The ServiceNow Zurich release is upon us! Included within are brand new AI capabilities built specifically for vulnerability managers, IT remediation owners, and security analysts. Let’s take a deeper dive into each one, and the benefits they provide for your Vulnerability Response (VR) and Security Incident Response (SIR) programs. 

 

 

 

With multiple vulnerability scanners, countless findings, and fragmented remediation options, security and IT teams are often buried under noise rather than focusing on the vulnerabilities that matter most. 

 

With Now Assist for Vulnerability Response (VR), we’re introducing 2 powerful AI-driven capabilities in September designed to tackle these challenges: Deduplication of Vulnerable Items (VITs) and Remediation Assistance. Let's double click into them.

 

Deduplication of Vulnerable Items

 

The adoption of multiple third-party scanners provides broader visibility but also creates a new problem: duplicate findings. Different tools may scan the same asset, producing overlapping findings in ServiceNow VR. An added layer of complexity arises when some vendors use proprietary IDs (for example Tenable ID) that bundle many CVEs into a single detection. These tools don’t always specify exactly which CVEs are present on an asset, making it even harder to deduplicate or aggregate findings across different sources.

 

This results in:  

 

• Skewed Vulnerable Item (VIT) volumes 
• Overwhelmed remediation owners 
• Wasted remediation efforts dealing with the same vulnerabilities 

 

To resolve this duplication of VITs issue, we leverage AI to  

 

1. Run AI-powered deduplication jobs in the background with flexible filters (by assignment, by CI, or other)
2. Review potential duplicates with context, including a primary record, duplicate groupings, and a confidence score with reasoning. 
3. Confirm duplicates manually or automate the process with a confidence threshold (e.g., auto-close duplicates above 80% confidence). 

 

 

 

When confirmed, duplicates are automatically closed, and their detection data is rolled up into the primary record. This “human-in-the-loop” model builds analyst trust first, while allowing automation to scale once confidence is established. 

 

 

Remediation Assistance

 

Even after deduplication, another challenge remains: deciding how to fix vulnerabilities. In many organizations, each vulnerability often comes with multiple possible fixes—scattered across different sources like Red Hat advisories, Microsoft bulletins, Tenable plugins, and more. Choosing the right solution that matched the asset and OS version information for a specific CI can be tedious and manual. 

 

With Remediation Assistance, here’s what teams can do: 

 

At the single VIT level, click Recommend Solution to instantly populate the Preferred Solution field, along with a justification logged in Work Notes. 

 

 

 

At the Remediation Task level, apply recommendations across multiple VITs in bulk—again, with explanations captured automatically. 

 

 

Rethinking Shift Handover: How AI Agents Are Changing the Game 

 

In every 24x7 Security Operations Center (SOC), shift handovers are moments of truth. One team signs off, another takes charge, and the continuity of the SOC depends on how clearly and completely knowledge is transferred. A missed detail can mean delayed responses, redundant effort, or worse, a full-blown security attack. 

 

Traditionally, organizations rely on manual shift handover reports, built on pre-configured templates. These templates are helpful, but the process of filling them out is time-consuming, inconsistent, and heavily dependent on individual diligence. It’s time for a change! 

 

The Problem with Manual Reporting 

 

Ask any Shift Lead or an Analyst and they will tell you that documenting incidents during shift handovers often feels like administrative overhead. It requires digging through alerts, incident logs, and communication channels, and then distilling all that information into a structured note. 

 

The risks are clear: 

• Human error and omissions under time pressure. 
• Inconsistency between Analysts and shifts. 
• Loss of valuable context that the next team may need. 

Manual reporting was built for an earlier era. Today, with teams running complex, AI powered SOC, the model is breaking down. 

 

Enter AI Agents for Shift Handover

 

Now Assist for Security Incident Response (SIR) now supports an AI-powered agent designed to reimagine shift handover reporting. Instead of manually typing out notes, Analysts can simply say:

 

“Add this security incident to the shift handover report.”

 

 

From that simple instruction, the agent: 

 

• Understands the existing handover template with its structured sections. 
• Interprets the incident context including impact, status, actions taken, and next steps. 
• Populates the right sections automatically, ensuring clarity, consistency, and completeness. 
• In practice, what once took up to 20 minutes of careful documentation now happens in seconds, without sacrificing detail. 

 

 

Why this matters for the future of SOC operations 

 

The value of this agent goes beyond efficiency: 

1. Reports are well documented and standardized, reducing the cognitive load on the incoming team. 
2. Teams spend less time documenting and more time solving problems. 
3. Handovers become reliable, structured, and actionable, no matter who is writing them. 

 

 

The Road Ahead 

 

We believe this is just the beginning of a broader transformation. Tomorrow’s AI agents won’t just document, they will: 

 

• Flag unresolved incidents that need follow-up
• Spot patterns across shifts and raise proactive alerts
• Recommend next actions for incoming teams

 

Shift handovers will be powered by intelligence that learns, adapts, and supports human decision-making. The future of SOC is not just about working harder or faster, it’s about working smarter, together with AI. 

 

That's a Wrap for September Release!

 

To learn more about the latest SecOps AI-capabilities deploy them in your environment, please refer to the ServiceNow Store links here:

 

• Now Assist for Vulnerability Response (VR)
• Now Assist for Security Incident Response (SIR)

 

For more information about our previous 2025 releases, please refer to the following posts:

 

• The SecOps Team of Agents: Strengthening Your Response to Security Incidents & Vulnerabilities! 🚀💪
• The SOC Agent Advantage: Wrap-up your Security Incidents with Ease

 

All the best on your deployment journey,

The SecOps AI Product Team