<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"><channel><title>Field notes from 330,000 CVEs</title><link>https://vulntel.com/</link><description>Vulnerability intelligence your AI agent can trust</description><lastBuildDate>Tue, 14 Jul 2026 21:42:06 GMT</lastBuildDate><item><title>Vulnerability intelligence for AI agents: the complete guide</title><link>https://vulntel.com/ai-agent-vulnerability-intelligence</link><guid>https://vulntel.com/ai-agent-vulnerability-intelligence</guid><description>The complete, data-backed guide to giving an AI security agent real vulnerability intelligence: why a CVE lookup is not enough, how to prioritize by exploitation (EPSS, KEV, SSVC over CVSS) with real numbers from 368,000 CVEs, why agents hallucinate CVEs and how to catch it, transferring attack mechanics across products, the honest ceiling on autonomous agents, and the tool workflow that ties it together.</description><pubDate>2026-07-15</pubDate></item><item><title>The bug-hunting skill: teaching an AI agent to think like an attacker, not an engineer</title><link>https://vulntel.com/ai-agent-bug-hunting-skill</link><guid>https://vulntel.com/ai-agent-bug-hunting-skill</guid><description>Why we distilled a bug-bounty skill from real engagement logs instead of reaching for a bigger model: the generative half that sees the non-obvious bug, the disciplinary half that keeps a clever idea from becoming a fabricated report, and why both are required.</description><pubDate>2026-07-15</pubDate></item><item><title>From twelve tools to a hunt: the playbook for driving a vulnerability-intelligence MCP</title><link>https://vulntel.com/bug-bounty-mcp-playbook</link><guid>https://vulntel.com/bug-bounty-mcp-playbook</guid><description>How we came up with the MCP playbook: the per-tool value map that separates the differentiated tools from the commodity lookups, the operating loop in order, and the disciplines you only learn by losing time (browser UA, read-the-fix-to-falsify, transfer-and-execute, verify-before-claim).</description><pubDate>2026-07-15</pubDate></item><item><title>The vulntel MCP tools: what each one returns, with live examples</title><link>https://vulntel.com/tools</link><guid>https://vulntel.com/tools</guid><description>A concrete reference for the twelve vulntel MCP tools, each with a real example of what it returns: recon (observe, hunt_plan, check_technology, program_outcome_prior), mechanism transfer (find_attack_approaches with tried=, find_continuations, search_vulns), and CVE enrichment and fact-checking. Free key for authorized security research.</description><pubDate>2026-07-15</pubDate></item><item><title>You can&#x27;t turn a pull-based MCP into a push model (it&#x27;s a memory problem, not a prompt one)</title><link>https://vulntel.com/pull-vs-push-mcp</link><guid>https://vulntel.com/pull-vs-push-mcp</guid><description>Why an MCP server can&#x27;t make an agent follow a multi-step loop by nudging it from tool responses, why &#x27;prompt injection for good&#x27; both breaks trust and backfires, and why the push you actually want turns out to be persistent state, not clever phrasing.</description><pubDate>2026-07-14</pubDate></item><item><title>How to catch AI-hallucinated CVEs before they reach a report</title><link>https://vulntel.com/catch-hallucinated-cves</link><guid>https://vulntel.com/catch-hallucinated-cves</guid><description>AI agents invent CVE IDs that do not exist, assign the wrong severity, and attribute a bug to the wrong product. Here is how to fact-check every CVE claim against a ground-truth corpus (NVD + OSV + GHSA + CISA KEV) in one call, with real refuted examples.</description><pubDate>2026-07-14</pubDate></item><item><title>The bottleneck for AI security agents isn&#x27;t reasoning (it&#x27;s memory and discipline)</title><link>https://vulntel.com/ai-security-agent-bottleneck</link><guid>https://vulntel.com/ai-security-agent-bottleneck</guid><description>Field notes from pointing AI agents at real bug-bounty targets: the ceiling is an environment boundary, not model quality; the highest-value memory is your failures, which no CVE database contains; and why a confident claim is a hypothesis to falsify, not a result.</description><pubDate>2026-07-14</pubDate></item><item><title>Do software vulnerabilities transfer between products? Measuring mechanism reuse across 14,000 disclosed bugs</title><link>https://vulntel.com/vulnerability-mechanism-transfer</link><guid>https://vulntel.com/vulnerability-mechanism-transfer</guid><description>A data analysis of ~10,000 disclosed HackerOne reports distilled into product-agnostic &#x27;mechanism cards&#x27; and embedded: the median vulnerability mechanic has already been independently filed against 4 different products, a third against 11+, and 27% of decade-old mechanics still recruit a brand-new product every 18 months. Vulnerability mechanisms are reused - and keep spreading - far more than the product-centric (one-CVE-per-product) view suggests. With method, numbers, and limitations.</description><pubDate>2026-06-29</pubDate></item><item><title>What actually predicts vulnerability exploitation? Lessons from 330,000 CVEs</title><link>https://vulntel.com/predicting-exploitation</link><guid>https://vulntel.com/predicting-exploitation</guid><description>A data analysis of 330k CVEs with CISA KEV as ground truth: EPSS vs CVSS, the exploit-PoC reference as a near-perfect filter, exploitation magnets by CWE and ecosystem, and how time-to-exploit collapsed to days.</description><pubDate>2026-06-05</pubDate></item><item><title>Can a CVE corpus make an LLM a better bug hunter? Eight experiments</title><link>https://vulntel.com/llm-bug-hunting-experiments</link><guid>https://vulntel.com/llm-bug-hunting-experiments</guid><description>We tested whether a 330k-CVE corpus turns an LLM into a better vulnerability researcher, mechanism pattern-cards, invariant reconstruction, cheap-model uplift, change-history prediction, and vulnerable-vs-patched discrimination. Honest results, including the failures.</description><pubDate>2026-06-05</pubDate></item><item><title>Vulnerability prioritization that works: SSVC, EPSS, and KEV over CVSS</title><link>https://vulntel.com/vulnerability-prioritization</link><guid>https://vulntel.com/vulnerability-prioritization</guid><description>Why patching by CVSS fails, what a defensible P1–P4 priority model looks like, and how CISA&#x27;s SSVC reconstructs the KEV exploited-list at 99.9%, with worked examples (BlackLotus, the xz backdoor, Log4Shell).</description><pubDate>2026-06-05</pubDate></item></channel></rss>
