Using agentic workflows

  • Release version: Zurich
  • Updated May 26, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using agentic workflows

    Agentic workflows leverage AI agents to autonomously complete tasks related to vulnerability management within ServiceNow’s Unified Security Exposure Management (USEM). To access these generative AI skills, customers must upgrade to USEM. These workflows enable users to interact with AI in natural language to analyze, assess, and remediate security exposures efficiently.

    Show full answer Show less

    Available Agentic Workflows and AI Agents

    Several agentic workflows are designed to support vulnerability response with specific AI agents and workspaces:

    • Security Exposure 360: Allows vulnerability analysts and remediation owners to query vulnerability exposure data, including hosts, containers, and test results, using the Data Analysis AI Agent. Supported in both Legacy and USEM workspaces.
    • Guardrails Detector Agentic Workflow: Manages AI-identified guardrails by deferring findings with existing mitigations or creating exception rules for auto-deferral using the Guardrails detector agentic workflow, available in USEM.
    • Assess Vulnerability Exposure: Evaluates configuration items (CIs) and business services for known vulnerabilities, including CISA zero-day vulnerabilities, and supports creating remediation watch topics. Utilizes CISA vulnerability analysis, vulnerability exposure analysis, and watch topic creation AI agents across Legacy and USEM environments.
    • Retrieve Vulnerability and Exposure Data: Enables natural language queries to quickly access vulnerability and exposure data from legacy and USEM sources via the Retrieve VR data agent.
    • Analyze Vulnerability Remediation Status: Provides insights on compliance metrics, remediation target adherence, and SLA compliance through breakdowns by severity, assignment group, CI, and vulnerability, using the Remediation compliance analysis AI Agent in Legacy and USEM.

    Key Configuration and Usage Notes

    • All agentic workflows and AI agent records are read-only by default. To customize, duplicate and activate the desired workflow.
    • Now Assist AI agents included with the Vulnerability Response application are activated by default, with options to add triggers for automatic invocation.
    • Additional AI agents may be available outside agentic workflows via the Now Assist application or the AI Agent Marketplace on the ServiceNow Store.

    Practical Benefits for Customers

    Using agentic workflows enables ServiceNow customers to streamline vulnerability management by automating data retrieval, exposure analysis, compliance tracking, and remediation prioritization with AI-driven insights. This helps reduce manual effort, improve accuracy, and accelerate response times in security operations.

    Use AI agents to complete your tasks autonomously.

    To view and use the generative AI skills agentic workflows in the Unified Security Exposure Management you must upgrade to Unified Security Exposure Management. See Unified Security Exposure Management release notes for more information.

    Table 1. Available agentic workflows for AI agents for Vulnerability Response
    Agentic workflow name Description Available AI agents Supported workspaces
    Security Exposure 360 Evaluate vulnerability exposure data with Security Exposure 360.

    Vulnerability analysts and remediation owners can enter questions in plain language and receive comprehensive answers about all types of findings that include host, container, and test results vulnerabilities.

    		 Data Analysis AI Agent Legacy and Unified Security Exposure Management (USEM)
    Guardrails detector agentic workflow Manage potential AI exposures

    Use the AI agent to ask about the guardrails that were identified by the AI skill component in the AI Guardrails Helper, automatically defer findings with existing mitigations in the form of guardrails, or create exception rules to auto-defer future findings.

    		 Guardrails detector agentic workflow Unified Security Exposure Management (USEM)
    Assess vulnerability exposure Assess your vulnerability exposure
    • Determine if your configuration items (CIs) and business services are exposed to known vulnerabilities.
    • Determine the potential impact that a specific vulnerability might have throughout your environment.
    • Check CIs for any new Cybersecurity and Infrastructure Security Agency (CISA) exploitable (zero-day) vulnerabilities.
    • Create watch topics in the Vulnerability Manager workspace to remediate vulnerable items.
    • CISA vulnerability analysis AI agent
    • Vulnerability exposure analysis AI agent
    • Watch topic creation AI agent
    		 Legacy and Unified Security Exposure Management (USEM)
    Retrieve vulnerability and exposure data Retrieve Vulnerability and exposure data with generative AI.

    Ask questions in natural language to help you quickly retrieve vulnerability and exposure data across legacy sources and Unified Security Exposure Management (USEM).

    		 Retrieve VR data agent Legacy and Unified Security Exposure Management (USEM)
    Analyze vulnerability remediation status Analyze vulnerability remediation status
    • Gain insights into your compliance metrics and statistics for how well you're meeting remediation target dates on vulnerable item (VIT) records.
    • View your monthly VIT record remediation totals and identify missed targets.
    • Break down remediation data on VITs by Severity, Assignment group, Configuration item, and Vulnerability for your monthly Service Level Agreement (SLA) compliance reviews.
    		 Remediation compliance analysis AI Agent Legacy and Unified Security Exposure Management (USEM)
    Important:
    By default, all agentic workflows and AI agent records are read-only.
    To modify an agentic workflow, you must first duplicate the agentic workflow, and then proceed with the following steps:
    • Activate the agentic workflow. The Now Assist for Vulnerability Response AI agents included with the application are activated by default.
    • If required, you can add a trigger to invoke the agentic workflow automatically.
    • See Configure an agentic workflow for more information.
    Looking for an AI agent?
    • There might be AI agents installed with the Now Assist application that are not used in agentic workflows. To learn how to see all agents that are available on your instance, see Find AI agents.
    • To find agents that might not be installed on your instance, visit the AI Agent Marketplace on the ServiceNow Store.