It’s official. ServiceNow confirms it’s $7.75bn acquisition of Armis
ServiceNow, the enterprise AI control tower company has confirmed that it has entered into an agreement to acquire Armis the cyber exposure management and cyber-physical security company for $7.75 billion in a cash deal.
Reported earlier this month, this bet shows that the next security battleground is not just laptops and cloud apps, but the messy sprawl of operational technology, IoT, and medical devices that most companies still can’t properly see.
That’s why this matters: ServiceNow is trying to turn security into what it already sells everywhere else — a workflow problem. Armis brings real-time device visibility and risk prioritisation; ServiceNow brings the machinery of enterprise action: tickets, ownership, approvals, remediation, and governance.
If it works, it pushes ServiceNow closer to a single “system” that can detect exposure and drive fixes at scale, including in hospitals, factories, and critical infrastructure — places where downtime is expensive and patching is slow.
“ServiceNow is building the security platform of tomorrow,” said Amit Zavery, ServiceNow’s president, COO and chief product officer, framing the deal as a response to a world where trust and governance have to cover “any cloud, any asset, any AI system, and any device.”
“Every connected asset has become a potential point of vulnerability,” said Armis CEO and co-founder Yevgeny Dibrov, arguing that the combined company can help customers “take action before an incident occurs.”
And from a buyer’s perspective, JPMorgan Chase’s Larry Feinsmith positioned the combination as a way to create “a dynamic picture” of connected assets and an “AI and agentic powered blueprint” to secure and enable trusted AI.
A push into cyber-physical reality
ServiceNow says the combined offering will create “a unified, end-to-end security exposure and operations stack” that can “see, decide, and act” across an organisation’s full technology footprint — by linking Armis’ agentless discovery and threat intelligence with ServiceNow’s workflows and CMDB-style business context.
The strategic logic is clear: security teams can’t fix what they can’t inventory, and many of the hardest-to-monitor assets sit outside traditional IT — industrial systems, legacy devices, unmanaged endpoints, and equipment that can’t be easily taken offline. Armis is built for that “cyber-physical” edge; ServiceNow wants to be the layer that turns insight into action across the enterprise.
The numbers, and what they signal
ServiceNow says the deal is expected to more than triple its market opportunity for security and risk solutions, and it pointed to momentum in its existing business: its Security and Risk segment crossed $1 billion in annual contract value in Q3 2025.
Armis, meanwhile, says it has surpassed $340 million in annual recurring revenue, with ARR growth above 50% year-over-year, and employs roughly 950 people.
ServiceNow expects to fund the purchase with a mix of cash on hand and debt, and the companies say the deal should close in the second half of 2026, subject to regulatory approvals and other customary conditions.
What to watch next
The press release sells a clean story: visibility and workflows shows proactive security. Reality is usually messier. The hard parts will be integration depth, product overlap, and whether customers trust a single platform to span IT security, OT risk, and emerging AI governance — without turning into a heavy, slow “suite” that tries to do everything.
If ServiceNow can keep Armis’ discovery and data advantage intact, and make remediation feel automatic rather than bureaucratic, the deal could reshape how large organisations operationalise security. If it can’t, this becomes another example of a strong point product getting diluted inside a larger platform promise.