vulntel
Vulnerability intelligence your AI agent can trust. A hosted MCP server that gives an AI agent source-grounded vulnerability intelligence for authorized security research and bug-bounty triage. It fuses NVD, CISA KEV, FIRST EPSS, OSV/GHSA and CISA Vulnrichment (SSVC) into ranked, exploitation-first answers, and fact-checks the CVEs an agent might hallucinate. Refreshed daily.
Get a free key →What it does
- Source-grounded. Every answer traces to NVD, CISA KEV, FIRST EPSS or OSV/GHSA, with provenance you can cite.
- Exploitation-first ranking. KEV, EPSS and live public-PoC signal collapse into one P1 to P4 priority, not raw CVSS.
- Search by mechanism, across products. Semantic search finds the mechanism-siblings a keyword tool structurally misses.
- Fact-checks the agent. Verify a CVE claim (exists? right version? right severity? actually exploited?) and get per-assertion verdicts with evidence.
- Transfers attack mechanics. ~14,000 disclosed bug-bounty reports distilled into product-agnostic techniques an agent can borrow.
- Honest about gaps. A product it cannot resolve returns
resolved: false, never a silent zero that reads as "not affected."
Twelve tools in all. See what each tool returns, with live examples, or the full TOOLS.md reference. To hunt with it, the MIT-licensed bug-bounty skill + playbook drive the server on a real engagement.
Connect
It is a Streamable-HTTP MCP server with bearer auth. For a generic MCP client:
{
"mcpServers": {
"vuln-intel": {
"url": "https://mcp.rozetyp.com/mcp",
"headers": { "Authorization": "Bearer YOUR_KEY" }
}
}
}
It is free. Get a key → Enter your email and your personal key is sent over.
Field notes
- Vulnerability intelligence for AI agents: the complete guideThe complete, data-backed guide to giving an AI security agent real vulnerability intelligence: why a CVE lookup is not enough, how to prioritize by exploitation (EPSS, KEV, SSVC over CVSS) with real numbers from 368,000 CVEs, why agents hallucinate CVEs and how to catch it, transferring attack mechanics across products, the honest ceiling on autonomous agents, and the tool workflow that ties it together.2026-07-15
- The bug-hunting skill: teaching an AI agent to think like an attacker, not an engineerWhy we distilled a bug-bounty skill from real engagement logs instead of reaching for a bigger model: the generative half that sees the non-obvious bug, the disciplinary half that keeps a clever idea from becoming a fabricated report, and why both are required.2026-07-15
- From twelve tools to a hunt: the playbook for driving a vulnerability-intelligence MCPHow we came up with the MCP playbook: the per-tool value map that separates the differentiated tools from the commodity lookups, the operating loop in order, and the disciplines you only learn by losing time (browser UA, read-the-fix-to-falsify, transfer-and-execute, verify-before-claim).2026-07-15
- You can't turn a pull-based MCP into a push model (it's a memory problem, not a prompt one)Why an MCP server can't make an agent follow a multi-step loop by nudging it from tool responses, why 'prompt injection for good' both breaks trust and backfires, and why the push you actually want turns out to be persistent state, not clever phrasing.2026-07-14
- How to catch AI-hallucinated CVEs before they reach a reportAI agents invent CVE IDs that do not exist, assign the wrong severity, and attribute a bug to the wrong product. Here is how to fact-check every CVE claim against a ground-truth corpus (NVD + OSV + GHSA + CISA KEV) in one call, with real refuted examples.2026-07-14
- The bottleneck for AI security agents isn't reasoning (it's memory and discipline)Field notes from pointing AI agents at real bug-bounty targets: the ceiling is an environment boundary, not model quality; the highest-value memory is your failures, which no CVE database contains; and why a confident claim is a hypothesis to falsify, not a result.2026-07-14
- Do software vulnerabilities transfer between products? Measuring mechanism reuse across 14,000 disclosed bugsA data analysis of ~10,000 disclosed HackerOne reports distilled into product-agnostic 'mechanism cards' and embedded: the median vulnerability mechanic has already been independently filed against 4 different products, a third against 11+, and 27% of decade-old mechanics still recruit a brand-new product every 18 months. Vulnerability mechanisms are reused - and keep spreading - far more than the product-centric (one-CVE-per-product) view suggests. With method, numbers, and limitations.2026-06-29
- What actually predicts vulnerability exploitation? Lessons from 330,000 CVEsA data analysis of 330k CVEs with CISA KEV as ground truth: EPSS vs CVSS, the exploit-PoC reference as a near-perfect filter, exploitation magnets by CWE and ecosystem, and how time-to-exploit collapsed to days.2026-06-05
- Can a CVE corpus make an LLM a better bug hunter? Eight experimentsWe tested whether a 330k-CVE corpus turns an LLM into a better vulnerability researcher, mechanism pattern-cards, invariant reconstruction, cheap-model uplift, change-history prediction, and vulnerable-vs-patched discrimination. Honest results, including the failures.2026-06-05
- Vulnerability prioritization that works: SSVC, EPSS, and KEV over CVSSWhy patching by CVSS fails, what a defensible P1–P4 priority model looks like, and how CISA's SSVC reconstructs the KEV exploited-list at 99.9%, with worked examples (BlackLotus, the xz backdoor, Log4Shell).2026-06-05