Using Now Assist for Security Incident Response generative AI skills

  • Release version: Yokohama
  • Updated January 14, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using Now Assist for Security Incident Response generative AI skills

    Now Assist for Security Incident Response leverages generative AI skills to help security analysts quickly close security incidents directly within their workflow. These AI-driven capabilities enable concise summarization, recommended actions, closure notes, correlation insights, post-incident analysis, and performance metrics generation to streamline incident management and improve remediation effectiveness.

    Show full answer Show less

    Key Features

    • Domain Separation and Data Security: Skills operate within domain boundaries, ensuring users access only their domain data with no cross-domain data mixing. AI-generated data remains on the instance, with no persistence of prompts or responses by shared AI services.
    • Role-Based Access Control: AI agents use role masking tied to specific roles included with Now Assist applications, requiring configuration of security controls and data access settings to manage user permissions effectively.
    • Generative AI Capabilities: Security analysts can:
      • Summarize incident details including underlying issues, observables, and actions taken.
      • Generate closure (resolution) notes automatically.
      • Produce recommended next steps and create remediation tasks (workspace only).
      • Generate post-incident analysis and performance metrics to assess remediation teams.
      • Obtain correlation insights to accelerate investigations.
      • Generate quality assessment reports on incidents.
    • Access Points: Most generative AI skills are accessible from security incident records and the Security Incident Response Workspace. Summaries and closure notes can also be requested from the Now Assist panel, but recommended actions and post-incident analysis are not available there.
    • Customization: Input fields for Now Assist skills can be tailored to meet specific environment requirements, enhancing relevance and accuracy.

    Practical Benefits for ServiceNow Customers

    • Accelerate incident resolution by summarizing and analyzing incidents efficiently within existing workflows.
    • Ensure data security and compliance in domain-separated environments while leveraging AI.
    • Empower security teams with actionable insights and automation, reducing manual effort.
    • Improve remediation quality through AI-driven performance metrics and quality assessments.
    • Maintain control over AI skill access and data visibility through role-based permissions.

    Security analysts can close security incidents quickly from within their flow of work with the generative AI skills supported by Now Assist for Security Incident Response.

    Skills reuse

    By default, all skills exist in the global domain. When you use Now Assist in a domain-separated environment, users are only able to access data in their domain. For example, if a user uses the summarization skill, Now Assist only uses material that exists in the user's domain when generating that summary. Additionally, there is no co-mingling of data for domain-separated instances when using generative AI skills. The data resides only on the instance, and the shared services used for generative AI do not persist any requests (prompts) and responses. For more information, see Domain separation in the Now Assist Admin console. (Note that global domain is not the same as global scope. For more information, see Exploring Next Experience pickers.)

    AI agents use role masking to determine which users can access them and what data they have access to. Ones installed with Now Assist applications have specific roles that come included with the application. If you select Users with specific roles for user access, you must configure the security controls to include these roles. Data access settings must also include these roles. For the instructions to change the security controls, see Define security controls for an AI agent.

    Important:
    Some Now Assist skills, agents, and agentic workflows are turned on by default. For more information, see Now Assist skills, agents, and agentic workflows on by default.

    With generative AI skills with Now Assist for Security Incident Response, your security analysts have the option to:

    • Summarize security incident details and review the context quickly in a concise, easy-to-read format.
    • Generate closure (resolution) notes.
    • Generate recommended actions for a security incident
    • Generate post incident analysis data
    • Generate performance metrics for your remediation teams.

      This skill is activated for use with an AI agent. See Analyze security operations metrics agentic workflow for more information.

    • Generate correlation insights to speed up incident investigation.
    • Generate a quality assessment report of a security incident

    Security managers and analysts can request security incident summaries and closure notes from the following locations:

    • Security incident records
    • Security Incident Response Workspace
    • The Now Assist panel.
      Note:
      The security incident recommended actions and post-incident analysis skills are not available from the Now Assist panel.
    Security managers and analysts can generate recommended next steps and post-incident analysis data from the following locations:
    • Security incident records
    • Security Incident Response Workspace

    Security managers and analysts can create remediation tasks from generated recommended actions only from security incidents in the Security Incident Response Workspace.

    1. Summarize a security incident with Now Assist for Security Incident Response

      Generate a summary for a security incident that includes the underlying issue, incident details, related lists data (observables), and key actions already taken.

    2. Generate recommended actions for a security incident with Now Assist for Security Incident Response
    3. Generate a post-incident analysis for a security incident with Now Assist for Security Incident Response
    4. Generate correlation insights in the Now Assist panel with Now Assist for Security Incident Response
    5. Generate a quality assessment report for a security incident
    6. Generate closure notes for a security incident with Now Assist for Security Incident Response

      Automatically generate the closure notes for a security incident.

    7. Request generative AI skills in the Now Assist panel for Now Assist for Security Incident Response

      Generate summaries and closure notes from the Now Assist panel.

      Note:
      The security incident recommended actions and post-incident analysis skills are not available from the Now Assist panel.
    8. Customize a Now Assist for Security Incident Response skill

      Customize the input fields of a skill to suit the requirements of your environment.