Exploring Now Assist for Vulnerability Response

  • Release version: Zurich
  • Updated June 4, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Now Assist for Vulnerability Response

    Now Assist for Vulnerability Response leverages generative AI skills and agents to support vulnerability managers, analysts, cybersecurity teams, and developers in managing and remediating security exposures. Integrated within the Unified Security Exposure Management (USEM) workspace, it enables natural language queries, AI-driven insights, and automation to streamline vulnerability response across host, container, and application environments.

    Show full answer Show less

    Key Features

    • Natural Language Data Queries: Users can ask questions in plain language to retrieve comprehensive vulnerability data, including host, container, and test results.
    • AI Security Exposure Management: Provides visibility into the AI attack surface, covering vulnerabilities, automated red teaming findings, and configuration issues in AI assets.
    • Agentic AI Exposure Assessment: Assesses exposure to known vulnerabilities, identifies affected assets, evaluates business impact, and creates watch topics for remediation.
    • Smarter Remediation Guidance: Compares remediation options based on asset context and offers AI-recommended fixes to accelerate resolution.
    • Remediation and SLA Visibility: Monitors remediation progress, tracks SLA compliance, and identifies missed targets by severity, team, and asset type.
    • Exception Approvals with Impact Analysis: Enables approval or rejection of exception requests with on-demand risk and business impact analysis.
    • Custom API Connector Creation: Supports developers in building API connectors within the Security Posture Control workspace using the Connector Builder framework.
    • Duplicate Vulnerable Item Deduplication: Identifies and removes duplicate vulnerability entries to maintain data clarity.

    Users and Roles

    • Vulnerability Managers, Admins, and Analysts: Use AI agents to query vulnerability data, prioritize remediation efforts, track SLA compliance, identify duplicates, and receive remediation recommendations.
    • Chief Information Security Officers (CISOs): Monitor overall risk posture, oversee asset classification, assign remediation tasks, and communicate risk status through dashboards and reports.
    • Developers and Cybersecurity Teams: Gain guidance on accelerating the creation of custom API connectors for enhanced integration and control.

    Benefits for ServiceNow Customers

    • Accelerates vulnerability data retrieval and understanding through natural language AI queries.
    • Enhances visibility into AI-specific security exposures and overall organizational risk posture.
    • Improves remediation efficiency with AI-driven guidance and contextual recommendations.
    • Supports SLA management by providing real-time compliance insights and remediation tracking.
    • Streamlines exception handling with AI-powered risk and impact assessments.
    • Enables customization and integration flexibility via API connector development.

    Next Steps

    ServiceNow customers can explore additional materials on using generative AI skills, configuring agentic workflows, and optimizing Now Assist for Vulnerability Response to fully leverage AI-driven vulnerability management capabilities.

    Get information about how your vulnerability managers, analysts, and cybersecurity teams can use generative AI skills and agents with Vulnerability Response and supported applications.

    Now Assist for Vulnerability Response overview

    For more information about how generative AI skills and agents are supported in the Unified Security Exposure Management (USEM) workspace, see Now Assist in Unified Security Exposure Management.

    With generative AI skills and agents provided with the Now Assist for Vulnerability Response application, use generative AI to help you with the following tasks:
    Natural language data queries
    Vulnerability analysts and remediation owners can enter questions in plain language and receive comprehensive answers about all types of findings that include host, container, and test results vulnerabilities with Security Exposure 360.
    AI Security Exposure Management
    AI exposures is a dedicated module that provides visibility into the entire AI attack surface, including vulnerabilities, validation or automated red teaming findings, and security posture findings or configuration issues in various AI assets
    Agentic AI exposure assessment
    Assess exposure to known and CISA-listed vulnerabilities, identify affected assets, understand business impact, and create watch topics.
    Smarter remediation guidance
    Compare remediation options that are based on asset context and receive AI-recommended fixes to accelerate execution.
    Remediation and SLA visibility
    Monitor remediation progress, SLA compliance, and missed targets by severity, team, and asset type.
    Exception approvals with impact analysis
    Approve or reject exception change requests with on-demand analysis of risk and business impact.
    Create custom API connectors (Security Posture Control)
    Create your own API connectors in the Security Posture Control workspace with the Connector builder framework module. Note: Security Posture Control and its supported applications are required for this generative AI feature.

    Users

    Table 1. Users
    User Description
    Vulnerability managers, vulnerability admins, and analysts With the Security Exposure 360 agentic workflow, chat with an AI agent using natural language to retrieve host (Vulnerability Response) and Application Vulnerability Response (AVR) data, as well as Container Vulnerability Response and Configuration Compliance data.
    Vulnerability analysts, Chief Information Security Officers (CISO)s Monitors the organization’s overall risk posture across integrated environments, ensuring accurate asset discovery and classification for AI exposures correlation. These roles serve as an escalation point for remediation teams, assigns remediation tasks based on asset ownership and severity, and organizes AI exposure information into dynamic remediation tasks to streamline prioritization. Additionally, the role delivers actionable dashboards and reports to track remediation progress, highlight critical AI exposures, and communicate the current risk posture to stakeholders.
    Vulnerability managers and analysts Determine your exposure to vulnerabilities in your environment and their potential impact to your configuration items (CIs) and business services.
    Vulnerability managers and analysts Get insights into how well you're achieving your remediation targets for vulnerabilities according to your Service Level Agreements (SLAs).
    Vulnerability managers and analysts Provide steps for analysts to remediate vulnerable items (VITs) that are assigned to them with watch topics and remediation efforts.
    Vulnerability managers and analysts Get clear remediation assistance for how to resolve remediation tasks that includes potential, preferred solutions, if they are available.
    Vulnerability managers and analysts Identify and review duplicate vulnerable items that are imported by your vulnerability scanners. Identify the primary vulnerable item that is associated with a configuration item.
    Vulnerability managers and analysts Generate insights to prioritize findings that are based on contextual summaries, actionable recommendations, and quick links in the Security Exposure Management (SEM) workspace.
    Vulnerability managers and analysts Get on-demand recommendations to approve or reject exception requests directly from the Exception Change Approval record in the Security Exposure Management (SEM) workspace.
    Developers and cybersecurity teams Get guidance for how to accelerate the creation of custom API connectors for the Security Posture Control workspace.

    Benefits

    Benefit Feature Users
    Ask questions in natural language to help you quickly retrieve vulnerability and exposure data across legacy sources. Retrieve VR data Vulnerability (host) and Application Vulnerability Response (AVR) managers, admins, and analysts
    AI exposures is a dedicated module that provides visibility into the entire AI attack surface, including vulnerabilities, validation or automated red teaming findings, and security posture findings or configuration issues in various AI assets. Guardrail detector skill and agentic workflow Vulnerability analysts, Chief Information Security Officers (CISO)s
    Understand your security posture with AI-generated contextual summaries, recommendations, and insights to help you prioritize critical findings and take action directly from the findings view. SEM Insights skill Vulnerability managers, admins, and analysts
    Enable exception and false positive approvers to make faster, more consistent decisions while reducing manual analysis effort. Approval Recommendation skill Vulnerability managers, admins, and analysts
    Get guidance for how to accelerate the creation of custom API connectors for the Security Posture Control workspace. SPC Setup Connector skill Developers and cybersecurity teams
    Identify the primary (first-found) vulnerable item for a configuration item and remove duplicate Host Vulnerable items (VITs). Vulnerable item deduplication skill Vulnerability managers and analysts
    Get guidance for how to resolve remediation tasks that includes available potential, preferred solutions from third-party vendors. Recommend preferred solution for VIT skill Vulnerability managers and analysts
    • Identify assets with Common Vulnerabilities and Exposures (CVEs).
    • Determine the number of active vulnerability items (VITs) that correspond to CVEs.
    • Identify business services with known vulnerabilities.
    • Create watch topics for vulnerable item (VIT) remediation based on the information provided. The AI agent can create a Remediation Effort for the active VITs associated with the watch topic.
    		 Assess vulnerability exposure agentic workflow Vulnerability managers and analysts
    Gain insight into the progress of your Service Level Agreement (SLA) compliance summary for the past 30 days. View Groups and Asset Types that missed SLAs to help you track and adjust targets. Analyze vulnerability remediation status agentic workflow Vulnerability managers and analysts
    Retrieve relevant context and details for the vulnerable items assigned to you. Analyze, plan, and create steps for remediation. Remediation Assistance Vulnerability analysts

    What to explore next

    To learn more about generative AI skills and agentic workflows with Now Assist for Vulnerability Response, see: