Skip to content

[Phase 1] ExploitResearchAgent (Tavily web search, last-resort fallback for Stage 4) #8

Description

@varun-polpakkara

Summary

LangGraph agent called by Stage 4 only after KEV table, Exploit-DB table, and GitHub Search API all return nothing for a given CVE.

Tools

  • WebSearchTool (Tavily) — searches exploit databases, security blogs, PoC repositories
  • FetchURLTool — fetches and reads URLs found in search results

Interface

class ExploitResearchAgent:
    def __init__(self, llm: BaseChatModel, *, max_iterations: int = 10): ...
    def research(self, cve_id: str, component: str, version: str) -> ExploitResearchResult: ...

ExploitResearchResult: availability (ExploitAvailability enum) + details (source URL or description).

Constraints

  • Called only when all structured lookups (1-3 in Stage 4) return nothing — never as a shortcut
  • Must not be called for NOT_REACHABLE findings
  • Agent failure degrades gracefully to UNKNOWN, not a Stage 4 crash

LLM provider

Same BaseChatModel instance injected by the CLI — configured via CYBERGUARD_LLM_PROVIDER env var.

Metadata

Metadata

Labels

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions