Threat Dashboard•CVE Database•Security News•Security Lab

AI-Powered Threat Hunting

Autonomous multi-agent system that correlates CVEs, security news, threat intelligence, and SEC filings to discover emerging threat campaigns using LangGraph and GPT-4.

LangChainLangGraphGPT-4oMulti-AgentAutonomousBrave Search API

Autonomous Threat Hunter

AI-powered multi-agent system for threat correlation and campaign discovery

LangGraph Powered

System Architecture & Workflow

This autonomous threat hunting system uses LangGraph, a state machine framework for building multi-agent AI systems. Four specialized agents work sequentially, each building on the previous agent's findings to discover and correlate emerging threat campaigns.

Trigger → CVE Scout v2 → News Analyst → Correlation Engine → Campaign Builder → Report

Agent Workflow

1. CVE Scout v2 (Iterative Research)

Iterative deep research mode that performs up to 7 research iterations, branching into new searches when discovering relevant information.

Web Search Integration: Uses Brave Search API to fetch up to 50 real-time results per query

Research Branching: When finding high-relevance CVEs, creates deep-dive queries for exploit PoCs and mitigation strategies

Source Citations: All findings include source URLs and citations for verification

Thinking Process: Exposes real-time research progress showing each iteration and decision

Output: CVE matches with relevance scores, descriptions, CVSS, and source links

2. News Analyst Agent

Analyzes security news articles, extracts IOCs, identifies threat actors, and supplements database results with real-time web searches.

Contextual Queries: Generates 3-5 targeted searches based on CVE Scout findings

IOC Extraction: Uses regex patterns to identify IPs, domains, hashes, URLs, and emails

Threat Actor ID: GPT-4o analyzes articles to extract threat actor mentions and TTPs

Hybrid Search: Queries local database first, supplements with web search if results insufficient

Output: News articles with relevance scores, extracted IOCs, and threat actor attribution

3. Correlation Engine

Multi-dimensional analysis that discovers hidden connections between CVEs, news articles, threat intel, and SEC breach notifications.

Temporal Correlation: Identifies events within 14-day windows that may be related

IOC Overlap: Finds shared indicators (IPs, domains, hashes) across multiple sources

Vendor Correlation: Links CVEs and incidents affecting the same vendors/products

Confidence Scoring: Each correlation assigned 0-100 confidence score with reasoning

Output: Correlation graph with confidence scores and evidence justification

4. Campaign Builder

Synthesizes all correlated findings into a comprehensive threat campaign report with executive summary, timeline, and mitigation recommendations.

MITRE ATT&CK Mapping: Maps observed TTPs to tactics and techniques

Timeline Construction: Orders all events chronologically with source attribution

Severity Assessment: Determines campaign severity (critical/high/medium/low)

Mitigation Advice: GPT-4o generates actionable security recommendations

Output: Complete threat campaign report ready for SOC/IR teams

Data Sources

CVE Database

Local PostgreSQL cache of NVD CVEs with CVSS scores, affected products, and exploit status

Security News Feeds

Aggregated feeds from The Hacker News, Bleeping Computer, Dark Reading, and more

Threat Intelligence

CISA KEV, ransomware trackers, data breach notifications, and MITRE ATT&CK data

Brave Search API

Real-time web searches for latest vulnerabilities, PoCs, and security incidents (up to 50 results)

SEC 8-K Filings

Public company cybersecurity incident disclosures mandated by SEC rules

GPT-4o Analysis

AI-powered relevance scoring, correlation reasoning, and threat campaign synthesis

Example Queries to Try:

•Recent Microsoft Exchange vulnerabilities - Discover CVEs, news coverage, and potential campaigns
•Ransomware targeting healthcare - Find ransomware activity, victim disclosures, and IOCs
•Zero-day exploits in the wild - Identify actively exploited vulnerabilities and related incidents
•Supply chain attacks - Correlate vendor compromises, downstream impacts, and SEC filings