# Remediation Urgency ## Remediation Urgency *Of the AI-confirmed vulnerabilities, which ones must be fixed now, which can wait for the next sprint, and which can be deferred?* **Remediation Urgency** is a SAST prioritization stage that assigns a business-driven urgency level to vulnerabilities classified as **Potential True Positive** by [AI Triage](/xygeni-administration/platform-administration/projects-management/ai-triage.md). The urgency is derived from the AI's semantic understanding of the code — endpoint exposure, authentication requirements, compensating controls, reachability of the vulnerable path, and business impact — not from a direct mapping of the scanner's severity. ### Values for Remediation Urgency * **Immediate**: Requires attention right now — the vulnerability is actively exploitable, publicly reachable, or represents a critical business risk. * **Next Sprint**: Must be addressed in the current cycle. Real risk that cannot wait for the next planning round. * **Planned**: Should be included in the next planning cycle. A genuine vulnerability without immediate exploitability. * **Backlog**: Real but low urgency. Address when capacity allows. ### Default behavior in the SAST funnel In the default SAST prioritization funnel, the **Remediation Urgency** stage shows: * Immediate * Next Sprint **Planned** and **Backlog** are hidden by default so the active backlog stays focused on what needs to be fixed soon. They remain available if you want to widen the funnel. {% hint style="info" %} **Remediation Urgency** is part of the default **SAST** funnel and is also available as a stage / filter on the **SCA** and **DAST** funnels (where AI Triage produces an urgency value for each finding). {% endhint %} {% hint style="info" %} Do not confuse **Remediation Urgency** with the scanner's **severity**. Severity describes the technical impact of a vulnerability class; Remediation Urgency reflects how that vulnerability behaves in your specific code and deployment context, as assessed by AI Triage. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.xygeni.io/introduction-to-xygeni/prioritization-funnels/prioritization-funnels-1/remediation-urgency.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.