A complete local-first CTEM platform in a single application. 330K+ CVEs. 12-layer TRIS v2 scoring. 19,608 attack payloads. Zero cloud dependency. Click any component below to see what it does and how it fits into the system.
Nine data sources feed five processing stages with TRIS v2 at the center. Eight output surfaces consume the scored intelligence. Every box is a shipping capability. Click any component for details.
12-layer vulnerability scoring. The only engine that combines all twelve dimensions. Click any layer chip to explore.
Every row below is a capability we ship today. Every other column is what the market-leading alternative offers. No "partner integrations required" asterisks.
| Capability | CVEasy AI | Tenable One | Qualys TruRisk | Rapid7 InsightVM | Picus PXS |
|---|---|---|---|---|---|
| Vulnerability scanning | Import + agentless | ✓ | ✓ | ✓ | · |
| Multi-scanner normalization | 9 formats | · | · | · | · |
| Multi-layer scoring | 12 layers | VPR (5) | TruRisk (5) | Risk Score | · |
| Attack path blast radius | Layer 8 | · | · | · | · |
| SBOM supply chain scoring | Layer 9 | · | · | · | · |
| Defense efficacy (ATT&CK coverage) | Layer 10 | · | · | · | Partial |
| Predictive threat trajectory | Layer 11 | · | · | · | · |
| FAIR-based financial quantification | Layer 12 | · | · | · | · |
| Built-in breach & attack simulation | 19,608 payloads | · | · | · | ✓ |
| AI remediation (per CVE, per OS) | Local LLM | · | · | Generic | · |
| Cloud posture (CSPM/CIEM) | Wiz-class, local | Add-on | Add-on | Add-on | · |
| Patch orchestration (through your consoles) | 5 connectors | · | Own module | Own module | · |
| Local-first / air-gapped capable | 100% | Cloud | Cloud | Cloud | Cloud |
| Flat-rate pricing (no per-asset fees) | Flat-rate | Per asset | Per asset | Per asset | Per node |
| Setup time | < 5 min | Weeks | Weeks | Weeks | Days |
Every card is a concrete capability with real numbers. No roadmap items. No "coming soon." This is what ships today in CVEasy AI v1.1.
The only scoring engine that combines CVSS severity, EPSS probability, KEV confirmation, business impact context, network exposure topology, threat pressure, temporal dynamics, attack paths, supply chain, defense efficacy, predictive trajectory, and FAIR financial impact.
Built-in breach and attack simulation with 19,608 payloads across 124 modules. 10 pre-built APT campaigns. Every execution scope-enforced and audit-logged. Validation results feed back into TRIS v2 scoring.
On-device LLM generates exact remediation commands per CVE, per OS, per asset. Verify and rollback commands included. Private RAG ingests your internal runbooks. 47 milliseconds per runbook. Zero cloud inference.
Ingests findings from Nessus, Qualys, Rapid7, OpenVAS, Nuclei, Burp Suite, OWASP ZAP, Trivy, and custom CSV. Normalizes field names across formats. Deduplicates across tools. 4x average reduction ratio.
49+ named APT groups with their known toolkits, TTPs, and sector targeting. Every CVE gets cross-referenced against active campaigns. If APT29 is using a CVE against your industry, TRIS v2 knows.
Automatic mapping to NIST CSF, NIST 800-53, SOC 2 Type II, PCI DSS, HIPAA, FedRAMP, ISO 27001, and CIS Controls. Audit-ready evidence packages export in a single click.
Runs entirely on your hardware. No cloud dependency. No telemetry bus. No inference calls leaving the machine. Air-gapped capable out of the box. Runs in DoD SCIFs, healthcare residency environments, and industrial control networks.
Every asset gets auto-tagged by role (13 categories), criticality tier (Crown / Prod / Staging / Dev), business owner, and compliance zone. No manual spreadsheets. Feeds directly into TRIS v2 Layer 4.
Automated PDF reports with risk trends, MTTR metrics, SLA compliance rates, financial impact quantification, and business-impact narratives. The kind of report a CISO actually wants to send to the audit committee.
Proprietary cloud posture (CSPM) and cloud identity and attack-path (CIEM) engine built by CVEasy, not resold. Covers AWS, Azure, and GCP from one place with 204 CIS-tagged checks and a per-framework compliance coverage rollup. Runs against your own accounts, results stay in your local instance. Does what Wiz does for cloud posture, without per-asset cloud pricing.
CVEasy generates the OS-specific fix, then orchestrates deployment through your existing patch and MDM consoles: Microsoft Intune, Automox, Tanium, Jamf Pro, PDQ Connect, plus a universal webhook fallback. Fail-closed, AES-GCM-encrypted credentials, and a closed-loop re-scan that confirms the fix. It does not push patches to endpoints itself, it drives the tooling you already own.