Ivanti Sentry Root Bugs , ServiceNow Tenant Leak , Anthropic
Ivanti Sentry root bugs, ServiceNow tenant leak, and Anthropic's LLM ATT&CK Navigator
Hey guys, Mr. Technology here — let me break this one down.
What You Need to Know: Three security stories from the same week, all of which the AI-agent threat model makes materially worse. Ivanti disclosed two critical bugs in Sentry (CVSS 10.0 and 9.9) that allow unauthenticated remote attackers to get root on the gateway. ServiceNow patched a misconfigured endpoint that let unauthenticated attackers query customer instances for almost two weeks. And Anthropic published an LLM ATT&CK Navigator mapping 13,873 technique observations from 832 banned accounts onto MITRE ATT&CK.
Why It Matters
- Both Ivanti and ServiceNow are in the agent access path. Ivanti Sentry sits in front of enterprise apps; ServiceNow is where half of large-company IT tickets live. If you're running AI agents that touch either of these — and you should be, if you want the agents to do anything in an enterprise — your threat model just got bigger.
- The ServiceNow leak is the more worrying of the two. Ivanti bugs need a patch (and a well-resourced attacker to exploit). ServiceNow was actively being queried by attackers from June 2 until the patch. If your ServiceNow instance was in scope, your customer data may have been exposed. The "directly notified affected customers" framing is not the same as "no one was affected."
- The LLM ATT&CK Navigator is the most useful artifact of the three. It's the first public dataset that maps how AI-enabled attackers actually behave in the wild. The 33% → 56% jump in medium-or-higher-risk actors is the headline, but the technique-level data is what defenders need.
What Actually Happened
Ivanti Sentry — Per The Register, two critical vulnerabilities (CVSS 10.0 and 9.9) allow unauthenticated remote attackers to gain root or create admin accounts on affected Sentry gateways. The CVSS 10.0 bug abuses an exposed Tomcat API to run injected MICS commands as root. Ivanti has blocked unauthenticated access and hard-coded commands as mitigations, and is urging customers to upgrade to Sentry 10.5.2, 10.6.2, or 10.7.1 immediately.
ServiceNow tenant leak — The Hacker News reports that ServiceNow fixed a misconfigured endpoint that allowed unauthenticated users to query certain customer instances in its Australia release and in some earlier custom setups. Attackers used the bug to run table queries against a subset of tenants starting June 2. ServiceNow traced the issue back to bug bounty reports from April and early June, and directly notified affected customers. There's no public count of affected tenants, but the attack window (June 2 to patch date) is the relevant risk period.
Anthropic LLM ATT&CK Navigator — Anthropic's threat-intel team mapped 13,873 technique observations from 832 banned accounts onto MITRE ATT&CK. Key findings: medium-or-higher-risk actors climbed from 33% to 56% in a year. The most-leveraged AI-enabled techniques are early-stage capability development (T1587 malware development, used by 69% of actors) and defense evasion (T1027 obfuscation, T1562 impairment, T1055 process injection). The highest-risk actors instead drove AI into post-exploitation activity. The Navigator is open and browsable, with technique-level filters.
There's a separate but related story: Anthropic's research on measuring LLMs' impact on N-day exploits found that AI can now reverse-engineer a vulnerability from a public patch in hours, not weeks. The "patch gap" is now a much larger threat surface than it was 18 months ago.
The Take
If you're running AI agents that touch enterprise infrastructure (and you should be, that's the whole point), all three of these stories matter. The Ivanti and ServiceNow bugs are immediate: patch fast, audit your access logs for the ServiceNow attack window. The ATT&CK Navigator is structural: it's the dataset that lets you build a real threat model for AI-enabled attackers, not the vague "AI is making attackers smarter" hand-waving that's dominated security press for the last two years. The N-day research is the most worrying single datapoint: AI has compressed the patch-to-exploit window from weeks to hours. The implication is that patch management, which is already a board-level concern, is now a board-level emergency. If your org isn't patching within 72 hours of a critical CVE, you have a real problem.
Quick Summary
Two critical enterprise-infrastructure bugs disclosed the same week (Ivanti Sentry CVSS 10.0, ServiceNow unauthenticated tenant query), and Anthropic published the first public LLM ATT&CK Navigator with 13,873 technique observations. AI agents in enterprise attack paths are now the default threat model, not the edge case.
Sources: