OMB Individually Reported

AI Vulnerability Ticket Deduplication

Low riskExact public inventory row

Description

Multiple security scanners (Tenable, Qualys, Rapid7) report the same vulnerability on the same host, generating duplicate tickets that create 'ticket bloat' and waste remediation team effort on redundant work.

Detailed example

Deduplicated vulnerability tickets with merged findings from multiple scanners per unique vulnerability-host combination, reducing duplicate tickets and consolidating remediation workflows.

AI / analytics pattern

Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.

Automation level / stage

a) Pre-deployment – The use case is in a development or acquisition status.

Expected benefit

Reduced vulnerability ticket volume, faster remediation prioritization, and elimination of redundant vulnerability response effort across multiple scanning tools.

Audit / financial statement impact

Not high impact: This AI system does not meet the criteria of any of the six pillars that make up High Impact AI in Memorandum M-25-21.

Controls / human review

ATO: Yes; PIA: Not publicly available

Data needed

Vulnerability scan data from Tenable, Qualys, and Rapid7 scanners integrated into ServiceNow. Commercial vendor-managed AI models for entity matching and deduplication.