CVEasy AI Documentation

Everything you need to set up, configure, and get the most out of CVEasy AI, the first complete CTEM platform on Apple hardware.

What makes CVEasy different

Most tools hand you a list of vulnerabilities and stop. CVEasy proves which findings are actually exploitable, generates the exact fix, and proves the fix held. These capabilities do not exist, combined, in any other platform.

BASzy Validation

Prove exploitability with real attack techniques, not theory.

TRIS 12-Layer Scoring

Rank by real risk, not raw CVSS. Patent pending.

Proof-of-Fix

HMAC-signed attestation an auditor verifies offline.

AutoFuzz Zero-Day

Mutation fuzzing finds smuggling-class zero-days.

Posture Delta + Rules

Export a Sigma, Splunk, or Sentinel rule for every gap.

Attack Path Graph

See the chained path to your crown jewels.

Local-First & Air-Gap

Runs 100% on your Mac. Your data never leaves.

Fix Once, Close Many

Root-cause Solutions retire thousands of CVEs at once.

Installation & Setup

Download the DMG

Download CVEasy AI_1.0.0_aarch64.dmg from your purchase confirmation email. The file is approximately 5GB, it includes everything needed to run offline.

Install to Applications

Double-click the DMG and drag CVEasy AI™ to your Applications folder. That's it, no Homebrew, no Python, no command line.

Launch

Open CVEasy AI from Applications. On first launch, it will seed the database with 337,000+ CVEs (takes about 15 seconds) and start the AI engine automatically.

CVEasy AI · Setup Wizard

First launch. The setup wizard verifies the AI engine, model, and database, then walks you through your organization profile.

Activate Your License

Go to Settings → License, paste your license key, and click Activate. Your key is in the purchase confirmation email.

No internet required. CVEasy AI runs entirely on your hardware. The AI engine, CVE database, and all features work completely offline. NVD sync happens automatically when online but is entirely optional.

First Steps After Installation

Once CVEasy AI is running, here's what to do first:

Option A: You have existing scan data

If your team runs Nessus, Qualys, Rapid7, or any other vulnerability scanner, import your most recent scan:

Click Scan Imports in the sidebar
Click Import Scan
Upload your scan file (drag & drop or file picker)
CVEasy auto-detects the format, creates assets, and links CVEs

CVEasy AI · Scan Imports

CVEasy AI Scanner Import page with a drag-and-drop area and tiles for Nessus, Qualys, Rapid7, OpenVAS, Nuclei, Burp Suite, Trivy and more

Scan Imports. Drag a scanner export onto the drop zone. CVEasy auto-detects the format across 13 supported tools.

Option B: You don't have scan data

No scanner? No problem. BASzy discovers your assets automatically:

Click BASzy in the sidebar
Click New Scan
Enter your network range (e.g., 10.0.0.0/24)
BASzy™ scans the network, discovers assets, and tests for vulnerabilities

CVEasy AI · BAS Scanner

CVEasy AI BASzy Attack Simulation scanner with the discover, prioritize, validate, mobilize funnel and a New Scan target form

BAS Scanner. Pick a target, run an 8-phase agentless discovery, and BASzy validates exploitability with real attack techniques.

How To: Import Scan Data

CVEasy AI supports 9 scanner formats with automatic format detection:

Scanner	Format	Extension
Tenable Nessus	XML	`.nessus`
Qualys VMDR	XML	`.xml`
Rapid7 InsightVM	XML / CSV	`.xml`
OpenVAS / GVM	XML	`.xml`
Nuclei	JSONL	`.jsonl`
Burp Suite	XML	`.xml`
OWASP ZAP	XML	`.xml`
Aqua Trivy	JSON	`.json`
Any Scanner	CSV	`.csv`

Auto-detection: Just upload the file. CVEasy automatically detects the format. You don't need to specify which scanner produced it.

What happens after import

Assets created, every host in the scan becomes an asset in your inventory
CVEs linked, vulnerabilities are linked to assets with port and CVSS data
Missing CVEs fetched, any CVEs not in the database are fetched from NVD automatically
Risk scores calculated. TRIS™ scores computed for each CVE on each asset
Attack surface updated, the attack surface view reflects the new data immediately

How To: Run Network Discovery

BASzy's discovery engine finds assets on your network without requiring any scanner software. It performs an 8-phase enumeration:

ARP sweep, instantly discovers devices on the local subnet
Ping sweep, identifies live hosts across the target range
Port scan, checks 47 common ports on each live host
Banner grab, reads service banners to identify software versions
SSL/TLS analysis, extracts hostnames from certificates
DNS resolution, reverse DNS lookup on all discovered IPs
mDNS/Bonjour, finds Apple devices and IoT
Classification, categorizes each device (server, workstation, router, printer, IoT)

Authorization required. Only scan networks you are authorized to test. BASzy enforces scope boundaries, you must specify the authorized target range before scanning.

How To: Generate AI Remediation

CVEasy AI generates specific remediation playbooks, not generic "apply the latest patch" advice. Each playbook includes exact commands, verification steps, and rollback procedures.

Find the CVE

Browse CVEs or click on a finding from a scan import. The CVE detail page shows severity, TRIS™ score, affected products, and threat intelligence.

Click "Generate Remediation"

The AI engine generates a complete playbook in real-time. You'll see it stream in, typically 15-30 seconds.

CVEasy AI · CVE Detail

CVE detail. Remediation generates from the CVE detail page, alongside EPSS, CISA KEV status, attacker pressure, and compliance impact.

CVEasy AI · Solutions

Solutions. CVEasy groups CVEs by root cause so one fix closes many. The leverage column shows how many CVEs each action retires.

Review and Apply

The playbook includes: Executive Summary, Severity Assessment, Immediate Actions (with verification), Patch Guide, Detection Queries, and Long-term Hardening.

Private knowledge base: Upload your internal runbooks, configuration standards, and exception policies to the Knowledge Base. The AI will reference them when generating remediation, so advice is specific to YOUR environment, not generic.

How To: Run BASzy Attack Campaigns

BASzy includes 10 pre-built attack campaigns that simulate real-world threat scenarios. Each campaign chains multiple techniques exactly like a real attacker.

Available Campaigns

Campaign	Steps	Validates
Ransomware Kill Chain	10	Email gateway, EDR, segmentation, backups
APT29 (Cozy Bear)	7	Supply chain, C2 detection, token theft
AD Zero to Domain Admin	7	Kerberos hardening, LAPS, tiered admin
Cloud Infrastructure Breach	6	IAM policies, IMDS, CloudTrail
Malicious Insider	6	DLP, USB controls, email monitoring
Initial Access Broker	5	Perimeter security, VPN, credential hygiene
Business Email Compromise	5	DMARC/SPF/DKIM, employee awareness
Web App SQLi→Shell→Data	7	WAF, input validation, segmentation
Network Segmentation	4	VLAN boundaries, firewall rules
Zero-Day Simulation	5	Behavioral detection, anomaly detection

CVEasy AI · APT Campaigns

CVEasy AI Threat Actor Campaign Simulation library with APT28, LockBit, Lazarus, APT41, Scattered Spider, and Sandworm campaigns

Threat-actor campaigns. Ten pre-built campaigns chain real techniques the way a named adversary would, then score how your controls hold up.

CVEasy AI · Defense Map

Defense Map. Every BAS technique mapped to MITRE ATT&CK, so you see which tactics your controls cover and which they miss.

Understanding Results

Each test in a campaign produces one of four outcomes:

BLOCKED, your security control prevented the attack (this is good)
DETECTED, the attack succeeded but was caught (acceptable)
UNDETECTED, the attack succeeded with no detection (fix this)
SKIPPED, not applicable to your environment

How To: View Your Attack Surface

The Attack Surface view shows your entire environment from an attacker's perspective: which assets are exposed, which CVEs affect them, and how an attacker could chain exploits to reach your critical data.

CVEasy AI · Attack Surface

Attack Surface. Your environment from an attacker's point of view, with risk-scored assets and chainable attack paths.

Key elements:

Executive narrative, auto-generated text for board presentations
Risk-scored assets, sorted by actual risk, not just CVE count
Attack paths, visual paths from entry points to crown jewels
Chainable assets, assets with critical CVEs on multiple ports (lateral movement risk)

How To: Generate Reports

Go to Reports under Operate in the sidebar. CVEasy generates professional reports in HTML and PDF, suitable for:

Board presentations, executive summary with risk narrative
Compliance audits, controls mapped to HIPAA, PCI-DSS, SOC 2, etc.
Technical teams, detailed findings with remediation steps
Vulnerability trending, how your posture has changed over time

CVEasy AI · Report Generator

Report Generator. Pick the audience and CVEasy builds the report. Executive, technical, compliance, and board formats in one click.

How To: Backup Your Data

Your CVEasy database contains all your vulnerability data, scan history, asset inventory, and configuration. Back it up regularly.

Manual Backup

Go to Settings → Backup
Click Create Backup
The backup is saved to ~/Library/Application Support/CVEasy AI/backups/
Click Download to save a copy externally

Restore from Backup

Go to Settings → Backup
Click Restore next to the backup you want
A safety backup of your current data is created automatically
Restart CVEasy AI to complete the restore

Backup location: ~/Library/Application Support/CVEasy AI/backups/
Copy this folder to external storage for disaster recovery.

TRIS™ Scoring. How It Works

TRIS™ v2 (True Risk Intelligence Score) is a proprietary 12-layer scoring engine that goes far beyond CVSS. Seven foundational and contextual layers plus five novel dimensions no competitor combines:

CVSS Base Score, technical severity of the vulnerability
EPSS Probability, likelihood of exploitation in the next 30 days
CISA KEV Status, is this actively exploited in the wild?
Threat Actor Targeting, are known APT groups using this CVE?
Asset Criticality, how important is the affected asset?
Public Exposure, is the asset internet-facing?
BASzy Validation, was exploitability proven by attack simulation?
Attack Path Blast Radius, how many assets can this reach via lateral movement?
Supply Chain Propagation, how deep does the vulnerable dependency sit in your SBOM?
Defense Efficacy, what share of the mapped MITRE ATT&CK techniques do your controls cover?
Predictive Trajectory, is exploitation accelerating or decaying right now?
Financial Impact, FAIR-based expected monetary loss

TRIS produces a score from 0-100 and assigns a priority band:

ACT (90-100), remediate immediately, actively dangerous
ATTEND (75-89), high priority, schedule remediation this sprint
TRACK (50-74), monitor, remediate in next cycle
MONITOR (25-49), low risk, track for changes
INFORMATIONAL (0-24), noise, document and move on

The TRIS Sprint Board (under Remediate in the sidebar) groups every finding into its action band so prioritization is a glance, not a debate. Click any score chip to see the full 12-layer breakdown.

CVEasy AI · TRIS Sprint Board

TRIS Sprint Board. ACT means patch within 72 hours, ATTEND within two weeks, TRACK this quarter.

Compliance Mapping

CVEasy maps every CVE to 86 controls across 9 compliance frameworks:

HIPAA (11 controls)
PCI-DSS v4.0 (15 controls)
SOC 2 TSC (9 controls)
ISO 27001:2022 (11 controls)
NIST CSF v2.0 (8 controls)
CIS Controls v8 (12 controls)
FedRAMP / NIST 800-53 (13 controls)
GDPR (4 controls)
CCPA (3 controls)

CVEasy AI · Policy Compliance

Policy Compliance. Track control status by framework, with a register you can filter by status, priority, and audience.

Supported Scanner Formats

CVEasy accepts exports from all major vulnerability scanners. Upload the file and format is auto-detected. Supported: Nessus, Qualys, Rapid7 InsightVM, OpenVAS/GVM, Nuclei, Burp Suite, OWASP ZAP, Aqua Trivy, and generic CSV (any scanner that exports CSV).

Keyboard Shortcuts

`⌘K`	Open search
`⌘/`	Toggle sidebar

Attack Surface Canvas

The Live Attack Surface Canvas is an interactive network visualization that shows your entire infrastructure in one view. It is a proprietary feature unique to CVEasy AI, no other CTEM platform offers this.

CVEasy AI · Attack Paths

CVEasy AI Attack Path Visualization graph chaining findings into attacker paths across network assets

Attack Path Visualization. The graph chains your real findings into the paths an attacker would actually take to reach your crown jewels.

How to Access

Navigate to Attack Surface in the sidebar. Click Network Map at the top right to switch from table view to the interactive canvas.

Understanding the Canvas

Nodes represent assets (servers, databases, workstations). Size indicates criticality. Color indicates risk level: red = critical, orange = high, yellow = medium, green = healthy, purple = crown jewel.
Edges show network connectivity. Solid lines = same subnet. Dashed red lines = lateral movement paths (SSH, SMB, RDP, WinRM).
Animated red dots trace attack paths from entry points to crown jewels, showing exactly how an attacker would chain techniques to reach your most critical assets.
Subnet groups are shown as background regions with labels (e.g., 192.168.1.0/24).

Interacting with the Canvas

Click any node to open the detail panel (IP, OS, services, CVEs, attack paths)
Drag nodes to rearrange the layout
Scroll to zoom in/out
Pan by clicking and dragging empty space
Toggle lateral edges and attack paths using the toolbar buttons
Reset View returns to the default zoom and position

Node Badges

PUB. Public-facing asset (internet-exposed)
DC. Domain controller
DB. Database server
WEB. Web server
Red number badge. CVE count on that asset

AutoFuzz Engine

AutoFuzz is CVEasy AI's proprietary zero-day discovery engine. Unlike static attack libraries, AutoFuzz takes known payloads and generates novel variants using 37 mutation strategies. When a mutation bypasses a defense that blocked the original payload, that's a zero-day-class discovery unique to your environment.

CVEasy AI · Web Fuzzer

Web Fuzzer (AutoFuzz). Grammar-aware mutation fuzzing with differential mode finds smuggling-class zero-days a static payload library would never catch.

How It Works

BASzy fires a known attack payload at a target (e.g., ' OR 1=1--)
If the payload is BLOCKED by a WAF/EDR, AutoFuzz activates
AutoFuzz generates encoded variants: URL encoding, Unicode escapes, HTML entities, null byte injection, comment injection, case swapping, and more
Each variant is tested against the same target
If a variant bypasses the defense, it's classified as a zero-day bypass and stored in the Zero-Day Vault

Mutation Strategies

AutoFuzz includes 37 strategies organized into categories:

Encoding: Base64, double Base64, URL, double URL, hex, Unicode, HTML entities, octal, UTF-7
Case: Case swap, random case mixing
Whitespace: Null byte injection, zero-width characters, tab replacement, newline injection
Comments: SQL comment (/**/), HTML comment (), JS comment injection
Splitting: SQL CONCAT, JS string concatenation, CHAR() function encoding
Substitution: Cyrillic homoglyphs, fullwidth Unicode characters
Context: HTML attribute wrapping, tag wrapping, JS string context, JSON prototype pollution, XML wrapping
Polyglot: Cross-context XSS payloads
WAF bypass: Chunked encoding, multipart wrapping

Strategy Chaining

AutoFuzz automatically chains strategies (e.g., URL-encode + case-swap + comment-inject) to discover multi-layer bypasses that single-strategy approaches miss.

Remediation Proof Engine

The Remediation Proof Engine provides auditable evidence that your fixes actually worked. No other security platform offers closed-loop verification like this.

CVEasy AI · Proof-of-Fix

Proof-of-Fix Ledger. Every closed CVE is sealed with an HMAC-signed attestation an auditor can verify offline. No CA, no network.

How It Works

Before: BASzy finds a vulnerability (UNDETECTED) and stores a baseline snapshot, the exact attack, payload, and evidence
Fix: You apply the remediation (CVEasy AI generates the exact commands)
After: Click "Verify Fix". BASzy re-runs the same attack with the same payload
Proof: The engine compares before and after: UNDETECTED -> BLOCKED = VERIFIED

Proof Reports

Each verification generates an auditable proof containing:

Before snapshot: attack payload, outcome (UNDETECTED), timestamp, evidence
After snapshot: same payload, new outcome (BLOCKED), timestamp, evidence
Remediation applied: the exact commands that were run
Risk reduction classification: critical_to_blocked, detected_to_blocked, etc.

Dashboard

The Remediation Proof Dashboard shows total proofs generated, verification success rate, breakdowns by asset and MITRE technique, and a list of pending baselines awaiting verification.

Detection Rule Export

When BASzy proves an attack bypasses your defenses, CVEasy AI automatically generates detection rules to catch it. Rules are generated in 6 formats:

CVEasy AI · Posture Delta

CVEasy AI Control Posture Delta showing blocked, detected, and undetected attacks with one-click Sigma, Splunk SPL, and Sentinel detection rule export

Control Posture Delta. See what your controls blocked, detected, or missed across every BAS finding, then export a detection rule for each gap in one click.

Format	SIEM/Tool	Use Case
Sigma	Universal (any SIEM)	Portable rules that translate to any platform
SPL	Splunk	Direct Splunk search queries
KQL	Microsoft Sentinel	Azure Sentinel analytics rules
EQL	Elastic SIEM	Elastic event query language
CQL	CrowdStrike LogScale	Falcon LogScale queries
Suricata	Suricata/Snort IDS	Network-level IDS rules

How to Export

After a BASzy campaign completes, go to the findings page. Each UNDETECTED finding has an "Export Detection Rules" button that generates rules in all 6 formats. Copy and paste directly into your SIEM.

SIEM Integration

CVEasy AI can push findings, alerts, and detection rules to your existing security tools:

Integration	Protocol	What It Sends
Splunk	HEC (HTTP Event Collector)	Findings, alerts, detection rules
Microsoft Sentinel	Log Analytics API	Findings as custom log type
Elastic SIEM	Elasticsearch API	Findings as indexed documents
CrowdStrike	LogScale Ingest API	Process, file, and network events
ServiceNow	Incident Table API	Auto-creates incidents from findings
Slack	Webhook	Rich alert messages with MITRE mapping
Microsoft Teams	Webhook	MessageCard alerts
Syslog	RFC 5424 (UDP/TCP)	Standard syslog messages
Generic Webhook	HTTP POST	JSON payload to any endpoint

Configuration

Go to Settings -> Integrations to configure your SIEM connections. Each integration requires:

Splunk: HEC URL and token
Sentinel: Workspace ID and shared key
Elastic: Elasticsearch URL and API key
ServiceNow: Instance name, username, password
Slack/Teams: Webhook URL
Syslog: Host, port, protocol (UDP/TCP)

Posture Scoring

CVEasy AI calculates a composite security posture score (0-100) from your BASzy results, weighted across 6 categories:

Category	Weight	What It Measures
Endpoint Security	25%	EDR detection rate, AV effectiveness
Network Controls	20%	Segmentation, firewall rules, IDS effectiveness
Identity Security	20%	Credential hygiene, MFA enforcement, privilege management
Data Protection	15%	Encryption, DLP controls, exfiltration prevention
Resilience	10%	Backup integrity, recovery capability
Visibility	10%	Logging coverage, monitoring, alerting

Grading

A = 90+, B = 80-89, C = 70-79, D = 60-69, F = below 60. Industry benchmarks are included for comparison (healthcare avg: 58, financial: 72, technology: 68, government: 55).

Ransomware Readiness Assessment

A dedicated assessment that tests your defenses against each phase of the ransomware kill chain:

Initial Access Prevention, phishing detection, exposed service patching
Execution Controls, script blocking, macro restrictions, application whitelisting
Credential Protection. LSASS protection, MFA enforcement, credential rotation
Lateral Movement Controls, network segmentation, admin share restrictions, SMB controls
Discovery Detection, network scan alerting, AD enumeration detection
Data Protection. DLP policies, staging detection, encryption at rest
Exfiltration Prevention. DNS filtering, outbound monitoring, proxy enforcement
Encryption Defense, ransomware behavior detection, file integrity monitoring
Recovery Capability, backup integrity, offline backups, recovery time objectives
C2 Detection, beacon detection, DNS tunnel identification, proxy enforcement

Each phase is scored and produces specific recommendations. Overall readiness levels: READY (80+), PARTIAL (60-79), AT RISK (40-59), CRITICAL (below 40).

System Requirements

Component	Minimum	Recommended
Processor	Apple M1	Apple M2 Pro / M3 Pro or later
Memory	16 GB unified	36-64 GB unified
Storage	15 GB free	30 GB free (for scan data growth)
macOS	macOS 13 Ventura	macOS 14 Sonoma or later
Network	Not required (air-gap capable)	LAN access to scan targets
Display	1440x900	Retina display

What's Included in the DMG

CVEasy AI application (Tauri desktop shell)
Backend server (cveasy-server)
BASzy attack engine (baszy-server)
AI inference engine (llama-server, zero external dependencies)
AI model (4.4 GB GGUF, optimized for Apple Silicon Metal GPU)
CVE database (337,124 CVEs pre-loaded)
Attack payload database (12,868 validated payloads across 40 categories)

No Homebrew, Docker, Python, or cloud accounts needed. Everything runs from the app bundle.

Troubleshooting

App opens but shows a blank white screen

The backend server may still be starting. Wait 10-15 seconds for the AI engine to initialize. If the screen stays blank, check Console.app for errors from "CVEasy AI". Try quitting and reopening the app.

AI remediation is slow or not generating

The AI engine requires Apple Silicon (M1/M2/M3/M4) with Metal GPU acceleration. On 16 GB machines, the first generation may take 30-60 seconds as the model loads into GPU memory. Subsequent generations are faster (10-15 seconds). If generation fails completely, check that no other GPU-intensive apps are running.

BASzy scans find nothing

Check that: (1) Your target network is reachable from the machine running CVEasy AI. (2) EDR/firewall isn't blocking BASzy's scan traffic. (3) You've whitelisted CVEasy AI in your EDR. Try importing scan data from an existing scanner first to verify the pipeline works.

"Port already in use" error on startup

Another instance of CVEasy AI may be running. Quit all instances and try again. If the issue persists, run lsof -i :3001 in Terminal to find what's using the port, then kill [PID] to stop it.

Scanner import fails or shows 0 CVEs

Verify your scan file format is correct. CVEasy expects: Nessus (.nessus XML), Qualys (XML), Rapid7 (XML), OpenVAS (XML), Nuclei (JSON), Burp (XML), ZAP (JSON/XML), Trivy (JSON), or CSV with columns: ip, hostname, cve_id, port, severity. Check that the file isn't empty or corrupted.

License activation fails

License keys follow the format CVEAI-PRO-XXXX-XXXX-XXXX. Ensure you're entering the key exactly as provided (case-sensitive). If your machine was recently reimaged or the hardware changed, contact sales@cveasyai.com for a key reset.

App crashes on macOS Sequoia

Ensure you're running the latest version of CVEasy AI. If the crash persists, right-click the app in Finder, select "Get Info", and ensure "Open using Rosetta" is NOT checked (CVEasy AI is native Apple Silicon). Report persistent crashes to support@cveasyai.com with the crash log from Console.app.

EDR Whitelisting

BASzy performs authorized security testing that may trigger EDR/AV alerts. Whitelist the following before running attack simulations:

/Applications/CVEasy AI.app/Contents/MacOS/cveasy-ai
/Applications/CVEasy AI.app/Contents/MacOS/cveasy-server
/Applications/CVEasy AI.app/Contents/MacOS/llama-server
/Applications/CVEasy AI.app/Contents/MacOS/baszy-server

For platform-specific steps covering CrowdStrike Falcon, SentinelOne, Microsoft Defender, Carbon Black, and Sophos, contact support@cveasyai.com.

Frequently Asked Questions

Does CVEasy AI need internet access?

No. CVEasy runs 100% offline. The AI engine, CVE database (337,000+ CVEs), and all features work without internet. When online, it automatically syncs new CVEs from NVD, but this is optional.

Can I use my existing Nessus/Qualys scans?

Yes. Upload your scan files directly. CVEasy supports 9 scanner formats including Nessus (.nessus), Qualys XML, Rapid7 XML, OpenVAS, Nuclei, Burp Suite, ZAP, Trivy, and generic CSV. Assets are auto-created and CVEs auto-linked.

What if I don't have a vulnerability scanner?

You don't need one. BASzy's built-in discovery engine scans your network, identifies assets, fingerprints services, and tests for vulnerabilities, all without external tools.

How is TRIS™ different from CVSS?

CVSS measures technical severity. TRIS™ v2 measures actual risk by combining 12 signals: CVSS, EPSS (weaponization probability), CISA KEV (active exploitation), threat actor targeting, asset criticality, public exposure, BASzy validation (proven exploitability), plus five novel layers, attack-path blast radius, supply-chain propagation, defense efficacy, predictive trajectory, and FAIR-based financial impact. A CVSS 7.5 that's being actively exploited by APT29 against your industry scores much higher than a CVSS 9.0 that's theoretical.

Is BASzy safe to run in production?

BASzy respects authorization levels. In "low_impact" mode (default), all tests are non-destructive, they detect vulnerabilities without exploiting them. Aggressive testing requires explicit authorization and is designed for dedicated test environments.

How do I back up my data?

Go to Settings → Backup → Create Backup. The backup includes your entire CVE database, scan history, asset inventory, findings, and configuration. Download the backup file to external storage for disaster recovery.

What hardware do I need?

Mac with Apple Silicon (M1/M2/M3/M4) and 16GB+ unified memory. Recommended: 36-64GB for the best AI performance. Apple Silicon (M1/M2/M3/M4) is required for the built-in AI engine.

Can multiple people use one installation?

Yes. CVEasy runs as a web application on your local network. Anyone on the same network can access it via browser at the server's IP address. Enterprise licenses support unlimited concurrent users.

How do I update CVEasy AI?

Download the latest DMG from your account and install over the existing application. Your database and settings are preserved, they're stored in ~/Library/Application Support/CVEasy AI/, not inside the app bundle.

What compliance frameworks are supported?

CVEasy maps to 86 controls across 9 frameworks: HIPAA, PCI-DSS v4.0, SOC 2 TSC, ISO 27001:2022, NIST CSF v2.0, CIS Controls v8, FedRAMP (NIST 800-53), GDPR, and CCPA. Each CVE shows which compliance controls it threatens.

Will BASzy trigger my EDR/antivirus?

It might, that's actually the point. BASzy tests whether your security controls detect attack techniques. If your EDR blocks a BASzy test, that's a PASS. If it doesn't, that's a gap to fix. For smooth operation, whitelist CVEasy AI in your EDR before running campaigns.