Vulnify: Giving Your Agents a CVE Brain

09-07-2026

I wrote up Vulnify, a tool that gives AI agents deterministic CVE knowledge by consolidating eight data sources (cvelistV5, NVD, CISA KEV, EPSS, OSV, Nuclei Templates, Exploit-DB, and Metasploit) into a single normalized SQLite database behind an MCP server. Instead of agents fumbling through web searches or live API calls for vulnerability data, they get structured answers: is this version affected, is there a public exploit, what does EPSS say about exploitation likelihood.

$ open --where=trustedsec.com
# full write-up: data sources, schema design, MCP tools, agent integration
 Vulnify: Giving Your Agents a CVE Brain