And then the automation and AI, whether it's a breach or whether it's an attack or just responding to incidents in general, there is a huge dollar saving there because we're able to spend less time working on things, the personnel in that security operations center or in that incident response team, they're able to do more things. They're able to take that mundane work that really doesn't require decision-making, and they're able to give that to ServiceNow or they're able to give that to other automation tools and they're able to work on more things or able to work on more important things. And that's where we see a lot of that cost savings. So I think what I'll do is I'll -- Karl, just take it from here for a few slides, if that's all right?

Perfect, Tim. Thank you.

What we're talking about here, and I'm going to start diving down a little bit more into some of the problems that we're solving. So what we're talking about here when we say threats don't care about business silos is when there is an attack or there is a breach, the fact that maybe IT and security aren't getting along. The attackers are not going to care about that. The attacker is going to go in and they're just going to take advantage of that. And if IT and security are not on the same page, they're going to continue to exploit that even further. If there isn't a single system of record, if they're not speaking the same language, if they're not looking at the same asset information, if there are things like communication silos, if there's a lot of manual process, a lot of passing tickets back and forth or sending e-mails back and forth, which is even worse and trying to communicate over e-mail, the attacker, they're just going to further exploit that. And they're going to get deeper and deeper with regards to their attack, and that bleeding is not going to stop. And what we do is, we looked at some of the research out there regarding whether or not our customers and the industry in general feels like automation and collaboration between security and IT is important. And everybody has said that not only is it important, but it's really important. The ability to get IT and security to cooperate is extremely important. I remember when -- back when I first started out doing security, I used to think everybody in IT, they didn't know what they were doing, and I didn't want to talk to them. But it became very apparent to me that we needed them and that they needed us. It was very important for us to collaborate with the IT organization when we needed to respond to an attack. There are things that IT can do that security can't do. There are things about the infrastructure that IT knows that security doesn't know and vice versa. IT needs security to help them keep their infrastructure safe, to better prioritize the things they need to work on. It's not just security throwing things over the fence at IT anymore. It's now that collaboration security can help IT prioritize the things that they need to work on. And IT can help security prioritize the things that they need to protect. And again, what this results in is this results in a lot of cost saving. So that when there is an attack or there is a breach, we're able to save money, we're able to respond to that with less dollars, and we're able to respond to that with less resources.

And I think that's what you'll see consistently, as you hear Tim and I talk today, you see like even in this data point of $2.2 million, AI and automation, AI and automation, there's a lot of that. We continue to invest in AI for years as part of our security operations solution for our customers and for that very reason because it's often an accelerator and an enabler for automation. And also for orchestration. And for the whole process of prioritization, we'll touch on some more of that. But yes, Tim, that was tremendous and to see those type of outcomes, we continue to see that savings increase as more and more folks have added some automation, even the simpler ones like you're talking about, Tim, we're just taking some of the mundane tasks off the table, save time and money. All right. So where do we fit in that? We're basically throughout the process. And I guess one of the big takeaways and Tim, feel free to chime in here is, we really want you to understand that we're done spending our time today, that you can look at this type of slide and this type of content and realize that, look, from prioritization to response to analysis of how we did and in constantly refining and reiterating, that's really the strong point. And Tim and I will spend some time talking through each of those over the next 20 minutes or so. And that's we really want you to leave with because that ability to apply your AI throughout that, whether it be part of the prioritization, driving the accurate response and go in ahead and analyzing report, and we'll talk some more on that as well. But these are really the key areas to remember of where we play throughout the process for you. And as you heard Tim introduce himself and talk about the fact that he's from the SOC, that's where our security operations solution years ago came from. He's been working and supporting our SOC so much. And that's why we drive across that ability to go ahead and take in data from other areas and not have IT be a silo and risk be a silo and security be a silo, et cetera. And by breaking that down and having those sources of truth for data and having that shared access to data, it really makes very efficient use of all 4 of these areas in front of us, but also makes them very effective, and again, goes back to being able to scale those teams. So let's go ahead and spend some more time. Now, I'm going to touch on one more thing before we get there. And that's to really boil the ocean of it to think of where this applies. So when we talk about that automation and where it came from, when you think back to the slide that Tim was showing where there's that capacity to have those separate organizations and not be as effective in communicating, it's really around that triage and prioritize response to the threats and that analyze. These are the 3 core areas. And that's where we're doing our investments in AI very strongly. And you'll see that as we talk more and more into GenAI in a number of minutes here. But really want you to understand and think of this as we're going through the different sections. Because as you can see here, we really call out the values of what you can utilize in our security operations solution to be able to reduce that time. So accelerate prioritization, right, to be able to get to that response quickly, to be able to go ahead and understand how I can look and see what my different teams are up to and the workflows that they put in place and what the efficiency was there so that I can always be refining. That's how you mature the organizations. So very exciting to walk through these sections with you. And Tim, I'm going to go ahead now and move on here and have you take it from there.

Yes. Let me do just a few more slides to set the stage and really level set before we get into Now Assist and the GenAI skills and...

Agreed...

The LLM. Just a few more things I want to talk about that ServiceNow does overall, regardless of GenAI is the ability to prioritize those security incidents through things like automating the assignment or pulling in that business intelligence or that business context that's already in ServiceNow. I remember when I first started doing incident response and first started working in -- the first time I worked in a Security Operations Center, I was overwhelmed because there are just so many alerts coming in, so many incidents that were being worked on, so many events that we had to look at. And I remember, I asked the supervisors so how are we going to keep up with this? And he said, "The only way we can keep up with this is by -- is through prioritization, by prioritizing the alerts and the events and the incidents. " That's the only way we're going to stay ahead of this. And so that was one of the first things that we built in the security operations within ServiceNow is the ability to use ServiceNow to prioritize and to automate the response, automating the assignment, who's the best person to be working on this, if there are other tasks that need to be worked on. Again, that collaboration with IT, maybe we need some IT people to do something, automatically creating those tasks and assigning that to them. And by doing so, what we're able to do is we're able to cut that incident triage time in half. And we're almost able to cut that investigation time in half as well. And so we're able to take things that, again, don't require human judgment, don't require human decision-making. We're able to automate those and we're able to make things so much faster for those who are using the applications within ServiceNow. We're also able to increase collaboration and increase our response time. So not just assigning those incidents, not just figuring out who needs to work on those, but also automating those orchestration events. We're talking about the OAR in [ SOAR now ]. And so we're able to do things through our playbooks and our workflows, the things that are already built into ServiceNow. We're able to leverage what ServiceNow is really good at, which is automating workflow. And we're able to automate the response to these incidents and then through our built-in integrations with those other security tools, we're able to automate the orchestration of that response as well. So the alert or the event comes into ServiceNow, the automation of ServiceNow takes over, correlates all that data that's already in ServiceNow or that we're pulling in and allow certain things to happen that would normally require a lot of time and a lot of manual effort. If there's a decision point that needs to be made, ServiceNow will allow that security analyst or that SOC manager to make that decision. And then the automation takes over again, for example, like triggering that endpoint detection response tool to go isolate that laptop or triggering a block of that malicious IP address or that malicious URLs so nobody else goes to that or we're able to stop maybe that password spray attack coming from those IP addresses. So by automating those activities, we're able to respond and stop the attacks so much faster. And again, we're able to decrease the resources that we have to spend and the amount of money that we have to spend responding to those attacks and responding to those breaches. And then the other thing that we're able to do within ServiceNow is we're able to handle major security incidents or those security crisis events or those all hands-on deck type incidents. So something, again, that ServiceNow is really good at is integrating with all those tools and providing collaboration across various teams. So within ServiceNow, the security application, it's scoped off so that only the security team has access to that and we're able to control access to the application, to the data within the application and the various fields and things like that. But during a major security incident where we need to bring in maybe the legal team or the networking team or the data center team, we want to be able to collaborate with them, but we don't want to give them access to that security application. So we're able to use our collaboration tools and our chat tools and our conference tools that we already have in our environment through the integrations with ServiceNow. We're able to do things like trigger a Teams chat or trigger a SharePoint repository or trigger a Slack chat with all the people that are responding to that incident. Or if we want to spin up a conference bridge, we can do so from within ServiceNow. Why that's important is because in the old days, when we would have a security crisis or a major security incident, I used to have to swivel chair over to Zoom or Teams, and I have to stand up that conference bridge and figure out, okay, who do I need to add to all these conference bridges? And who do I keep track of it? How do I keep track of, who joined them and when do I do all that? And then after the event was over and the lawyers would show up and the auditors would show up, they would have a field day on me because I couldn't tell them which conference bridge had this person and what we discussed and all that. And so that's one of the great things that we have with major security incident management is that's all in ServiceNow. And so we're able to again, respond to that incident faster, respond more collaboratively, save time, save resources, save money. But then after that, major security incident is over, and everybody shows up and wants to know what happens or what happened or if we have to turn things over to litigation or turn things over to law enforcement. We don't have to do a whole bunch of archeology and figure out what happened. It's all right there in ServiceNow.

Yes, this -- when you're talking through major security incident management is just -- honestly, Tim, I think of this as just a definition for almost what we do, right? Because that ability to collaborate across like Tim was talking, but also to tie in like HR, legal, et cetera. And when you look at task management and other capabilities in there, that means they've got that report at their fingertips. So like Tim was saying the auditor is built it. That's a tremendous piece of the pie. And also in both of these slides, Tim, one of the things you love to point out for darn good reason is the fact that you can have multiple playbooks tied in, which is a big deal, particularly when you get to the likes of having these workflows that are part of IT and other organizations, right?

Yes. Yes. In the old days of ServiceNow, I could run around the Santa Clara campus and round everybody up and get them in one conference room and write on a whiteboard what I needed everybody to do. And then every 60 minutes, we would go around the room and do a status report. But as ServiceNow got larger, and we are in multiple cities, in multiple countries, when we'd have a major security incident, I couldn't get everybody into one conference room. So what I needed was, I needed that virtual crisis room. Or I needed that virtual war room, if you will, and that's what this does for us. That's what ServiceNow is doing for us.

I love it. That was great, Tim. And it is such a -- I don't want to say a poster child, but it's such a prime example of how we can help customers that way. Really tie in all those different constituents that should be a part of successfully addressing a major incident. So very exciting piece. And with that, I'm going to talk a bit about report, review and plan. So one of the things you heard Tim and I, both touched on even in the last slide is that track record of everything that's gone on, right? And one of the very exciting things that we help customers do is be able to do that analysis. We have these efficiency dashboards. And not only that, but you can drill into those and understand to your analysts, your workflows, et cetera, how are you doing? How are they doing? Incredibly effective for you to know where you need to tighten up some of your playbooks and workflows, make sure you have the right folks in there because you can actually hold those teams accountable and understand exactly how well they performed. And this is so rigorous that we even had a customer talk to us recently at the fact that they use this to plan for what trainings they're doing throughout the year with their teams. And one of them said it even reduced the hiring process, because they could walk through these type of analytics and show that person for onboarding, these are the most effective ways and workflows and things that work on an ongoing basis. I mean, those are just tremendous insight. So it's a little way beyond what we would all call reporting, right? It truly is that insight does allows you to plan appropriately to be able to make sure that you're always shaping and forming and maturing the organization and the workflows. And again, this is a great shining spot with the likes of AR with summaries and et cetera, AI can really kick in strongly. So great outtakes from there, and that's one of the things that I tend to get on a bit of a soapbox about because it has such an overall value, your capacity to do everything that Tim and I have talked about and then actually be able to evaluate it right into the weeds to a level of the analysts and the workflow is a tremendous asset for building for the future and for planning for your teams as well. So Tim, with that in mind, I think we'll go ahead and dive into introducing here with AI. So I'm going to talk a bit about what we do with AI and what we call our Now Assist for security operations. And we've invested a tremendous amount in AI along the way. As Tim and I mentioned earlier, and we go ahead and we have these GenAI models. All of these are open source models. We're constantly refining them. Our LLMs also take a look at all the things you would expect, but also particularly taking advantage of the insights that we have into application workflows and et cetera, that really have been a result of the AI ongoing evolution we've had at ServiceNow. So you really drive those intelligent workflows. So what we're going to focus now on is talking a bit and introducing what we do with that in terms of Now Assist so what you would think of as GenAI. And that's where we're going to dive into at the moment. So we often think what can it do? And one of the things we know it's absolutely capable of doing is what it's been doing all along for our teams out there and helping out in security operations, which is quickly boosting that analyst productivity, all those things we talked about, able to go ahead and help mature those teams. That touches on the reporting, all those summarizations and et cetera that I just mentioned in the previous slide going through there. And then the ability to take that and actually have that be a part of the responses. You heard that automation, that capacity, that Tim was talking about and an ability to take what happens in the analysis and apply that to what you're doing in your playbooks and in your workflows across the board. So it's reflecting that. So as you would imagine, we use the word force multiply, probably an overused word. But at the end of the day, it really does drive an increased capacity, right? It makes them feel like they have this brilliant AI piece on their side, which they do. And that's a real super capacity for them and really can go ahead and multiply. So there's nothing wrong with that statement, and we're very excited to bring that to our customers. And what I'm going to do now is we'll talk a bit about Now Assist for security operations. And then Tim is going to spend some more time with you. So we're very excited to introduce this. I want to make sure you understood those focus areas of where we're investing in it. And now we'll go ahead and Tim will have you dive in a bit here.

Yes. Let me get into the good stuff now. The GenAI offering. But I do kind of -- I just want to kind of piggyback on Karl's statement about the force multiplier. I learned early on when I was trying to build out the SOC for ServiceNow is you can't hire your way out of the problem. And so what we're trying to -- yes, what we're trying to do here is we're trying to find ways to allow people to do more. And not just do more of that mundane work, but actually do more meaningful work. And it got to the point where as we started building in automation and ServiceNow and now with our GenAI offering, it feels like we're actually creating FTEs because we're giving so much time back to those analysts. So the first skill that we're talking about is the ability to summarize security incidents. And why that's important is because most security operation centers have shifts. They might be follow-the-sun security operations center, where one SOC hands off to another SOC, or it might be like one of those big large 24/7 SOCs where people come and go throughout the 24-hour period. And oftentimes, incidents will be handed off from one shift to another. And sometimes it's multiple incidents. And yes, you might do like a shift handover call or something like that. But you can't fit everything into that shift handover call or maybe somebody got an incident assigned to them. And the last person who worked on it, they were 2 shifts back. And they've already gone home for the day. And prior to the ability to summarize security incidents, what you would have to do is you'd have to read through all those work notes or all those case notes or all of that activity stream to figure out, okay, what happened before I start working on this. And so what we've done is the first skill that we've released is the ability to use GenAI or ServiceNow's Now Assist to summarize that incident to go in and say, "I want GenAI to summarize this incident and just give me what I need to know so I can get working quickly." And I'm not wasting a lot of time reading through a bunch of work notes and scrolling through work notes, and I might miss something really important. So you're leveraging GenAI to do that. Or maybe it's an incident that an executive is interested in. So I will tell you that this is something I would love to have had when I was running the SOC because there were so many times, there was like a priority 1 or priority 2 incident, and I would get a call from the CISO or the CIO or another VP level person who would say, "Hey, what's going on with this incident? Or what's happening there?" If they had access to our security application, and I could have just pointed them to the incident and they could have used the GenAI to generate that summary. That could have saved us both a lot of time because then I wouldn't have had to stop what I was working on and figure out what was happening and give them an update. Or they wouldn't have had to waste a lot of time trying to find me. So that way I can provide them that summary or maybe they didn't want to have to listen to me drilling on and on and on. Maybe they just wanted to get that important stuff. And so this would have been great. I wish we would have had this when I was running the SOC. And we think this is a great skill that is going to save a lot of time and save a lot of headaches.

It's a good point that you made, Tim, because executive reporting is more critical and used than ever, right? I mean when you and I started out years ago, most of your C levels, the C minus 1 or 2s, if you said SOC, you have to define that for them. Now they know exactly what we're talking about, right? And they want to know what's happening with the top 5 incidents, that type of thing. So you're golden on that. It's a great call out, Tim.

Yes. The second skill that we've released is very similar. It's very similar to that. But here, what we're doing is we're generating those resolution notes to provide closure -- faster closure of the incident. So within the application, it allows the analysts when they're closing out that incident to provide a summary of what they did and how they closed it out and everything. And this is something that our customers have said that they require so that way they can pass audits or if something goes to litigation. Or just if they need to do quality control or quality assurance of the incidents and how they're responding that they want to go in and they want to look at that closure summary, those resolution notes. And the other thing, though, the flip side of that coin is our customers have said that it's also not good use of that security analyst time. It's not a good use of their time. They need to quickly close out that incident and move on to the next one. And so this is the other skill that we've released now is the ability to use Now Assist, our GenAI product to generate those resolution notes and try to remove that report writing time away from the analysts, get that off their plate. So they could just use GenAI to produce that. They review it. If they're happy with it, then they're good. They're closing out that incident. They're moving on to the next one. If there's 1 or 2 things they need to tweak, they can go in and they can change that very quickly. But again, the idea here is saving a lot of time and moving on to that next incident. So that way, they're not spending time doing report writing when they should be go out and looking for bad people who are trying to attack their infrastructure.

And this is great content that can be used for the reporting I was touching on earlier because this could be pulled in and help as part of that analysis of shaping of the next round of playbooks and things like that.

Absolutely. Absolutely, yes. The third thing I want to say is the ability to use the Now Assist panel and use the natural language queries to do this as well and take this just a little bit further. So this isn't an additional skill. What we're doing is we're leveraging those 2 skills and by using them in the analysis panel, then we can ask some questions as well. So after we've done that incident summarization, if there's a couple of questions we want to ask, we can do that. We can ask the GenAI certain questions like, oh, which employees are actually affected? Or which assets are impacted by this incident? If there's something a little bit more specific we want to get. And again, maybe we don't want to go and hunt and pack through all those different fields, maybe we don't want to have to read through all those work notes because this is an incident that's been going on for a long time. We just want to get that specific information quickly. And so the ability to go into the analysis panel and use our own natural language query to grab that information and get that and then move on and do the next bit of work that we need to do, we feel that that's really important. And so that's what we've done here. So to summarize, again, the 2 skills, the first skill is summarizing security incidents using GenAI, so that way, we can much more quickly comprehend what's happening with that incident. Maybe we -- it's just been assigned to us. We want to understand what's happening or maybe an executive just wants to go in and understand what's happening. Or maybe that SOC manager said, "Hey, this incident, somebody is working on this. It's been going on for a long time. Let me go find out what's happening." The ability to grab that summary much faster. And again, generally, those resolution notes using GenAI. So that way, we're not spending a lot of time doing report writing and trying to think of like, how do I best summarize all this work that I've done for the last several hours or even last several days? A lot of security analysts will get writer's block. And so this is one way to avoid that is to just let GenAI do it. And then again, the third thing is to use our natural language query in that analysis panel through certain specific questions that we want to ask. So where are we seeing value out there amongst our customer base? These are just a few real-world examples of customers that are achieving value with ServiceNow security operations. These are not -- I want to be clear. These are not customers that are using Now Assist and are not using GenAI yet because we've just released it. But we do want to show you where we are seeing customers that are saving money, saving resources, responding to incidents faster, getting that return on their investment and really seeing value in ServiceNow security operations even without having added GenAI into it yet. So just a couple of things I want to point out, the ability for these banks to reduce the amount of time that they're spending investigating incidents, the annual savings there amongst the health care customer and because they automated and streamlined their processes by using our playbooks, the amount of money that they're able to save there. And then likewise, we have a lot of government agencies that have adopted ServiceNow security operations. And they're seeing huge amounts of cost savings and budget savings by moving a lot of their manual processes over to ServiceNow automation and using our playbooks and our workflow to streamline and optimize efficiency there.

And if I can, Tim, one of the things that reflects to the AI that we've done all along and now this should be that much more supercharged in the future, right? One of the things that fits so strongly, and you heard Tim and I touch on is that scalability. So when we see 4x to 5x of improved ROI in those workflow efficiencies, that's a real strong call out to AI that we've done in general in the product and now look for some more there that we'll be excited to report on in the future.

Yes. Yes. So I really like this slide because that's a question I get a lot is our customers actually seeing value in these applications. Our customers who have adopted security operations from ServiceNow, are they, in fact, seeing value? And the answer is yes. Yes, they are. And so here are just a few examples. The other thing that you're probably wondering is, hey, so these Now Assist skills and all this GenAI, this sounds really great, but what does it actually look like? Well, we do have a demo that we want to show you. So Sarah, who is my teammate, She's put together a brief demo to show you what Now Assist actually looks like in security operations. [Presentation]

All right. I hope that made that much clearer. And you can see now how much time this is going to save you. You could see how many resources this is going to save you, and you can see how much money and budget this is going to save you. So I hope this was well worth everybody's time. We do -- I think we made it in that we do have time for a few questions. So Karl, I don't know if you want to take it from here and maybe tee up questions we have so far?

Absolutely. And a big call out to Sarah and the team for an excellent demo that's right on the spot to give our attendees a real good insight into what they can do with Now Assist.

So let's dive into a few questions, Tim. So I can take this one, but is Now Assist for security operations backwards compatible? So many of your current customers, if you're looking at it from a Washington, Vancouver, what is the latest release perspective. The answer is that it must be on the new release that just went out the door of Xanadu. And that's the language dependency on the LLM. So not something to be aware of. And with that LLM model in mind, Tim, this is one for you. Our customers, their [ SIR ] security data, is that used to train that LLM model?

No, no. No, it's not. It -- what we're doing is we are not looking at customers' incidents and the data in those incidents to train those LLMs. That's being done at the platform level. And so if you're thinking like, wow, I'd really like to use GenAI, but I don't know if I like ServiceNow looking at the information I put in the fields of my security incident. That is not the case. That is still your data, and we're not looking at that. And so that is not being used to train the LLMs.

Yes, it's a good call, Tim. And that goes into this next question really well that they're asking the ability to opt in or opt out from having my data to being shared with ServiceNow, like you just talked about a bit. And you absolutely have that ability. So you have the control over your data and what you choose to share. Care to add to that, Tim?

Yes. So it's really easy to do. It's in the Now Assist admin UI. So in that demo, when you saw Sarah going through there, she very briefly touched on that admin UI. And whoever has access to that, you may possibly need to talk to your platform team and maybe somebody on the platform team that has to go in. But it's very easy to just click, no, I'm going to opt out, and that's as easy as it is.

Excellent. And then the last question we have, can I configure what can be summarized as that input?

Yes.

What do I want to use in Now Assist?

Yes, you can. Before, I explained that. I would say what you would want to do though is when you're first starting out, I recommend just using what we provide out of the box just to get started. Test that out first, see how you like that, maybe move that to production, see how your analysts like it. I would start with the out-of-the-box until you get comfortable with it. And then once you feel that you're comfortable or maybe you're already really good at configuring Now Assist or GenAI or you have experience working with large language models, then you -- again, you would go into that admin UI, either the platform team can do that for you or the platform team, they can delegate the ability for you to go in, they can delegate the privileges so that way you can go in and do that yourself just short tangent on that. That's something that we strongly recommend to our ServiceNow customers is to consider a delegated admin model that the platform team, rather than become inundated if you will, with supporting all the security applications and all the security integrations, delegating the administration of that to the security team as appropriate for their organization. And so again, that's something that you could easily configure within the admin UI, whether it's the platform team doing that or the platform team delegating administration of that to the security team, whichever works best for your organization.

Excellent. Thanks, Tim. And along that line, here's a great question. And folks, we'll put the KB article in the Q&A section, so you can refer to that. But they asked what measures do you have in place so you can safeguard that customer data that interacts with AI? And there's a great KB article to cover on that. Any comments on that, Tim, and I'll make sure that article gets in there.

Yes. If you don't see that article in the additional information section, it's in our support site, support.servicenow.com and you can just do a search for it. That is a customer-facing article. I know there might be somebody watching this webinar that you're like, well, I'm an incident responder. I actually don't have access to ServiceNow support. Just go to our website, servicenow.com, and then /trust or just do a search for trust. We also have a public-facing website that explains how we secure and defend the customer data and how we are going to safeguard customer data that interacts with GenAI. The one thing that I really want to make clear is this is our GenAI product. It's in our private cloud. It's on our private platform. So it's not -- your data is not leaving ServiceNow and going out to a third-party GenAI application and then coming back into ServiceNow. It all stays within that ServiceNow infrastructure.

Yes, it's a good call out, Tim. And to add to that, Tim mentioned something about going to our website at servicenow.com and you will find a great deal of information about our analysis, our GenAI. And that will be helpful across the board for you whether you're looking at security operations or anything else. There are some great use cases and breakdowns of the LLM and et cetera, that will be really helpful to give you some insights and considerations. So Tim, thank you. That was really great. I'm going to touch base on a couple of quick things here just to get us closed out. Remember that all our information is there. There's some great on-demand webinars. You'll hear some other subject matter on our security operations that Tim and I and others have all contributed to that hopefully are helpful for you. And also the fact that we have World Forums coming up, there's always an opportunity there. And there's -- again, like Tim mentioned, always on the website, there's great information. So with that in mind, just wanted to take the time to thank you for spending the -- almost an hour with Tim and I, and going through this. And hopefully, you learned some really great insights as to how it can help and what our analysis can do for you in security operations. And we appreciate your time and effort in joining us today.