Summary
LangGraph agent called by Stage 4 only after KEV table, Exploit-DB table, and GitHub Search API all return nothing for a given CVE.
Tools
WebSearchTool (Tavily) — searches exploit databases, security blogs, PoC repositories
FetchURLTool — fetches and reads URLs found in search results
Interface
class ExploitResearchAgent:
def __init__(self, llm: BaseChatModel, *, max_iterations: int = 10): ...
def research(self, cve_id: str, component: str, version: str) -> ExploitResearchResult: ...
ExploitResearchResult: availability (ExploitAvailability enum) + details (source URL or description).
Constraints
- Called only when all structured lookups (1-3 in Stage 4) return nothing — never as a shortcut
- Must not be called for NOT_REACHABLE findings
- Agent failure degrades gracefully to
UNKNOWN, not a Stage 4 crash
LLM provider
Same BaseChatModel instance injected by the CLI — configured via CYBERGUARD_LLM_PROVIDER env var.
Summary
LangGraph agent called by Stage 4 only after KEV table, Exploit-DB table, and GitHub Search API all return nothing for a given CVE.
Tools
WebSearchTool(Tavily) — searches exploit databases, security blogs, PoC repositoriesFetchURLTool— fetches and reads URLs found in search resultsInterface
ExploitResearchResult:availability(ExploitAvailability enum) +details(source URL or description).Constraints
UNKNOWN, not a Stage 4 crashLLM provider
Same
BaseChatModelinstance injected by the CLI — configured viaCYBERGUARD_LLM_PROVIDERenv var.