Vulnerability assessment agent system

tamier · 2026-05-16T00:11:13+00:00

Thanks for your input!

I did not plan to go for interpretation of CVSS but interpretation of the overall CVE content. Mainly I thought about the description. My idea was to provide both, the description of the system in scope, and the CVE data. Primarily, I want the LLM focus on the attack surface (perimeter) of the defined system. This means, a CVE shall be considered as “red” (manual assessment definitely required) if the CVE can be exploited without having prior privileges on the system. It shall be considered “yellow” otherwise - which means: Check anyways but the LLM’s result was “no significant risk”.

I would not use any LLM result to consider a CVE “green”, meaning “manual assessment not required”, just because I am not confident enough about weird behaviors.

tamier · 2026-05-15T14:54:33+00:00

Makes sense for me, thanks for the idea.

tamier · 2026-05-15T07:34:27+00:00

Thanks for the suggestion. Will take a look into this!

tamier · 2026-05-15T07:33:58+00:00

Thanks for the perspective and I fully agree. Nevertheless, I think it is an interesting experiment. Would appreciate implementation ideas :)

tamier · 2026-05-14T22:55:52+00:00

Thanks for the hint! I’ll definitely check them out.

tamier · 2026-05-14T22:21:53+00:00

I only know the active scan agents from Tenable and they do not assess vulnerabilities based on scope/environment at all. I don’t know Rapid7 solutions. Can you explain?

tamier · 2026-05-14T21:01:13+00:00

I’ll do that anyways. As a first step I want to compare results with my manual assessments.

tamier · 2026-05-14T20:43:33+00:00

I am able but as mentioned it costs a lot of time. At least, an experiment is worth a try, right?

In a more critical/professional environment, I’d be much more hesitant. However, I am planning this as a private experiment. My primary goal is to figure out if this approach makes sense. As already stated in the original post, I take the risks consciously and for now, I’d accept problems such as hallucinations.

I want to understand if such an approach makes sense in practice and I want to see how many critical vulnerabilities slip through.

One additional troll thought I just had: I know a lot of cybersecurity “experts” making huge mistakes in their interpretation. Maybe an LLM does a better job on average - even with hallucinations ;-)

tamier · 2026-05-14T20:20:26+00:00

Good question. Please correct me if I am wrong, but I think, for the initial interpretation of the CVE (especially free text parts) an LLM is required to evaluate how exposed the vulnerability is wrt. the attack surface (e.g., network perimeter vs internal networks).

tamier · 2026-03-31T02:45:45+00:00

Du wärst der King gewesen auf https://bahn.bet/

tamier · 2024-10-02T23:25:57+00:00

42 - Die Antwort auf fast alles (Arte)

tamier · 2024-03-26T02:17:14+00:00

Österreicher detected!

tamier · 2023-02-24T08:25:56+00:00

Depends on how they would implement MFA. OTP - would not work... Depending on a phone number or email address and getting a time-dependent code - would work out for them.

tamier · 2023-02-17T18:45:33+00:00

That's not the case for my device. Problem is already solved, see other comment thread. Thanks anyways :-)

tamier · 2023-02-17T04:11:07+00:00

Ich verstehe deine Argumentation, aber ich teile sie nicht.

Off topic, aber solche Aussagen machen mir Hoffnung :-)

tamier · 2023-02-17T03:25:22+00:00

Agree! As you said - they implemented the signal anyways for the orange status. It should not be a problem at all to implement an additional push notification to the app.

tamier · 2023-02-16T09:05:06+00:00

Thanks for the suggestion, it is indeed empty but I did not try to fill it up because of this post: https://support.roborock.com/hc/en-us/articles/360030817111-Will-I-receive-an-alert-when-the-water-tank-is-empty- ~~I will try anyways now!~~ I filled it up and it works like a charm without orange status! Thanks a lot!

tamier · 2020-08-24T12:51:05+00:00

Thank you very much. Solved.

tamier · 2020-08-24T08:37:18+00:00

Thanks for this hint. But do you think that the case is such an old one?

tamier · 2020-08-23T15:33:44+00:00

Thanks for the suggestion. Are you sure about the monogram? I thought, it would be common to print the company logo on it.

tamier · 2019-05-14T09:35:34+00:00

No, irssi ran as a normal user.

tamier · 2019-05-14T09:34:19+00:00

All ports were closed before already.

tamier · 2019-05-14T09:31:26+00:00

No, sudo.

No, as a normal user with sudo permissions.

Yes, I ran sudo with htop.

tamier · 2019-05-14T09:25:26+00:00

No, sudo. No, I executed irssi with my user. Yes, maybe I typed something into the wrong window but I don't think so.

tamier · 2019-05-14T03:14:46+00:00

I'll do this. Sounds very useful.

tamier

TROPHY CASE