Overview
AI-Powered CVE Intel Agent is a threat intelligence brief generator. Input a CVE ID (e.g. CVE-2024-21413) or a free-text security topic (e.g. oauth token theft), and it produces a structured, SOC-ready analyst brief grounded in real data from the NIST National Vulnerability Database, not just LLM general knowledge.
The brief covers severity, affected products, technical details, detection guidance, and references. A deliberate prompt design suppresses hallucination and enforces consistent structure across every run.
Why I Built This
This project is primarily a learning exercise in agentic AI: understanding how to design and orchestrate an agent that combines real-time data retrieval with LLM reasoning, how multi-agent workflows are structured, and where agentic patterns are actually useful. The CVE domain was a practical choice because it has well-defined inputs, structured public data, and clear output quality signals, making it easy to evaluate whether the agent is working as intended.
Live Demo
How It Works
User input hits a regex parser: if it matches CVE-YYYY-NNNN it goes straight to an NVD lookup; free text goes through a keyword search. The NVD wrapper returns clean structured JSON (CVSS scores, CWEs, vendor/product/version, tagged references). That data is handed to a research agent, which formats the prompt and calls the LLM. The result is a Markdown threat brief rendered in the Streamlit UI.
You can pick the model (Gemini 2.5 Flash, Gemini 2.5 Flash-Lite, or Llama 3.3 70B via Groq) and every run is saved to disk with metadata so outputs are diffable across models.
Full source, setup instructions, and design decisions: github.com/VikasGothwal/cve-intel-agent