Security triage that
cites its sources.
sec-recon-agent is an LLM agent that answers vulnerability questions by calling a fixed surface of typed tools (NVD, CISA KEV, FIRST EPSS, Exploit-DB, MITRE ATT&CK, SBOM and Nmap parsers), exposed by a custom MCP server (Model Context Protocol: the open standard that gives LLM tools a typed, auditable contract), and returns a strictly-typed TriageReport. No hallucinated CVSS scores, no invented patches, no free-text bypass.
- 10
- typed tool contracts
- 4-level
- deterministic SSVC verdict
- MITRE
- ATLAS red-team battery
- SHA-256
- tamper-evident audit
:3000Next.js 15 App Router · React 19
POST /api/triage · same-origin/api/triageforwards the SSE stream byte-for-byte
SSE · text/event-stream:8000FastAPI · Pydantic AI · audit hook
MCPToolset · HTTP+SSE:8001FastMCP · 10 typed tools
NVD CVE 2.0
cve_lookup · patch_lookup
ChromaDB · MiniLM-L6
cve_semantic_search
Exploit-DB
exploit_check
GitHub Code Search
exploit_check
CISA KEV
kev_check
FIRST EPSS
epss_score
OSV.dev
osv_lookup
defusedxml · Nmap
nmap_parse_xml
CycloneDX / SPDX
sbom_ingest
MITRE ATT&CK JSON
attack_mapping
Cross-process W3C traceparent · browser talks only to the same-origin proxy · SHA-256 hash-chained, tamper-evident audit.
Why it matters
Ten browser tabs and an educated guess, or one grounded verdict in about two minutes.
Deciding whether a CVE (a publicly catalogued vulnerability) deserves an all-hands response or a slot in next sprint is judgment work, and today it is done by hand: NVD for the CVSS severity score, CISA KEV to see whether it is already being exploited in the wild, FIRST EPSS for the probability it will be soon, Exploit-DB and GitHub for public proof-of-concept exploits, then reconcile it all into one call. Per CVE. Reach for a general-purpose LLM to go faster and it will confidently hand you a CVSS score that does not exist. This agent runs that entire fusion across live authoritative feeds and returns a deterministic SSVC verdict (Stakeholder-Specific Vulnerability Categorization, the CISA-backed prioritization framework): the decision is computed in code from the collected signals, never guessed by the model.
The manual way
- Five-plus sources opened per CVE: NVD, CISA KEV, EPSS, Exploit-DB, ATT&CK
- CVSS measures capability, not urgency, and gets reconciled by hand
- General-purpose LLMs invent scores, patches, and exploit claims
- No record of how the call was made when someone asks three months later
With sec-recon-agent
- One query returns one grounded, schema-bound TriageReport
- Deterministic SSVC verdict: Act / Attend / Track* / Track
- Every number sourced from a typed tool call, or flagged as missing
- Hash-chained, tamper-evident audit of the whole reasoning chain
It is not another scanner. Trivy and Grype tell you which packages are vulnerable; sec-recon-agent is the reasoning layer that comes next, deciding which of those actually demand your morning and proving why in a reproducible scorecard.
Who it's for
Vulnerability & AppSec engineers
Turn a CVE backlog into a defensible, prioritized queue. Feed a CVE, a package + version, or a whole SBOM and get one grounded verdict, not ten open browser tabs across NVD, KEV, EPSS, Exploit-DB and ATT&CK.
SOC & detection engineers
Every report pivots the underlying CWE weakness classes into MITRE ATT&CK techniques and mitigations, the language that detection rules and purple-team exercises are actually written in.
Teams building or vetting LLM agents
A working reference for a grounded, type-safe, adversary-aware agent: schema-bounded output, a verdict computed outside the model, MCP tools as auditable contracts, and a falsifiable prompt-injection battery, all measured in a reproducible scorecard.
Design pillars
Type-safe by construction
Pydantic AI, the typed Python agent framework, validates every model output against a declared schema at the model boundary. The LLM never returns free text; it returns a TriageReport or it fails.
Grounded, never invented
Every severity, CVSS score, exploit claim, and patch version is sourced from a typed tool call. The reasoning chain is the audit log.
Adversary-aware
Untrusted content fenced before reaching the LLM. Prompt-injection regression battery with MITRE ATLAS per-payload tags.
Privacy-by-default
Query bodies hashed (SHA-256) in audit. Plain-text retention opt-in via env. Append-only SQLite WAL with hash chain.
Tool surface · 10 typed contracts
See live in Transparency →cve_lookupFull NVD record (CVSS, CWE, CPE) for a known CVE.
cve_semantic_searchVector search over a local index of recent high-severity CVEs (~5-8k, 30-day window).
exploit_checkExploit-DB + GitHub public PoC availability.
kev_checkCISA Known Exploited Vulnerabilities. Strongest patch-now signal.
epss_scoreFIRST.org 30-day exploitation probability + percentile.
patch_lookupFixed-version extraction from NVD CPE configurations.
osv_lookupOSV.dev advisories for a package at a version. Inverse of cve_lookup.
sbom_ingestCycloneDX / SPDX / requirements.txt parser, in-process.
nmap_parse_xmldefusedxml-safe Nmap scan parser, no DTD.
attack_mappingCWE -> MITRE ATT&CK techniques + mitigations.