Supporting information for Unified Security Exposure Management AI skills and agents

  • Release version: Zurich
  • Updated June 2, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Supporting information for Unified Security Exposure Management AI skills and agents

    The Unified Security Exposure Management (USEM) application in ServiceNow Zurich release integrates multiple AI-driven capabilities to enhance vulnerability and security exposure management. It leverages generative AI skills and agents within key user interfaces to streamline retrieval, analysis, and remediation of security vulnerabilities across hosts, containers, and test results. USEM supports advanced compliance monitoring and approval workflows, helping security teams maintain robust security postures.

    Show full answer Show less

    Supported Versions and Required Applications

    USEM requires specific versions of several interconnected applications, including:

    • Now Assist for Vulnerability Response (v5.0.0)
    • Now Assist for Platform (v11.2.3)
    • Vulnerability Response Integration with CISA (v1.5.1)
    • Vulnerability Response core applications with versions 26.5.3 (non-USEM) and 30.4.4 (for USEM workspace)
    • Vulnerability Response licensing and Common Workspace (v2.7.1 and v1.10.0 respectively)
    • Vulnerability Response Integration Framework (v1.5.0)
    • AI Security Exposure Management (v2.0.1)
    • Vulnerability Solution Management (v10.4.3)
    • Security Posture Control API Connectors and related controls (versions 2.1.1, 4.2.2, and 7.1.1)

    These applications collectively enable the full functionality of USEM's AI skills and agents.

    Supported User Interfaces and AI Capabilities

    USEM's AI skills are embedded in key ServiceNow workspaces to assist security teams:

    • Vulnerability Manager Workspace: Allows users to query vulnerability and exposure data via natural language. AI supports deduplication of vulnerable items, recommends remediation solutions (including third-party vendor options), and assesses exposure of configuration items and business services. It also checks for new CISA-known exploitable vulnerabilities and provides compliance metrics related to remediation SLAs.
    • Security Exposure Management (SEM) Workspace: Enables natural language queries for vulnerability data and leverages generative AI to provide contextual insights, actionable recommendations, and approval impact analysis. AI delivers on-demand approval recommendations directly within Exception Change Approval records.
    • Security Posture Control Workspace: Includes the Now Assist SPC Setup Connector skill, which guides developers in creating custom API connectors for integrating data from third-party security products. This accelerates data import processes and enhances monitoring of security posture.

    Practical Benefits for ServiceNow Customers

    • Streamlined vulnerability management through AI-powered data retrieval and analysis.
    • Improved remediation efficiency with AI-generated solution recommendations and compliance tracking.
    • Enhanced security exposure insights and automated approval workflows in the SEM workspace.
    • Customizable API connectors for integrating external security data to monitor overall security posture effectively.
    • Support for natural language interaction improves accessibility and speeds up security operations.

    Overall, these capabilities enable security teams to proactively manage vulnerabilities, improve compliance, and strengthen organizational security posture using AI-enhanced automation within ServiceNow.

    Get a quick overview of the important information that is related to the USEM application.

    Supported versions and required applications

    The following applications are required:

    Application Version
    Now Assist for Vulnerability Response 5.0.0
    Now Assist for platform [sn_genai_platform] 11.2.3
    Vulnerability Response Integration with CISA [sn_vul_cisa] 1.5.1
    Vulnerability Response [sn_vul] non USEM.
    Note:
    Application Vulnerability Response is included as a part of Vulnerability Response.
    		 26.5.3
    Vulnerability Response for USEM and Security Exposure Management workspace.
    Note:
    Application Vulnerability Response is included as a part of Vulnerability Response.
    		 30.4.4
    Vulnerability Response licensing and usage [sn_vul_licensing] (installed with [sn_vul]) 2.7.1
    Vulnerability Response Common Workspace [sn_vul_cmn_ws] (installed with [sn_vul]) 1.10.0
    Vulnerability Response Integration Framework [sn_vul_int_fw] 1.5.0
    AI Security Exposure Management (sn_sec_ai). 2.0.1
    Vulnerability Solution Management [sn_vul_solution] 10.4.3
    Security Posture Control API Connectors [sn_spc_cxf] for the API Connector skill. 2.1.1

    Mitigation Controls Monitoring [sn_sec_mit_ctrl] for the API Connector skill.

    		 4.2.2
    Security Posture Control [sn_sec_spc_core] for the API Connector skill. 7.1.1

    Supported user interfaces

    Now Assist for Vulnerability Response includes the generative AI skills listed in the following table.

    Table 1. Now Assist for Vulnerability Response supported interfaces
    Interface Features
    Vulnerability Manager Workspace Ask questions in natural language to help you quickly retrieve vulnerability and exposure data for all types of findings that include host, container, and test results vulnerabilities with Security Exposure 360.

    Now Assist skills:

    • Deduplication of host vulnerable items (VITs).
    • Remediation assistance that includes providing potential, preferred solutions from third-party vendors.

    AI agents:

    Vulnerability managers and analysts can assess if your configuration items (CIs) and your business services are exposed to vulnerabilities. Check for any new Cybersecurity and Infrastructure Security Agency (CISA) known exploitable vulnerabilities and assess their potential impact on your environment.

    Vulnerability managers and analysts can gain insights into your compliance metrics to understand how effectively your organization is meeting remediation goals for vulnerabilities based on Service Level Agreements (SLAs).
    Security Exposure Management (SEM) workspace Ask questions in natural language to help you quickly retrieve vulnerability and exposure data for all types of findings that include host, container, and test results vulnerabilities with Security Exposure 360.

    Generate insights and Generate recommendation for Approval Impact Analysis skills.

    Use generative AI to provide insights based on contextual summaries, actionable recommendations, and quick links in the Security Exposure Management (SEM) workspace.

    Use generative AI to provide on-demand approval recommendations directly from the Exception Change Approval record in the Security Exposure Management (SEM) workspace.
    Security Posture Control Workspace Now Assist SPC Setup Connector skill:

    Get guidance for how to create your own API connectors for the Security Posture Control workspace based on common third-party security products.

    Developers can accelerate the process of selecting API templates and populating request and header parameters and response field mapping. Your cybersecurity teams can use these custom API connectors to import the security data that helps them monitor your security posture.
    UI6 Links in the responses in theNow Assist panel open new tabs in your browser.