Configuring Now Assist for Vulnerability Response

  • Release version: Yokohama
  • Updated January 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Now Assist for Vulnerability Response

    The Now Assist for Vulnerability Response application integrates with the Now Assist panel to provide on-demand AI-driven assistance for vulnerability management. Starting with version 1.0.4, configuration is managed via the Now Assist Admin console, which streamlines installation and setup of generative AI skills specific to vulnerability response.

    Show full answer Show less

    Key Features

    • Role Masking: Limits AI agents’ roles and privileges during execution, ensuring controlled access aligned with your security policies. When enabling user access by roles, corresponding security controls and data access settings must include those roles.
    • Data Sharing: Optionally share data with the ServiceNow AI development program to enhance prediction accuracy, improve user experience, and tailor AI skills. Customers can opt out via the Now Assist Admin console on each instance.
    • Automatic Skill Activation: Certain Now Assist skills for Vulnerability Response (such as SPC Setup Connector Approval Recommendation, SEM Insights, and Vulnerable Item Deduplication) are activated by default starting with Yokohama Patch 11. Upgrading the plugins activates default skills unless previously manually deactivated or role configurations were modified.
    • Agentic Workflows: Agentic workflows and AI agent records are read-only by default to protect system integrity. Modification requires specific steps, ensuring controlled customization.

    Configuration Tasks

    • Install Now Assist plugins and the Now Assist for Vulnerability Response application (snvulai).
    • Activate the Now Assist panel standard chat interface to enable AI interaction.
    • Use the Now Assist Admin console for installation, configuration, and AI skill management starting in version 1.0.4.
    • Manage skill activation and role assignments carefully to maintain security and operational control.

    Practical Implications for Customers

    This configuration enables ServiceNow customers to leverage AI capabilities to enhance vulnerability response workflows efficiently while maintaining strict role-based access and data privacy controls. Using the Now Assist Admin console simplifies management and ensures alignment with security policies. Customers retain full control over skill activation and can customize agentic workflows as needed.

    The Now Assist for Vulnerability Response application is supported in the Now Assist panel and available on-demand.

    Configuration overview

    Role masking enables users to limit the roles and privileges of AI agents during tool execution. AI agents that get installed with Now Assist applications are assigned pre-defined roles. If you select Users with specific roles for user access, you must configure the security controls to include these roles. Data access settings must also include these roles. For the instructions to change the security controls, see Define security controls for an AI agent.

    By sharing data with the ServiceNow® AI development program, you provide relevant data to help improve prediction accuracy, user experience, tailor products to your business needs, and reduce hallucinations for your activated Now Assist skills.

    You can choose to opt out of a ServiceNow instance from data sharing from the Now Assist Admin console if you don't want to participate. For more information, see Opt out of data sharing for Now Assist. Repeat the opt-out process for all instances that use the Now Assist functionality.

    Prior to v1.0.4, use the AI Agent Studio to configure Now Assist for Vulnerability Response.

    Starting with v1.0.4, use the Now Assist Admin console to configure Now Assist for Vulnerability Response. This console contains everything that you must install the applications and configure the generative AI skills. For additional information, see Configuring Now Assist settings and features.

    Configuration tasks and important notes

    • Install Now Assist plugins.
      Install the Now Assist for Vulnerability Response application (sn_vul_ai).
      Note:

      When you update the Now Assist for Vulnerability Response application, its dependency applications are automatically updated.

    • The Now Assist panel must be activated. For more information, see Activate Now Assist panel standard chat.
    • The Now Assist skills listed on the Security Operations page for Now Assist for Vulnerability Response are activated by default starting with Yokohama Patch 11:
      • SPC Setup Connector
      • Approval Recommendation
      • SEM Insights
      • Recommend preferred solution for VIT
      • Vulnerable item deduplication
      Note:

      Upgrading the Now Assist plugins will activate any designated skills that were previously untouched by the customer.

      • If you have the plugins installed but never touched the configuration (never activated the skill nor adjusted associated roles) of a skill, any Default On skill will be activated on a per skill basis upon upgrading.
      • If you have previously toggled a skill from active and then back to inactive or have updated any roles for that skill, that skill will remain inactive upon upgrading.
      • You maintain full control over deactivating individual skills at any time after activation.
    • Important:
      By default, all agentic workflows and AI agent records are read-only.

    See duplicating an agentic workflow and Configure an agentic workflow for Now Assist for Vulnerability Response for more information about modifying agentic workflows.

    See Configure a skill for Now Assist for Vulnerability Response for more information about modifying Now Assist skills.