Security teams face a relentless, ever-growing volume of CVE disclosures and the manual research process that follows each one is slow, fragmented, and difficult to scale. The vision was an autonomous AI agent that replicates the end-to-end workflow of a skilled security analyst: decomposing a research prompt, gathering and validating information across multiple sources, and delivering a structured, actionable findings report directly into the tools analysts already use. Not a search tool. Not a summariser. A team of specialized agents working collaboratively, the way a real analyst team would.
CVE research at scale exposes the limits of both human analysts and single-model AI approaches.
Security teams receive a continuous stream of CVE disclosures across vendor bulletins, GitHub issues, NVD feeds, and mailing lists. Triaging each one manually at the speed needed to prevent exploitation - is not sustainable for most teams.
Vulnerability information is rarely in one place. Relevant details about a CVE may appear across multiple sources, often with conflicting or incomplete information. Analysts must manually reconcile these sources before any reliable conclusion can be reached.
A single AI model lacks the structure to replicate a rigorous research workflow. Without distinct planning, execution, and validation steps, outputs are prone to hallucination, gaps, and unverified claims unacceptable in a security context.
Even when research is completed accurately, findings still need to be manually logged in Jira, communicated via Slack, and routed to the right teams. This last-mile effort adds friction and delays response time.
As CVE volumes grow, human analyst capacity does not. A process that cannot scale independently of headcount will always be a bottleneck.
Focaloid built a CVE Research Agent on its Agentic AI Framework - a team of specialized, collaborating AI agents that automates the full research lifecycle from query to action, delivering analyst-grade outputs in minutes rather than hours.
Decomposes each research prompt into logical, sequential sub-questions and tasks structuring the research workflow before any execution begins, ensuring nothing critical is missed.
Executes individual research tasks using data-retrieval and enrichment tools gathering information across multiple sources simultaneously and at a scale no human team could match.
Independently validates, fact-checks, and filters the information retrieved by Worker Agents combating misinformation and ensuring only verified, reliable data progresses to the final report.
Crafts the final structured research report from validated findings, automatically creates a Jira ticket with the output, and posts findings to the relevant Slack channel completing the analyst workflow without any manual handoff.
Agent coordination is managed through LangGraph and LangChain, enabling complex, stateful workflows where agents collaborate, hand off context, and operate autonomously without human intervention at each step.
Structured state is maintained across agents throughout the research lifecycle using MCP ensuring each agent operates with full, accurate context rather than starting from scratch.
Consistent, modular agent-to-agent messaging is handled through Google's A2A protocol, keeping agent interactions reliable and composable as workflows scale.
Full traceability, debugging, and performance metrics across all agents are provided through LangSmith — giving te
Analysed the CVE research workflow in detail - identifying the discrete tasks, decision points, validation steps, and tool interactions that a skilled analyst performs and mapped these to agent roles and responsibilities.
Defined the task structure and responsibilities for each agent in the pipeline: Planner, Worker, Reviewer, and Summariser. Established the handoff logic, context-passing protocols, and validation checkpoints between agents.
Mapped data sources, scraping targets, and API integrations for the Worker Agent. Designed the Jira and Slack integration layer for the Summariser Agent's action outputs.
Constructed the full agent workflow on the Agentic AI Framework. Validated outputs against real-world CVE research scenarios, refining agent behaviour, confidence thresholds, and validation logic iteratively.
Launched within a secure cloud environment with enterprise authentication support. Documented the reusable agent patterns for extension to adjacent security and research use cases.
Security analysts can't keep up with the volume of CVE disclosures by hand - the information is too scattered, arrives too fast, and slow triage is exactly how real vulnerabilities slip through. A single AI model isn't enough either; rigorous research needs planning, execution, and independent validation. By orchestrating a team of specialized agents with multi-source validation, structured context, and real actions in Jira and Slack, Focaloid's CVE Research Agent compresses hours of analyst work into minutes at scale. And because it's built on a reusable Agentic AI Framework, the same pattern extends to any domain where deep, repeatable research and action are needed.
We co-create intelligent, multi-agent solutions on our Agentic AI Framework with multi-agent orchestration, MCP-based context management, enterprise integrations, and full observability deployable in cloud, VPC, or on-premises.