Retrieve Vulnerability and exposure data with generative AI

  • Release version: Zurich
  • Updated May 26, 2026
  • 3 minutes to read

    • Chat with an AI agent to get help with your questions about Vulnerability Response host and Application Vulnerability Response findings (vulnerable items and application vulnerable items).

    Before you begin

    To view and use the generative AI skills agentic workflows in the Unified Security Exposure Management you must upgrade to Unified Security Exposure Management. See Unified Security Exposure Management release notes for more information.

    The Now Assist panel must be activated. For more information, see Activate the Now Assist panel standard chat.

    Roles required:
    • sn_vul.remediation_owner (host vulnerable items (VITs))
    • sn_vul.vulnerability_analyst (host vulnerable items (VITs))
    • sn_vul.app_sec_manager (application vulnerable items (AVITs))

    Procedure

    1. Log into your ServiceNow AI Platform instance.
      The vulnerability records that you can see depend on the roles you have been assigned. Host Vulnerability Response and Application Vulnerability Response findings (VITs, AVITs) are supported.
      Note:
      You aren't required to have all of these roles assigned to chat with the AI agent. At a minimum, you must have either sn_vul.remediation_owner or sn_vul.vulnerability_analyst to view VITs. At a minimum, you must have sn_vul.app_sec_manager assigned to view AVITs.
    2. Alternatively, navigate to Workspaces in your ServiceNow AI Platform instance and choose one.
      Option ServiceNow AI Platform Role Description
      IT Remediation Workspace sn_vul.remediation_owner for VITs. The IT Remediation owner (legacy) workspace is supported by versions of Vulnerability Response earlier than version 30.0.
      Vulnerability Manager Workspace sn_vul.vulnerability_analyst for VITs or sn_vul.app_sec_manager for AVITs. The Vulnerability Manager (legacy) workspace is supported by versions of Vulnerability Response earlier than version 30.0.
      Security Exposure Management Workspace
      • sn_vul.remediation_owner (host vulnerable items (VITs))
      • sn_vul.vulnerability_analyst (host vulnerable items (VITs))
      • sn_vul.app_sec_manager (application vulnerable items (AVITs))
      		 The Security Exposure Management Workspace is supported by Unified Security Exposure Management (USEM). You must have version 30.0 or later of Vulnerability Response installed to view this workspace. See Implementing Unified Security Exposure Management for more information.
    3. In the Now Assist panel, enter your queries in natural language to start a conversation with the AI agent.
      Note:
      • This AI agent is designed to help you answer query-related questions about data for Vulnerability Response and Application Vulnerability Response findings.
      • Prompts that involve any sort of data analysis of the vulnerability data that might match your questions are not supported by this AI agent.
      • The AI agent searches for the vulnerability data that matches your question, retrieves it, and creates responses for you based on the data available.
      • You might prefer to provide as much detail as you can for your questions to help the AI agent.

        For example, as a remediation owner, if you ask the agent a general question such as, Retrieve all the vulnerable items with scores 5 or greater, the AI agent's response might be, No vulnerable items with scores 5 or greater were found. You may want to rephrase your question or adjust your criteria.

        On findings records, there are multiple fields that might be populated by numeric values such as Risk rating, Risk score, Common Vulnerability Scoring System (CVSS), and Exploit Prediction Scoring System (EPSS). Given the request for this example, the AI agent won't know which field you want unless you specify the field or provide more details. You can help the AI agent by being specific and rephrasing your question to something like, Show me all the open VITs with Risk rating 1 - Critical.

      • As long as you do not close the conversation, the AI agent uses the context of the conversation for its next response. Select the plus icon (Icon that indicates you can start a new chat) to start a new chat.
      • Be sure to check the answers for accuracy.
    4. Enter follow up questions as needed.

      See Sample queries for the Retrieve Vulnerability Response data agentic workflow for a list of sample questions to help you get started.