Generating approval recommendations

  • Release version: Yokohama
  • Updated May 11, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Generating approval recommendations

    The Approval Recommendation generative AI skill in ServiceNow's Vulnerability Response helps approvers of exception and false positive requests make faster, consistent decisions while reducing manual effort. It focuses on findings—vulnerabilities detected on assets—that may not require immediate remediation, such as false positives or cases where fixes are pending. Users submit exception requests to defer remediation or mark findings as false positives. These requests often require multiple approval levels and can be time-consuming.

    Show full answer Show less

    This AI skill assists by analyzing historical approvals, asset and vulnerability details, and questionnaire responses to provide approvers with:

    • A recommendation to approve or reject the request
    • A confidence score
    • Supporting reasoning

    Data Sources and Inputs Used

    The AI skill evaluates a variety of data from the following sources to generate recommendations:

    • Historical Approval Data: Counts of previous approvals or rejections of similar false positive and deferral requests from the Change Approval table.
    • Questionnaire Responses: Optional input from remediation owners’ answers if questionnaires are enabled.
    • Prior Approval Comments: Justifications from earlier approval levels to inform subsequent decisions.
    • General Request Details: Risk ratings, deferral durations, remediation status, assignment group, request reasons, work notes, request type, and compensating controls from approval records.
    • Asset and Vulnerability Details: Information about hosts, containers, applications, and configuration compliance assets, including number of assets, business criticality, environment, internet-facing status, vulnerability counts, severity, CVSS scores, active exploits, and preferred remediation solutions.

    Practical Benefits for ServiceNow Customers

    By leveraging this AI skill, customers gain:

    • Accelerated approval processes for exception and false positive requests
    • Greater consistency and confidence in approval decisions based on historical and contextual data
    • Reduced manual analysis effort for approvers
    • Visibility of AI-generated recommendations directly on approval request records for easy access and action

    This capability enables your security and vulnerability teams to manage exceptions efficiently without compromising risk assessment quality.

    Learn more about the how the Approval Recommendation generative AI skill arrives at its approval recommendations and the sources it uses to generate them.

    Overview for the Approval Recommendation skill

    The Approval Recommendation generative AI skill provides exception and false positive approvers in Vulnerability Response with recommendations to help them make faster, more consistent decisions while reducing manual analysis effort.

    A finding (vulnerable item) is a vulnerability detected on an asset. Some findings don't require immediate remediation, for example, false positives or cases where a fix isn't yet available. From these types of findings and remediation tasks, users submit exception requests and ask for approval to defer remediation or indicate that a finding is a false positive. Users can request to defer the remediation of a finding or remediation task for a specified period.

    For example, an analyst might request a deferral for a finding that will be fixed with an upcoming patch that isn't currently available. A false positive might be a warning given by a scanner that is not actually an issue, for example, if a configuration item has been decommissioned but the scanner is still raising there is issue related to it.

    In some cases, the approval requests for these exceptions and false positives require multiple levels or review and approval and can be quite time consuming. The Approval Recommendation AI skill can help locate historical, asset, and vulnerability details for exception and false positive requests and provide approvers with the following information:
    • A recommendation to approve or reject the request.
    • A confidence score.
    • Supporting reasoning.

    Sources and input parameters used for the recommendations

    The Approval Recommendation generative AI skill considers information from following tables, data sources, and information to arrive at its approval recommendations.
    • See the following table for asset (configuration item) and vulnerability details.
    • Historical Approval data - Count totals for how many times similar request types for false positives and deferrals from a finding type (VIT, CVIT, AVIT, CTR) have been approved or rejected on records on the Change Approval [sn_sec_exception_change_approval] table.
    • Questionnaire responses (optional configuration) - If questionnaires are activated and available for exception requests, the questions and the remediation owner's answers are considered from records on the [sn_smart_asmt_question_instance] table. If questionnaires are not activated, this data is not considered.
    • Comments (justifications) from previous approvals - If multiple approval levels are configured, comments provided by approvers at earlier levels on records on the Change Approval [sn_sec_exception_change_approval] table are considered when generating a recommendation at the next level.
    • General request details - The following fields on records on the Change Approval [sn_sec_exception_change_approval] table are considered:
      • Risk rating
      • Until date (how long the exception is being requested for)
      • Remediation status (in-flight, no target)
      • Assignment group
      • Reason / justification notes (why a request is submitted)
      • Work notes
      • Request type
      • Compensating control (if available)

    Asset and Vulnerability details

    Table 1. Asset (configuration item) details
    Application Source table Description
    Vulnerability Response (Host) Configuration item (CI) [cmdb_ci] table records for Host assets Total number of assets, business criticality, environment, internet-facing, and external-facing status.
    Container Vulnerability Response (CVR) Discovered Item (Container) [sn_vul_container_image] table records for Container assets Total number of assets, business criticality, environment, internet-facing, and external-facing status status.
    Application Vulnerability Response (AVR) Discovered Item (Application) [sn_vul_app_release] records for Application Vulnerability Response Total number of applications, business criticality, active/inactive status.
    Configuration Compliance CC Test Results [sn_vulc_result] table for Configuration Compliance Total number of assets, business criticality, environment, internet-facing, and external-facing status status.
    Table 2. Vulnerability details
    Application Vulnerability details
    Vulnerability Response (Host VR) Total counts of vulnerabilities, normalized severity, CVSS scores, CISA exists, active exploit, preferred solution, EPSS percentile.
    Container Vulnerability Response (CVR) Total counts of container vulnerabilities, normalized severity, CVSS scores, CISA exists, active exploit, preferred solution, EPSS percentile.
    Application Vulnerability Response (AVR) Total counts of application vulnerabilities, normalized severity, CVSS scores, active exploit, preferred solution, EPSS percentile, and if threat exists.
    Configuration Compliance (CC) Test result data is used instead of vulnerability data. Total counts of tests, test source category, test subcategory, criticality, and technology.

    The Approval Recommendation generative AI skill provides its suggestions and is visible on approval request records (CA)s. For more information about how to invoke the agent and get the recommendations, see Approval Recommendation.