VulnMCP 1.0.0 released

We are excited to share a new project we have been working on: VulnMCP

VulnMCP is an MCP server that brings vulnerability intelligence directly into AI clients, chat agents, and automated workflows. The idea is simple: make vulnerability analysis programmable, modular, and easily consumable by modern AI systems.

With VulnMCP, you can:

Query and explore vulnerabilities (via Vulnerability-Lookup) directly from your chat agent or editor.
Classify vulnerability severity (in English and Chinese) using our fine-tuned NLP models
Predict CWE categories from descriptions
Guess the CPE based on one or more keywords from a vulnerability description
Build and extend your own “skills” for automated security analysis

Have a look at the screencast below (with sound on!) featuring Claude Code. You will see how to retrieve information about a vulnerability using its CVE ID and classify its severity — all from your favorite AI chat agent.

Example of CPE Guessing

This AI Agent tool is using CPE Guesser.

VulnMCP is built with a modular architecture, so adding new capabilities is straightforward — whether you want to integrate additional models, data sources, or custom logic.

This is part of a broader effort to make vulnerability intelligence more accessible, interoperable, and ready for AI-native environments.

If you work with MCP clients, LLM agents, or are simply interested in automating vulnerability workflows, give it a try:

🔗 https://github.com/vulnerability-lookup/VulnMCP

Feedback, ideas, and contributions are very welcome!

References

The MCP server: https://github.com/vulnerability-lookup/VulnMCP
Training pipelines: https://github.com/vulnerability-lookup/VulnTrain
Orchestration framework based on XMPP: https://github.com/vulnerability-lookup/VulnAgent
Vulnerability-Lookup source code: https://github.com/vulnerability-lookup/vulnerability-lookup
Vulnerability-Lookup instance operated by CIRCL: https://vulnerability.circl.lu

Funding

EU Funding

AIPITCH aims to create advanced artificial intelligence-based tools supporting key operational services in cyber defense. These include technologies for early threat detection, automatic malware classification, and improvement of analytical processes through the integration of Large Language Models (LLM). The project has the potential to set new standards in the cybersecurity industry.

The project leader is NASK National Research Institute. The international consortium includes:

CIRCL (Computer Incident Response Center Luxembourg), Luxembourg
The Shadowserver Foundation, Netherlands
NCBJ (National Centre for Nuclear Research), Poland
ABI LAB (Centre of Research and Innovation for Banks), Italy

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.