Approval recommendations using generative AI

  • Release version: Australia
  • Updated May 26, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Approval recommendations using generative AI

    The Approval Recommendation generative AI skill in ServiceNow helps approvers in Vulnerability Response make faster, more consistent decisions regarding exception and false positive requests. These requests involve findings (vulnerabilities) that may not require immediate remediation, such as false positives or cases where fixes are pending. Users submit exception requests to defer remediation or to mark findings as false positives. The AI skill assists by analyzing relevant data and providing approval or rejection recommendations, confidence scores, and supporting reasoning, thereby reducing manual analysis and speeding up multi-level approval processes.

    Show full answer Show less

    Key Features

    • Data-Driven Recommendations: The AI skill leverages historical approval data, questionnaire responses, prior approvers’ comments, and general request details (risk rating, remediation status, assignment group, justification notes, etc.) to generate informed recommendations.
    • Integrated Asset and Vulnerability Context: It accesses detailed asset information (hosts, containers, applications, configuration compliance) and vulnerability metrics (severity, CVSS scores, exploits, preferred solutions) from relevant ServiceNow tables.
    • Support for Multi-Level Approvals: Comments and decisions from earlier approval stages are incorporated to enhance recommendation accuracy for subsequent approvers.
    • Visibility within Approval Requests: Recommendations are directly visible on approval request records, facilitating seamless review and decision-making.
    • Optional Questionnaire Integration: When questionnaires are enabled, remediation owner responses are included in the analysis, improving contextual understanding.

    Practical Benefits for ServiceNow Customers

    • Streamlines exception and false positive approval workflows in Security Exposure Management Workspace.
    • Reduces manual effort and approval cycle time by automating decision support.
    • Improves decision consistency and accuracy by considering comprehensive historical and contextual data.
    • Enables approvers to confidently defer remediation or reject false positives based on AI-generated insights.

    Usage Guidance

    To leverage this capability, customers can invoke the generative AI skill within the approval process for exception requests. This integration provides approvers with automated recommendations, helping them handle requests more efficiently and with greater confidence.

    Learn more about the how the Approval Recommendation generative AI skill arrives at its approval recommendations and the sources it uses to generate them.

    Overview for the Approval Recommendation skill

    The Approval Recommendation generative AI skill provides exception and false positive approvers in Vulnerability Response with recommendations to help them make faster, more consistent decisions while reducing manual analysis effort.

    A finding (vulnerable item) is a vulnerability detected on an asset. Some findings don't require immediate remediation, for example, false positives or cases where a fix isn't yet available. From these types of findings and remediation tasks, users submit exception requests and ask for approval to defer remediation or indicate that a finding is a false positive. Users can request to defer the remediation of a finding or remediation task for a specified period.

    For example, an analyst might request a deferral for a finding that will be fixed with an upcoming patch that isn't currently available. A false positive might be a warning given by a scanner that is not actually an issue, for example, if a configuration item has been decommissioned but the scanner is still raising there is issue related to it.

    In some cases, the approval requests for these exceptions and false positives require multiple levels or review and approval and can be quite time consuming. The Approval Recommendation AI skill can help locate historical, asset, and vulnerability details for exception and false positive requests and provide approvers with the following information:
    • A recommendation to approve or reject the request.
    • A confidence score.
    • Supporting reasoning.

    Sources and input parameters used for the recommendations

    The Approval Recommendation generative AI skill considers information from following tables, data sources, and information to arrive at its approval recommendations.
    • See the following table for asset (configuration item) and vulnerability details.
    • Historical Approval data - Count totals for how many times similar request types for false positives and deferrals from a finding type (VIT, CVIT, AVIT, CTR) have been approved or rejected on records on the Change Approval [sn_sec_exception_change_approval] table.
    • Questionnaire responses (optional configuration) - If questionnaires are activated and available for exception requests, the questions and the remediation owner's answers are considered from records on the [sn_smart_asmt_question_instance] table. If questionnaires are not activated, this data is not considered.
    • Comments (justifications) from previous approvals - If multiple approval levels are configured, comments provided by approvers at earlier levels on records on the Change Approval [sn_sec_exception_change_approval] table are considered when generating a recommendation at the next level.
    • General request details - The following fields on records on the Change Approval [sn_sec_exception_change_approval] table are considered:
      • Risk rating
      • Until date (how long the exception is being requested for)
      • Remediation status (in-flight, no target)
      • Assignment group
      • Reason / justification notes (why a request is submitted)
      • Work notes
      • Request type
      • Compensating control (if available)

    Asset and Vulnerability details

    Table 1. Asset (configuration item) details
    Application Source table Description
    Vulnerability Response (Host) Configuration item (CI) [cmdb_ci] table records for Host assets Total number of assets, business criticality, environment, internet-facing, and external-facing status.
    Container Vulnerability Response (CVR) Discovered Item (Container) [sn_vul_container_image] table records for Container assets Total number of assets, business criticality, environment, internet-facing, and external-facing status status.
    Application Vulnerability Response (AVR) Discovered Item (Application) [sn_vul_app_release] records for Application Vulnerability Response Total number of applications, business criticality, active/inactive status.
    Configuration Compliance CC Test Results [sn_vulc_result] table for Configuration Compliance Total number of assets, business criticality, environment, internet-facing, and external-facing status status.
    Table 2. Vulnerability details
    Application Vulnerability details
    Vulnerability Response (Host VR) Total counts of vulnerabilities, normalized severity, CVSS scores, CISA exists, active exploit, preferred solution, EPSS percentile.
    Container Vulnerability Response (CVR) Total counts of container vulnerabilities, normalized severity, CVSS scores, CISA exists, active exploit, preferred solution, EPSS percentile.
    Application Vulnerability Response (AVR) Total counts of application vulnerabilities, normalized severity, CVSS scores, active exploit, preferred solution, EPSS percentile, and if threat exists.
    Configuration Compliance (CC) Test result data is used instead of vulnerability data. Total counts of tests, test source category, test subcategory, criticality, and technology.

    The Approval Recommendation generative AI skill provides its suggestions and is visible on approval request records (CA)s. For more information about how to invoke the agent and get the recommendations, see Generate approval recommendations with generative AI.