Now Assist for Vulnerability Response release notes

  • Release version: Zurich
  • Updated February 2, 2026
  • 6 minutes to read

    • The ServiceNow® Now Assist for Vulnerability Response application can help your vulnerability analysts and remediation owners track, monitor, and remediate vulnerable items autonomously with intelligent workflows and generative AI skills. Now Assist for Vulnerability Response was enhanced and updated in the Zurich release.

    Now Assist for Vulnerability Response highlights for the Zurich release

    Zurich Patch 5
    • Review changes to Now Assist usage measurement. See the "Changed in this release" section below.
    • Retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data with the Retrieve VR Data agentic workflow.
    • The Retrieve VR Data agentic workflow is supported in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces.
    Zurich Patch 4
    • Some Now Assist skills are now turned on by default.
    • Use generative AI to help you build custom API connectors in the Security Posture Control workspace.
    • Additional role configuration is required for agentic workflows and AI agents included with Now Assist applications.
    Zurich Patch 1
    • Help analysts identify and remove duplicate host vulnerable items.
    • Help analysts resolve remediation tasks with preferred vulnerability solutions from third-party vendors.

    Zurich Early Availability: Help your vulnerability managers and analysts to resolve remediation tasks, assess your exposure to vulnerabilities, and analyze metrics for remediation targets. Chat with AI agents in natural language from the Now Assist panel.

    See Now Assist for Vulnerability Response for more information.

    Important:
    Now Assist for Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Now Assist for Vulnerability Response to Zurich

    The following Now Assist skills for Now Assist for Vulnerability Response are activated by default.
    • Recommend preferred solution for VIT (VR)
    • Vulnerable item de-duplication (VR)
    • Approval Recommendation (VR)(USEM)
    • Security Exposure Management (SEM) Insights (VR)(USEM)
    • SPC Setup Connector (Security Posture Control)
    Note:

    Upgrading the Now Assist plugins activate any designated skills that were previously untouched by the customer.

    • If you have the plugins installed but never touched the configuration (never activated the skill nor adjusted associated roles) of a skill, any Default On skill will be activated on a per skill basis upon upgrading.
    • If you have previously toggled a skill from active and then back to inactive or have updated any roles for that skill, that skill remains inactive upon upgrading.
    • You maintain full control over deactivating individual skills at any time after activation.

    When you update the Now Assist for Vulnerability Response application, the dependency applications are automatically updated.

    For more information about required applications for Now Assist for Vulnerability Response, see Supporting information for Unified Security Exposure Management AI skills and agents.

    New in the Zurich release

    Zurich Patch 5
    Retrieve Vulnerability and exposure data with generative AI
    Chat with an AI agent using natural language to retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data in the Unified Security Exposure Management (USEM) and legacy Vulnerability Response workspaces.
    Zurich Patch 4
    Role configuration required for agentic workflows and AI agents
    Agentic workflows and AI agents included with Now Assist applications require additional security configuration. If you select Users with selected roles for your user access security controls for an agentic workflow or AI agent, you must add the installed roles, or they won't execute. Data access settings must also include these roles. See the documentation for the agentic workflow or AI agent for the specific roles you must add. After the roles are configured, users must have the specified role to invoke the agentic workflow or AI agent.
    Create a custom API service graph connector in the Security Posture Control (SPC) workspace
    Use generative AI to help your developers create SPC API connectors quickly with the Connector builder framework module in the SPC workspace. With a Now Assist skill that is included with the Now Assist for Vulnerability Response application, your developers have the option to automate steps in the Connector builder framework.
    • Automate the steps for selecting API templates, populating request and header parameters, and response field mapping.
    • Use your custom API connector to integrate with security tools and import asset data that is based on the unique requirements of your environment.
    • Help your cybersecurity teams monitor your overall security posture and identify assets that are missing key security tools with the API connectors that you build.

    See Creating your own API connectors in Security Posture Control for more information and the required applications.

    Generate insights to prioritize risks
    Use generative AI to provide contextual summaries, actionable recommendations, and quick links in the Security Exposure Management Workspace, helping you prioritize critical risks and accelerate remediation.
    Generate recommendation for approval impact analysis
    Use generative AI to provide on-demand recommendations to approve or reject a request directly from the Exception Change Approval record, enabling approvers to make fast, consistent decisions while reducing manual analysis effort.
    Zurich Patch 2
    Granular roles
    The sn_vul_ai.write_rem_insights and sn_vul_ai.read_rem_insights granular roles have been added and are inherited by the sn_vul.vulnerability_admin and sn_vul.vulnerability_analyst roles automatically. These roles provide you with more control over read and write access for the records on the Remediation Compliance Insights [sn_vul_ai_remediation_insights] caching table. The VR.System role also inherits these granular roles so background job execution for the workflow can occur.
    Zurich Patch 1
    Identify duplicate vulnerable items with generative AI
    Use generative AI to identify duplicates for your active host vulnerable items that are imported by your vulnerability scanners. Use generative AI reasoning with Now Assist to help your analysts differentiate between primary vulnerability items (VITs) and those VITs that are duplicates. Close duplicate VITs and move their associated detections automatically to the primary VIT records.
    Identify preferred vulnerability solutions with Now Assist for Vulnerability Response
    Use generative AI to analyze available remediation options pulled from integrated third-party products like Red Hat, Tenable for Vulnerability Response, or internal solution management systems. Evaluate each option against the specific configuration item context, for example, the OS version or software version, and get recommendations for the most viable fix for implementation.
    Zurich Early Availability
    Using agentic workflows

    The assess vulnerability exposure agentic workflow enables vulnerability managers to determine your exposure to vulnerabilities.

    • Determine your exposure to the most current Cybersecurity and Infrastructure Security Agency (CISA) known vulnerabilities in your environment and assess their potential impact to your configuration items (CIs) and business services.
    • Identify assets with Common Vulnerabilities and Exposures (CVEs).
    • Determine the number of active VITs that correspond to CVEs. Create watch topics for VIT remediation.

    The analyze vulnerability remediation status agentic workflow helps vulnerability managers to monitor and assess remediation target compliance.

    • Track Service Level Agreement (SLA) compliance - Understand how effectively your organization is meeting remediation goals for vulnerabilities based on your SLAs.
    • Analyze missed SLAs by severity, assignment group, and configuration item (CI) class - Pinpoint gaps in remediation by categorizing overdue VITs based on severity, assignment groups, and CI classes to enable targeted interventions and smarter resource allocation.

    Changed in this release

    Zurich Patch 5
    Changes to Now Assist usage measurement
    Starting with Zurich Patch 5, Now Assist usage measurement is transitioning from a 365-day look-back model to a 365-day burn-down model, with usage resetting at the contract anniversary date. For more information, refer to KB KB2704710: Now Assist Usage - Overview & New Measurement Logic.
    Zurich Patch 4
    Some Now Assist skills are turned on by default
    The new default behavior works as follows:
    • New customers: When you install a Now Assist product, designated skills are turned on automatically.
    • Existing customers who are upgrading (starting with Zurich Patch 4): Any previously unconfigured skill is turned on automatically (the skill was never configured and turned on, then turned off again). Previously configured skills that were turned on, then off, remain inactive.

    Activation information

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes. Install Now Assist for Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.