Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation

Novruz Amirov; Emil Huseynov; Nahid Aliyev; Serif Bahtiyar

doi:10.1109/ISCTrkiye68593.2025.11224852

Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation

Novruz Amirov
, Emil Huseynov
, Nahid Aliyev
, Serif Bahtiyar

Bilgisayar Mühendisliği Bölümü

Istanbul Technical University

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

Özet

As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9

Orijinal dil	İngilizce
Ana bilgisayar yayını başlığı	2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings
Editörler	Ali Aydin Selcuk, Seref Sagiroglu, Oguz Yayla, Cihangir Tezcan
Yayınlayan	Institute of Electrical and Electronics Engineers Inc.
ISBN (Elektronik)	9798331557102
DOI'lar	https://doi.org/10.1109/ISCTrkiye68593.2025.11224852
Yayın durumu	Yayınlandı - 2025
Etkinlik	18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Ankara, Turkey Süre: 22 Eki 2025 → 23 Eki 2025

Yayın serisi

Adı	2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???	18th International Conference on Information Security and Cryptology, ISCTurkiye 2025
Ülke/Bölge	Turkey
Şehir	Ankara
Periyot	22/10/25 → 23/10/25

Bibliyografik not

Publisher Copyright:
© 2025 IEEE.

Belgeye Erişim

10.1109/ISCTrkiye68593.2025.11224852

Diğer Dosyalar ve Linkler

Link to publication in Scopus

Alıntı Yap

Amirov, N., Huseynov, E., Aliyev, N., & Bahtiyar, S. (2025). Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. In A. A. Selcuk, S. Sagiroglu, O. Yayla, & C. Tezcan (Eds.), 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISCTrkiye68593.2025.11224852

Amirov, Novruz ; Huseynov, Emil ; Aliyev, Nahid et al. / Automated CVE Triage : Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. editör / Ali Aydin Selcuk ; Seref Sagiroglu ; Oguz Yayla ; Cihangir Tezcan. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings).

@inproceedings{e59eea39e2714944ad33b23c976ff90a,

title = "Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation",

abstract = "As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9",

keywords = "AI in Cyber Security, Agentic AI, CVSS, Large Language Models, Proof-of-Concept Execution, Security Automation, Vulnerability Triage",

author = "Novruz Amirov and Emil Huseynov and Nahid Aliyev and Serif Bahtiyar",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 ; Conference date: 22-10-2025 Through 23-10-2025",

year = "2025",

doi = "10.1109/ISCTrkiye68593.2025.11224852",

language = "English",

series = "2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Selcuk, \{Ali Aydin\} and Seref Sagiroglu and Oguz Yayla and Cihangir Tezcan",

booktitle = "2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings",

address = "United States",

}

Amirov, N, Huseynov, E, Aliyev, N & Bahtiyar, S 2025, Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. in AA Selcuk, S Sagiroglu, O Yayla & C Tezcan (eds), 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025, Ankara, Turkey, 22/10/25. https://doi.org/10.1109/ISCTrkiye68593.2025.11224852

Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. / Amirov, Novruz; Huseynov, Emil; Aliyev, Nahid et al.
2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. ed. / Ali Aydin Selcuk; Seref Sagiroglu; Oguz Yayla; Cihangir Tezcan. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings).

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

TY - GEN

T1 - Automated CVE Triage

T2 - 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025

AU - Amirov, Novruz

AU - Huseynov, Emil

AU - Aliyev, Nahid

AU - Bahtiyar, Serif

PY - 2025

Y1 - 2025

N2 - As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9

AB - As vulnerability disclosure platforms scale, the manual triage of security reports has become a significant operational burden. Government and industry systems such as the Common Vulnerabilities and Exposures (CVE) database, HackerOne, Bugcrowd, and others rely on teams of analysts to validate vulnerability submissions, reproduce proof-of-concept (PoC) exploits, identify affected software versions, and assign Common Vulnerability Scoring System (CVSS) metrics. This process demands substantial labor and funding, contributing to disclosure backlogs and delayed remediation. In this paper, we propose an AI-agent-based triage framework that automates core tasks traditionally performed by human analysts, which has some limitations on the current model driven centrally by MITRE. Our system integrates large language models (LLMs), implemented as small agentic AI systems trained for specific tasks, with sandboxed terminal environments to autonomously interpret reports, execute PoCs in isolated settings, and generate structured outputs suitable for CVE publication or platform response workflows. Initial results indicate that the framework can significantly reduce triage time and operational costs, offering a scalable and reproducible alternative to manual processing.9

KW - AI in Cyber Security

KW - Agentic AI

KW - CVSS

KW - Large Language Models

KW - Proof-of-Concept Execution

KW - Security Automation

KW - Vulnerability Triage

UR - https://www.scopus.com/pages/publications/105025200686

U2 - 10.1109/ISCTrkiye68593.2025.11224852

DO - 10.1109/ISCTrkiye68593.2025.11224852

M3 - Conference contribution

AN - SCOPUS:105025200686

T3 - 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings

BT - 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings

A2 - Selcuk, Ali Aydin

A2 - Sagiroglu, Seref

A2 - Yayla, Oguz

A2 - Tezcan, Cihangir

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 22 October 2025 through 23 October 2025

ER -

Amirov N, Huseynov E, Aliyev N, Bahtiyar S. Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation. In Selcuk AA, Sagiroglu S, Yayla O, Tezcan C, editörler, 2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2025. (2025 18th International Conference on Information Security and Cryptology, ISCTurkiye 2025 - Proceedings). doi: 10.1109/ISCTrkiye68593.2025.11224852

Automated CVE Triage: Ai-Agent Framework for Scalable Vulnerability Triaging and Security Automation

Özet

Yayın serisi

???event.eventtypes.event.conference???

Bibliyografik not

Belgeye Erişim

Diğer Dosyalar ve Linkler

Parmak izi

Alıntı Yap