A complete local-first CTEM platform in a single application. 330K+ CVEs. 12-layer TRIS v2 scoring. 12,868 attack payloads. Zero cloud dependency. Click any component below to see what it does and how it fits into the system.
Eight data sources feed five processing stages with TRIS v2 at the center. Seven output surfaces consume the scored intelligence. Every box is a shipping capability. Click any component for details.
12-layer vulnerability scoring. The only engine that combines all twelve dimensions. Click any layer chip to explore.
Every row below is a capability we ship today. Every other column is what the market-leading alternative offers. No "partner integrations required" asterisks.
| Capability | CVEasy AI | Tenable One | Qualys TruRisk | Rapid7 InsightVM | Picus PXS |
|---|---|---|---|---|---|
| Vulnerability scanning | Import + agentless | ✓ | ✓ | ✓ | · |
| Multi-scanner normalization | 9 formats | · | · | · | · |
| Multi-layer scoring | 12 layers | VPR (5) | TruRisk (5) | Risk Score | · |
| Attack path blast radius | Layer 8 | · | · | · | · |
| SBOM supply chain scoring | Layer 9 | · | · | · | · |
| Defense efficacy (ATT&CK coverage) | Layer 10 | · | · | · | Partial |
| Predictive threat trajectory | Layer 11 | · | · | · | · |
| FAIR-based financial quantification | Layer 12 | · | · | · | · |
| Built-in breach & attack simulation | 12,868 payloads | · | · | · | ✓ |
| AI remediation (per CVE, per OS) | Local LLM | · | · | Generic | · |
| Local-first / air-gapped capable | 100% | Cloud | Cloud | Cloud | Cloud |
| Flat-rate pricing (no per-asset fees) | Flat-rate | Per asset | Per asset | Per asset | Per node |
| Setup time | < 5 min | Weeks | Weeks | Weeks | Days |
Every card is a concrete capability with real numbers. No roadmap items. No "coming soon." This is what ships today in CVEasy AI v1.1.
The only scoring engine that combines CVSS, EPSS, KEV, threat actor targeting, asset criticality, exposure, BAS validation, attack paths, supply chain, defense efficacy, predictive trajectory, and FAIR financial impact.
Built-in breach and attack simulation with 12,868 payloads across 124 modules. 10 pre-built APT campaigns. Every execution scope-enforced and audit-logged. Validation results feed back into TRIS v2 scoring.
On-device LLM generates exact remediation commands per CVE, per OS, per asset. Verify and rollback commands included. Private RAG ingests your internal runbooks. 47 milliseconds per runbook. Zero cloud inference.
Ingests findings from Nessus, Qualys, Rapid7, OpenVAS, Nuclei, Burp Suite, OWASP ZAP, Trivy, and custom CSV. Normalizes field names across formats. Deduplicates across tools. 4x average reduction ratio.
49+ named APT groups with their known toolkits, TTPs, and sector targeting. Every CVE gets cross-referenced against active campaigns. If APT29 is using a CVE against your industry, TRIS v2 knows.
Automatic mapping to NIST CSF, NIST 800-53, SOC 2 Type II, PCI DSS, HIPAA, FedRAMP, ISO 27001, and CIS Controls. Audit-ready evidence packages export in a single click.
Runs entirely on your hardware. No cloud dependency. No telemetry bus. No inference calls leaving the machine. Air-gapped capable out of the box. Runs in DoD SCIFs, healthcare residency environments, and industrial control networks.
Every asset gets auto-tagged by role (13 categories), criticality tier (Crown / Prod / Staging / Dev), business owner, and compliance zone. No manual spreadsheets. Feeds directly into TRIS v2 Layer 5.
Automated PDF reports with risk trends, MTTR metrics, SLA compliance rates, financial impact quantification, and business-impact narratives. The kind of report a CISO actually wants to send to the audit committee.