CIRCL AI approach at the International Committee of the Red Cross (ICRC)

On April 28, 2026, we had the opportunity to present the CIRCL AI approach at the International Committee of the Red Cross (ICRC). The session took place in Luxembourg, with remote participation from the Delegation for Cyberspace at the Global Cyber Hub in Geneva.

The objective of this event was practical: show how AI can be used as an operational capability in vulnerability intelligence, not just as a research topic. We focused on production workflows that help analysts deliver faster, more consistent, and more actionable results.

What We Covered

During the session, we presented concrete AI use cases developed around Vulnerability-Lookup and related CIRCL initiatives, including:

  • Classification and enrichment workflows for vulnerability records, including VLAI and our models published on Hugging Face.
  • Prioritization support when signals are sparse, noisy, or bursty.
  • Reproducible pipelines with human review checkpoints, so final decisions remain analyst-driven.

We also presented AI usage in two other operational projects at CIRCL:

  • AIL Project: applying multiple models for inference tasks on the large-scale AIL dataset.
  • MISP Project: integrating AI-assisted workflows to support threat intelligence analysis and data handling.

We also briefly presented VulnMCP, our open-source MCP server, and its orchestrated skills.

Across these projects, we rely on a mix of models, including excellent open-weight Chinese models, selected according to clear criteria: task fit, inference speed, quality on real data, explainability, and operational robustness. CIRCL is convinced of the importance of open-weight models.

Why It Matters

Security teams are often asked to make high-impact decisions under time pressure and with incomplete information. Our approach is designed for these conditions by combining open vulnerability data, domain knowledge, and machine-learning components that are measurable and testable.

In short, the goal is to improve triage quality and response speed while preserving traceability, reproducibility, and analyst oversight.

Key Takeaways

  • AI is most effective when embedded in existing analyst workflows.
  • Data quality and explainability are as important as model performance.
  • Practical, incremental deployment delivers more value than one-shot automation.
  • A portfolio of models is often more effective than a single-model strategy for production environments.

Presentation Material

Feedback and Support

If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us: info@circl.lu