Configuring Now Assist for Vulnerability Response

  • Release version: Yokohama
  • Updated January 12, 2026
  • 2 minutes to read
  • The Now Assist for Vulnerability Response application is supported in the Now Assist panel and available on-demand.

    Configuration overview

    Role masking enables users to limit the roles and privileges of AI agents during tool execution. AI agents that get installed with Now Assist applications are assigned pre-defined roles. If you select Users with specific roles for user access, you must configure the security controls to include these roles. Data access settings must also include these roles. For the instructions to change the security controls, see Define security controls for an AI agent.

    By sharing data with the ServiceNow® AI development program, you provide relevant data to help improve prediction accuracy, user experience, tailor products to your business needs, and reduce hallucinations for your activated Now Assist skills.

    You can choose to opt out of a ServiceNow instance from data sharing from the Now Assist Admin console if you don't want to participate. For more information, see Opt out of data sharing for Now Assist. Repeat the opt-out process for all instances that use the Now Assist functionality.

    Prior to v1.0.4, use the AI Agent Studio to configure Now Assist for Vulnerability Response.

    Starting with v1.0.4, use the Now Assist Admin console to configure Now Assist for Vulnerability Response. This console contains everything that you must install the applications and configure the generative AI skills. For additional information, see Configuring Now Assist settings and features.

    Configuration tasks and important notes

    • Install Now Assist plugins.
      Install the Now Assist for Vulnerability Response application (sn_vul_ai).
      Note:

      When you update the Now Assist for Vulnerability Response application, its dependency applications are automatically updated.

    • The Now Assist panel must be activated. For more information, see Activate Now Assist panel standard chat.
    • The Now Assist skills listed on the Security Operations page for Now Assist for Vulnerability Response are activated by default starting with Yokohama Patch 11:
      • SPC Setup Connector
      • Approval Recommendation
      • SEM Insights
      • Recommend preferred solution for VIT
      • Vulnerable item deduplication
      Note:

      Upgrading the Now Assist plugins will activate any designated skills that were previously untouched by the customer.

      • If you have the plugins installed but never touched the configuration (never activated the skill nor adjusted associated roles) of a skill, any Default On skill will be activated on a per skill basis upon upgrading.
      • If you have previously toggled a skill from active and then back to inactive or have updated any roles for that skill, that skill will remain inactive upon upgrading.
      • You maintain full control over deactivating individual skills at any time after activation.
    • Important:
      By default, all agentic workflows and AI agent records are read-only.

    See duplicating an agentic workflow and Configure an agentic workflow for Now Assist for Vulnerability Response for more information about modifying agentic workflows.

    See Configure a skill for Now Assist for Vulnerability Response for more information about modifying Now Assist skills.