Now Assist for Vulnerability Response release notes

  • Release version: Zurich
  • Updated February 2, 2026
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Now Assist for Vulnerability Response Release Notes - Zurich Release

    The ServiceNow® Now Assist for Vulnerability Response application enhances vulnerability management by enabling analysts and remediation owners to autonomously track, monitor, and remediate vulnerabilities using intelligent workflows and generative AI skills. The Zurich release introduces significant improvements and new capabilities designed to streamline vulnerability response processes, improve security posture, and accelerate remediation efforts.

    Show full answer Show less

    Key Features

    • Generative AI Integration: AI-driven skills help identify duplicate vulnerable items, recommend preferred remediation solutions, generate insights to prioritize risks, and assist with approval decisions for vulnerability exceptions.
    • Agentic Workflows: New workflows enable retrieval of vulnerability and exposure data, assessment of vulnerability exposure based on current threat intelligence (e.g., CISA vulnerabilities), and monitoring of remediation compliance with SLA tracking and detailed analysis.
    • API Connector Builder: Developers can use generative AI to create custom API connectors in the Security Posture Control (SPC) workspace, facilitating integration with security tools and improving asset data import tailored to organizational needs.
    • Role and Security Enhancements: Additional granular roles provide better control over AI skill access and workflow execution, ensuring that agentic workflows and AI agents operate securely with appropriate user permissions.
    • Default Skill Activation: Selected Now Assist skills are enabled by default for new installations and unconfigured skills during upgrades, simplifying initial setup while allowing customers to maintain control over skill activation.

    Key Outcomes

    • Improved Vulnerability Remediation Efficiency: AI-powered de-duplication and solution recommendations reduce manual effort in vulnerability triage and remediation task resolution.
    • Enhanced Security Posture Visibility: Automated data retrieval and insightful analytics help cybersecurity teams prioritize risks and monitor compliance with remediation SLAs effectively.
    • Faster Integration and Customization: Generative AI assists developers in building API connectors quickly, enabling seamless integration with third-party security tools and customized asset management.
    • Streamlined Approval Processes: AI-generated recommendations expedite approval or rejection of vulnerability exception requests, fostering consistent and informed decision-making.
    • Optimized Role Management: Granular role assignments ensure secure and appropriate access to AI-driven features and workflows within the vulnerability response environment.

    Important Upgrade and Activation Information

    Upgrading to the Zurich release automatically updates Now Assist for Vulnerability Response and its dependencies, activating default skills unless previously deactivated or configured. Customers retain full control to enable or disable individual skills post-upgrade. Additional role configurations are necessary for agentic workflows and AI agents to function correctly, requiring assigned roles for user access and data permissions.

    Now Assist for Vulnerability Response is available through the ServiceNow Store, where customers can request installation and access cumulative release notes and additional resources.

    The ServiceNow® Now Assist for Vulnerability Response application can help your vulnerability analysts and remediation owners track, monitor, and remediate vulnerable items autonomously with intelligent workflows and generative AI skills. Now Assist for Vulnerability Response was enhanced and updated in the Zurich release.

    Now Assist for Vulnerability Response highlights for the Zurich release

    Zurich Patch 5
    • Review changes to Now Assist usage measurement. See the "Changed in this release" section below.
    • Retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data with the Retrieve VR Data agentic workflow.
    • The Retrieve VR Data agentic workflow is supported in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces.
    Zurich Patch 4
    • Some Now Assist skills are now turned on by default.
    • Use generative AI to help you build custom API connectors in the Security Posture Control workspace.
    • Additional role configuration is required for agentic workflows and AI agents included with Now Assist applications.
    Zurich Patch 1
    • Help analysts identify and remove duplicate host vulnerable items.
    • Help analysts resolve remediation tasks with preferred vulnerability solutions from third-party vendors.

    Zurich Early Availability: Help your vulnerability managers and analysts to resolve remediation tasks, assess your exposure to vulnerabilities, and analyze metrics for remediation targets. Chat with AI agents in natural language from the Now Assist panel.

    See Now Assist for Vulnerability Response for more information.

    Important:
    Now Assist for Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Now Assist for Vulnerability Response to Zurich

    The following Now Assist skills for Now Assist for Vulnerability Response are activated by default.
    • Recommend preferred solution for VIT (VR)
    • Vulnerable item de-duplication (VR)
    • Approval Recommendation (VR)(USEM)
    • Security Exposure Management (SEM) Insights (VR)(USEM)
    • SPC Setup Connector (Security Posture Control)
    Note:

    Upgrading the Now Assist plugins activate any designated skills that were previously untouched by the customer.

    • If you have the plugins installed but never touched the configuration (never activated the skill nor adjusted associated roles) of a skill, any Default On skill will be activated on a per skill basis upon upgrading.
    • If you have previously toggled a skill from active and then back to inactive or have updated any roles for that skill, that skill remains inactive upon upgrading.
    • You maintain full control over deactivating individual skills at any time after activation.

    When you update the Now Assist for Vulnerability Response application, the dependency applications are automatically updated.

    For more information about required applications for Now Assist for Vulnerability Response, see Supporting information for Unified Security Exposure Management AI skills and agents.

    New in the Zurich release

    Zurich Patch 5
    Retrieve Vulnerability and exposure data with generative AI
    Chat with an AI agent using natural language to retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces.
    Zurich Patch 4
    Role configuration required for agentic workflows and AI agents
    Agentic workflows and AI agents included with Now Assist applications require additional security configuration. If you select Users with selected roles for your user access security controls for an agentic workflow or AI agent, you must add the installed roles, or they won't execute. Data access settings must also include these roles. See the documentation for the agentic workflow or AI agent for the specific roles you must add. After the roles are configured, users must have the specified role to invoke the agentic workflow or AI agent.
    Create a custom API service graph connector in the Security Posture Control (SPC) workspace
    Use generative AI to help your developers create SPC API connectors quickly with the Connector builder framework module in the SPC workspace. With a Now Assist skill that is included with the Now Assist for Vulnerability Response application, your developers have the option to automate steps in the Connector builder framework.
    • Automate the steps for selecting API templates, populating request and header parameters, and response field mapping.
    • Use your custom API connector to integrate with security tools and import asset data that is based on the unique requirements of your environment.
    • Help your cybersecurity teams monitor your overall security posture and identify assets that are missing key security tools with the API connectors that you build.

    See Creating your own API connectors in Security Posture Control for more information and the required applications.

    Generate insights to prioritize risks
    Use generative AI to provide contextual summaries, actionable recommendations, and quick links in the Security Exposure Management Workspace, helping you prioritize critical risks and accelerate remediation.
    Generate recommendation for approval impact analysis
    Use generative AI to provide on-demand recommendations to approve or reject a request directly from the Exception Change Approval record, enabling approvers to make fast, consistent decisions while reducing manual analysis effort.
    Zurich Patch 2
    Granular roles
    The sn_vul_ai.write_rem_insights and sn_vul_ai.read_rem_insights granular roles have been added and are inherited by the sn_vul.vulnerability_admin and sn_vul.vulnerability_analyst roles automatically. These roles provide you with more control over read and write access for the records on the Remediation Compliance Insights [sn_vul_ai_remediation_insights] caching table. The VR.System role also inherits these granular roles so background job execution for the workflow can occur.
    Zurich Patch 1
    Identify duplicate vulnerable items with generative AI
    Use generative AI to identify duplicates for your active host vulnerable items that are imported by your vulnerability scanners. Use generative AI reasoning with Now Assist to help your analysts differentiate between primary vulnerability items (VITs) and those VITs that are duplicates. Close duplicate VITs and move their associated detections automatically to the primary VIT records.
    Identify preferred vulnerability solutions with Now Assist for Vulnerability Response
    Use generative AI to analyze available remediation options pulled from integrated third-party products like Red Hat, Tenable for Vulnerability Response, or internal solution management systems. Evaluate each option against the specific configuration item context, for example, the OS version or software version, and get recommendations for the most viable fix for implementation.
    Zurich Early Availability
    Using agentic workflows

    The assess vulnerability exposure agentic workflow enables vulnerability managers to determine your exposure to vulnerabilities.

    • Determine your exposure to the most current Cybersecurity and Infrastructure Security Agency (CISA) known vulnerabilities in your environment and assess their potential impact to your configuration items (CIs) and business services.
    • Identify assets with Common Vulnerabilities and Exposures (CVEs).
    • Determine the number of active VITs that correspond to CVEs. Create watch topics for VIT remediation.

    The analyze vulnerability remediation status agentic workflow helps vulnerability managers to monitor and assess remediation target compliance.

    • Track Service Level Agreement (SLA) compliance - Understand how effectively your organization is meeting remediation goals for vulnerabilities based on your SLAs.
    • Analyze missed SLAs by severity, assignment group, and configuration item (CI) class - Pinpoint gaps in remediation by categorizing overdue VITs based on severity, assignment groups, and CI classes to enable targeted interventions and smarter resource allocation.

    Changed in this release

    Zurich Patch 5
    Changes to Now Assist usage measurement
    Starting with Zurich Patch 5, Now Assist usage measurement is transitioning from a 365-day look-back model to a 365-day burn-down model, with usage resetting at the contract anniversary date. For more information, refer to KB KB2704710: Now Assist Usage - Overview & New Measurement Logic.
    Zurich Patch 4
    Some Now Assist skills are turned on by default
    The new default behavior works as follows:
    • New customers: When you install a Now Assist product, designated skills are turned on automatically.
    • Existing customers who are upgrading (starting with Zurich Patch 4): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive.

    Activation information

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes. Install Now Assist for Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.