Combined Now Assist for Vulnerability Response release notes for upgrades from Xanadu to Yokohama

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Now Assist for Vulnerability Response release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Xanadu to Yokohama.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Now Assist for Vulnerability Response to Yokohama

Before you upgrade to Yokohama, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	For more information about required applications for Now Assist for Vulnerability Response, see Supporting information. Note: Upgrading the Now Assist plugins activate any designated skills that were previously untouched by the customer. If you have the plugins installed but never touched the configuration (never activated the skill nor adjusted associated roles) of a skill, any Default On skill will be activated on a per skill basis upon upgrading. If you have previously toggled a skill from active and then back to inactive or have updated any roles for that skill, that skill remains inactive upon upgrading. You maintain full control over deactivating individual skills at any time after activation.

New features

Between your current release family and Yokohama, new features were introduced for Now Assist for Vulnerability Response.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Yokohama Patch 11 Role configuration required for agentic workflows and AI agents Agentic workflows and AI agents included with Now Assist applications require additional security configuration. If you select Users with selected roles for your user access security controls for an agentic workflow or AI agent, you must add the installed roles, or they will not execute. Data access settings must also include these roles. See the documentation for the agentic workflow or AI agent for the specific roles you must add. Some Now Assist skills are turned on by default The new default behavior works as follows: New customers: When you install a Now Assist product, designated skills are turned on automatically. Existing customers who are upgrading (starting with Yokohama Patch 11): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive. Use Now Assist for Vulnerability Response in Security Posture Control You have the option to use Now Assist to help you automatically complete some of the steps in the Connector builder in the Security Posture Control workspace. Use the Connector builder to create your own service graph connectors for Security Posture Control. Generate insights to prioritize risks Use generative AI to provide contextual summaries, actionable recommendations, and quick links in the Security Exposure Management Workspace, helping you prioritize critical risks and accelerate remediation. Generate recommendation for approval impact analysis Use generative AI to provide on-demand recommendations to approve or reject a request directly from the Exception Change Approval record, enabling approvers to make fast, consistent decisions while reducing manual analysis effort. Yokohama Patch 8 Granular roles The sn_vul_ai.write_rem_insights and sn_vul_ai.read_rem_insights granular roles have been added and are inherited by the sn_vul.vulnerability_admin and sn_vul.vulnerability_analyst roles automatically. These roles provide you with more control over read and write access for the records on the Remediation Compliance Insights [sn_vul_ai_remediation_insights] caching table. The VR.System role also inherits these granular roles so background job execution for the workflow can occur. Yokohama Patch 6 Identify duplicate vulnerable items Use generative AI to identify duplicates for your active host vulnerable items that are imported by your vulnerability scanners. Use generative AI reasoning with Now Assist to help your analysts differentiate between primary vulnerability items (VITs) and those VITs that are duplicates. Close duplicate VITs and move their associated detections automatically to the primary VIT records. Suggest vulnerability solutions Use generative AI to analyze available remediation options pulled from integrated third-party products like Red Hat, Tenable for Vulnerability Response, or internal solution management systems. Evaluate each option against the specific configuration item context, for example, the OS version or software version, and get recommendations for the most viable fix for implementation. Yokohama Patch 3 Use agentic workflows The Assess vulnerability exposure agentic workflow enables vulnerability managers to determine your exposure to vulnerabilities. Determine your exposure to the most current Cybersecurity and Infrastructure Security Agency (CISA) known vulnerabilities in your environment and assess their potential impact to your configuration items (CIs) and business services. Identify assets with Common Vulnerabilities and Exposures (CVEs). Determine the number of active vulnerability items (VITs) that correspond to CVEs. Create watch topics for VIT remediation. The Analyze vulnerability remediation status agentic workflow enables vulnerability managers to monitor and assess remediation target compliance. Track Service Level Agreement (SLA) compliance - Understand how effectively your organization is meeting remediation goals for vulnerabilities based on your SLAs. Analyze missed SLAs by severity, assignment group, and configuration item (CI) class - Pinpoint gaps in remediation by categorizing overdue VITs based on severity, assignment groups, and CI classes to enable targeted interventions and smarter resource allocation.

Changes

Between your current release family and Yokohama, some changes were made to existing Now Assist for Vulnerability Response features.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Yokohama Patch 11 Changes to Now Assist usage measurement Some Now Assist skills are now turned on by default The following Now Assist skills for Now Assist for Vulnerability Response are activated by default. Recommend preferred solution for VIT (VR) Vulnerable item de-duplication (VR) Approval Recommendation (VR)(USEM) Security Exposure Management (SEM) Insights (VR)(USEM) SPC Setup Connector (Security Posture Control) The new default behavior works as follows: New customers: When you install a Now Assist product, designated skills are turned on automatically. Existing customers who are upgrading (starting with Yokohama Patch 11): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive.

Removed

Between your current release family and Yokohama, some Now Assist for Vulnerability Response features or functionality were removed.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Deprecations

Between your current release family and Yokohama, some Now Assist for Vulnerability Response features or functionality were deprecated.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Activation information

Review information on how to activate Now Assist for Vulnerability Response.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Install Now Assist for Vulnerability Response by requesting it from the ServiceNow Store.

Additional requirements

If any additional requirements were introduced or changed for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Accessibility information

Review details on accessibility information for Now Assist for Vulnerability Response, such as specific requirements or compliance levels.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Localization information

If there are specific localization considerations for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.

Highlight information

If there are specific highlight considerations for Now Assist for Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	Yokohama Patch 11 Review changes to Now Assist usage measurement. See the "Changed in this release" section below. Some Now Assist skills, agents, and agentic workflows are on by default. Additional role configuration is required for agentic workflows and AI agents included with Now Assist applications. Use Now Assist for Vulnerability Response with Security Posture Control to help you with Creating an API connector in the Security Posture Control workspace. Yokohama Patch 6 Help your analysts identify duplicate host vulnerable items and analyze available remediation options with generative AI skills with Now Assist for Vulnerability Response. Use Google Gemini and Anthropic Claude on AWS as AI model providers for Now Assist skills and AI agents in addition to Now LLM Service and Azure OpenAI. See Now Assist for Vulnerability Response for more information.