Leveraging Tavro AI Agents to Auto-Generate AI Risk Assessments in ServiceNow AI Control Tower

Sunil Soares, Co-Founder & CEO, Tavro
Sanjeev Varma, Co-Founder, President & COO, Tavro
Antonio DiPerna, ServiceNow Platform Owner, BankUnited
Pierre Gomes, Director of Enterprise Risk Management, BankUnited

August 11, 2025

ServiceNow AI Control Tower Overview
ServiceNow AI Control Tower is a centralized platform that provides end-to-end oversight, governance, and orchestration of AI across the enterprise. It offers real-time visibility into all AI models and agents—native or third-party—while ensuring compliance, performance monitoring, and strategic alignment with business goals.

In a previous blog, the Tavro team discussed the key features, capabilities and opportunity areas for ServiceNow AI Control Tower.

The Case for Automating AI Risk Assessments
Each AI use case needs to have an AI risk assessment. If there are hundreds of AI use cases or shadow AI systems, this may potentially require hundreds of risk assessments. This could overwhelm the risk management and AI governance teams. In this blog, we discuss two use cases to agentify AI risk assessments within AI Control Tower using Tavro AI Agents.

AI-Assisted Risk Assessment Flow

The overall flow for AI risk assessments in ServiceNow AI Control Tower is shown below.

In the remainder of this blog, we discuss each step:

Submit AI Use Case
The owner of an AI use case initiates the request for review through ServiceNow AI Control Tower. Once the use case is created, it is submitted to the AI Governance team for evaluation.
Classify AI Use
At this stage, the Tavro AI Agent performs an initial review of the submitted details. The Tavro AI Agent auto-classifies the use case as “Other,” based on the criteria defined in Articles 5 and 6 of the EU AI Act.
Generate Initial AI Risk Assessment
The Tavro AI Agent also generates suggested values for critical AI risk dimensions, including bias, reliability, explainability, accountability, and privacy.
Update AI Risk Assessment
The AI Governance team then reviews the Tavro Agent’s automated analysis and may update or refine the content as necessary. This automation significantly accelerates the risk assessment process, reducing turnaround times and minimizing friction in the AI innovation lifecycle.
Update CMDB
During the AI Risk Assessment life cycle, the AI Agent could also be configured to trigger automated updates to the CMDB AI attributes, following the decision of the AI Use Case approval and/or rejection for implementation.
Update Other Records
The ServiceNow team may also update other records. For example, the Vendor Management Team may initiate a task in ServiceNow Third-Party Risk Management (TPRM) to add AI usage clauses into Vendor Master Services Agreements (MSAs).

Leveraging Tavro AI Agents to Auto-Generate AI Risk Assessments in ServiceNow AI Control Tower

Recent Posts

Auto-Generating Business Cases in Collibra Using Tavro Data ROI Agent

Tavro AI Agent For Collibra Adoption Assessment Highlights Areas for Improvement with Round-Tripping of Next Best Actions Back into Collibra

Shadow AI in Higher Education: Responsible AI Policies with an Irresponsible Lack of Detail

Shadow AI Governance with ServiceNow CMDB

ServiceNow AI Control Tower – Capabilities & Agentification Opportunities with Tavro AI Governance Agents

Tavro AI Agent For EU AI Act Risk Classification with Microsoft Purview