A practical guide to building an AI agent that queries ServiceNow as the actual user, not a service account, using AgentCore Identity's On-Behalf-Of token exchange. The Problem Nobody Talks About Everyone's building AI agents that talk to enterprise systems. But here's the thing most demos skip over: security. Picture this. You build an agent that helps employees interact with ServiceNow. Jane asks: "Show me 5 incidents assigned to me." Your agent dutifully queries ServiceNow using a service account, filters by Jane's name, and returns results. Looks great in the demo. Except that service account can see everything — HR complaints, security investigations, executive escalations. If the LLM gets creative with a query, or someone crafts a clever prompt injection, your agent could surface data Jane was never supposed to see. And when the security team checks the audit trail? All they find is "service-account-bot" made the request. Not helpful.…