Custom AI Agent for SAM - Publisher News Researcher

alexpanzare
ServiceNow Employee

I put together a short video that walks through this whole build end to end. If you want to watch it first, it is here:

[https://youtu.be/4eva0_goYWc]

The full written steps are below if you would rather build it yourself or follow along.

 

Why you might want this

If you manage software licenses, your vendors keep changing on you, and private-equity-owned vendors change the fastest. License models shift, audits ramp up, support slips, and security can suffer as teams get cut. The early signals (acquisitions, credit downgrades, end-of-support notices, pricing changes, security advisories) usually show up in the news weeks before they reach you as a renewal quote or an audit letter. This is a small app that watches for all of it automatically and only raises work when something actually matters.

Below is everything you need to recreate it. It is one scoped app with a data model, an AI agent, an escalation flow, and a daily schedule.


Prerequisites

  • Now Assist AI Agents (AI Agent Studio) installed, and Now Assist activated
  • A web search capability on your instance (check sys_one_extend_capability for a "Web Search" record)
  • The sn_aia.admin role on your user
  • A scoped application to hold everything (this build uses scope x_snc_sam_risk, app "SAM Risk Signals")

Step 1: Build the data model

Create two tables in your scope.

Watchlist table, the only thing a human maintains:

  • publisher: Reference to core_company, mandatory
  • active: True/False, default true
  • rationale: String (500), why this vendor is watched

Risk Signal table, the agent's output:

  • publisher: Reference to core_company, mandatory
  • signal_type: Choice with values Ownership change, Financial distress, Audit activity, Licensing model change, Security incident, Other
  • severity: Integer, 1 to 5
  • headline: String (250)
  • rationale: String (1500)
  • source_url: URL (1024)
  • recommended_action: String (1000)
  • reviewed: True/False, default false

Then add a role for the app (for example x_snc_sam_risk.user), give it read, create, write, and delete ACLs on both tables, and create an application menu with a list module for each table.


Step 2: Create the AI agent

In AI Agent Studio, create an agent using the ReAct strategy. Give it a clear role, for example "Software Asset Management risk analyst," and write its instructions as the analytical policy. This build does the following:

  1. Look up every active row in the watchlist
  2. For each publisher, search recent news from the last 30 to 60 days for ownership changes, financial distress, audit activity, licensing model changes, and security incidents
  3. Rank sources by tier. Tier 1 (publisher press releases, SEC filings, Moody's, S&P, or Fitch rating actions) can justify high severity. Tier 2 (Reuters, Bloomberg, WSJ, FT, enterprise and ITAM trade press) supports mid severity. Tier 3 (forums, blogs) is capped at severity 2 and flagged unverified
  4. Apply severity rules. PE ownership plus financial pressure raises severity. A credit downgrade on a PE-owned vendor is at least severity 4
  5. Check existing signals first, and only record a genuinely new development
  6. Create one signal per finding, always with a source and a recommended action

Set the agent config to run with no fixed run-as user so it inherits the invoking user's access. This matters, see the notes at the end.


Step 3: Add the four tools

All four are set to Autonomous execution.

Look up watchlist: Record Operation, lookup on your watchlist table, condition active=true, returning the publisher name and rationale.

Check existing signals: Record Operation, lookup on your signal table. Use a query that scopes to the publisher and a recent window so the dedupe stays relevant as history grows:

publisher.nameLIKE{{publisher_name}}^sys_created_on>=javascript:gs.daysAgoStart(45)^ORDERBYDESCsys_created_on

Create risk signal: Record Operation, create on your signal table. Expose each field (publisher, signal_type, severity, headline, rationale, source_url, recommended_action) as a named input with a one-line description. For the publisher reference input, set the reference metadata (target table core_company and display field name) or the value will arrive unresolved.

Web search: a Script tool, not the out-of-the-box capability tool (reasons in the notes). It calls the web search capability through sn_one_extend.OneExtendUtil and biases for recency. Drop in your own capability sys_id: attached txt file.
Give the tool a single string input named search_query, and set its output transformation to Verbose.


Step 4: Build the escalation flow

In Flow Designer, create a flow that turns high-severity signals into work.

  • Trigger: Created, on your signal table, condition severity is 4 or higher
  • Action 1: Create Record on Task, assigned to a review group, priority 2 High, with the rationale, recommended action, and source link in the description
  • Action 2: Send Email to the review distribution

Keep the threshold in the flow condition, not the agent. That way the line between recorded for awareness and needs a human is something you control. Severity 3 and below stay in the table with no task and no email.


Step 5: Add the schedule

Add a daily trigger on the agent so it runs unattended, for example every morning at 6:00, with the objective "Run your publisher risk check now."


Step 6: Seed the watchlist and test

Add a few publishers to the watchlist with a short rationale each, then run the agent from the Testing panel with "Run your publisher risk check now." Watch the reasoning: watchlist lookup, web search per publisher, dedupe check, then record creation. Create a severity 5 signal by hand to confirm the flow opens a task and sends the email.


Notes

  • Leave the agent's run-as user empty. Setting a fixed run-as identity stalled every tool call. The agent inheriting the invoking user worked. Put a run-as user on the schedule trigger instead if you need one for the unattended run.
  • Use a Script tool for web search, not the out-of-the-box capability tool. The OOB tool completed the first search in a conversation and stalled on later ones. Calling the capability directly through OneExtendUtil runs reliably back to back.
  • Web grounding returns the most authoritative result regardless of age, so without the date stamping above you will get year-old articles cited as if they were news.
  • Reference inputs need reference metadata, or the create tool writes an empty publisher.
  • After editing a live flow, deactivate and reactivate it, then fire-test with a real record. It can keep showing Active while its record trigger has gone stale.
Custom AI agent we built in ServiceNow to monitor software publishers for licensing and audit risk. It runs on its own every morning. It reads a watchlist of publishers, searches the live web for recent news on each one, scores what it finds against credible sources, and creates a task only when ...
0 REPLIES 0