Bug Bounty Research Triggers ServiceNow Security Alert

**Executive Summary:** Authorized bug bounty testing of ServiceNow produced activity that customer monitoring tools flagged as reconnaissance and exploitation, leading to widespread false-positive alerts and unnecessary incident response activity; the report explains how research on shared SaaS infrastructure can appear indistinguishable from attacks, outlines common research behaviors that trigger alerts, and recommends vendor notification channels, SIEM contextualization, SOC triage playbooks, and vendor accountability to reduce future disruptions.