Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation

Novruz Amirov; Emil Huseynov; Nahid Aliyev; Serif Bahtiyar

doi:10.1109/ISCTrkiye68593.2025.11224852

Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation

Novruz Amirov
, Emil Huseynov
, Nahid Aliyev
, Serif Bahtiyar

Department of Computer Engineering

Istanbul Technical University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9

Original language	English
Title of host publication	2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings
Editors	Ali Aydin Selcuk, Seref Sagiroglu, Oguz Yayla, Cihangir Tezcan
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798331557102
DOIs	https://doi.org/10.1109/ISCTrkiye68593.2025.11224852
Publication status	Published - 2025
Event	18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Ankara, Turkey Duration: 22 Oct 2025 → 23 Oct 2025

Publication series

Name	2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings

Conference

Conference	18th International Conference on Information Security and Cryptology, ISCTurkiye 2025
Country/Territory	Turkey
City	Ankara
Period	22/10/25 → 23/10/25

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

Agentic AI
AI in Cyber Security
CVSS
Large Language Models
Proof-of-Concept Execution
Security Automation
Vulnerability Triage

Access to Document

10.1109/ISCTrkiye68593.2025.11224852

Cite this

Amirov, N., Huseynov, E., Aliyev, N., & Bahtiyar, S. (2025). Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. In A. A. Selcuk, S. Sagiroglu, O. Yayla, & C. Tezcan (Eds.), 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISCTrkiye68593.2025.11224852

Amirov, Novruz ; Huseynov, Emil ; Aliyev, Nahid et al. / Automated CVE Triage : Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. editor / Ali Aydin Selcuk ; Seref Sagiroglu ; Oguz Yayla ; Cihangir Tezcan. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings).

@inproceedings{e59eea39e2714944ad33b23c976ff90a,

title = "Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation",

abstract = "As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9",

keywords = "Agentic AI, AI in Cyber Security, CVSS, Large Language Models, Proof-of-Concept Execution, Security Automation, Vulnerability Triage",

author = "Novruz Amirov and Emil Huseynov and Nahid Aliyev and Serif Bahtiyar",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 ; Conference date: 22-10-2025 Through 23-10-2025",

year = "2025",

doi = "10.1109/ISCTrkiye68593.2025.11224852",

language = "English",

series = "2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Selcuk, \{Ali Aydin\} and Seref Sagiroglu and Oguz Yayla and Cihangir Tezcan",

booktitle = "2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings",

address = "United States",

}

Amirov, N, Huseynov, E, Aliyev, N & Bahtiyar, S 2025, Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. in AA Selcuk, S Sagiroglu, O Yayla & C Tezcan (eds), 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025, Ankara, Turkey, 22/10/25. https://doi.org/10.1109/ISCTrkiye68593.2025.11224852

Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. / Amirov, Novruz; Huseynov, Emil; Aliyev, Nahid et al.
2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. ed. / Ali Aydin Selcuk; Seref Sagiroglu; Oguz Yayla; Cihangir Tezcan. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automated CVE Triage

T2 - 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025

AU - Amirov, Novruz

AU - Huseynov, Emil

AU - Aliyev, Nahid

AU - Bahtiyar, Serif

PY - 2025

Y1 - 2025

N2 - As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9

AB - As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9

KW - Agentic AI

KW - AI in Cyber Security

KW - CVSS

KW - Large Language Models

KW - Proof-of-Concept Execution

KW - Security Automation

KW - Vulnerability Triage

UR - https://www.scopus.com/pages/publications/105025200686

U2 - 10.1109/ISCTrkiye68593.2025.11224852

DO - 10.1109/ISCTrkiye68593.2025.11224852

M3 - Conference contribution

AN - SCOPUS:105025200686

T3 - 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings

BT - 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings

A2 - Selcuk, Ali Aydin

A2 - Sagiroglu, Seref

A2 - Yayla, Oguz

A2 - Tezcan, Cihangir

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 22 October 2025 through 23 October 2025

ER -

Amirov N, Huseynov E, Aliyev N, Bahtiyar S. Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. In Selcuk AA, Sagiroglu S, Yayla O, Tezcan C, editors, 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2025. (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings). doi: 10.1109/ISCTrkiye68593.2025.11224852

Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this