@blamejs/exceptd-skills 0.13.3 → 0.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/AGENTS.md +41 -4
  2. package/CHANGELOG.md +64 -0
  3. package/README.md +79 -13
  4. package/bin/exceptd.js +117 -9
  5. package/data/_indexes/_meta.json +44 -44
  6. package/data/_indexes/activity-feed.json +3 -3
  7. package/data/_indexes/catalog-summaries.json +3 -3
  8. package/data/_indexes/chains.json +0 -32
  9. package/data/_indexes/handoff-dag.json +127 -57
  10. package/data/_indexes/section-offsets.json +465 -411
  11. package/data/_indexes/summary-cards.json +34 -34
  12. package/data/_indexes/token-budget.json +298 -268
  13. package/data/cve-catalog.json +4 -146
  14. package/data/exploit-availability.json +0 -27
  15. package/data/framework-control-gaps.json +2 -2
  16. package/data/playbooks/ai-discovered-cve-triage.json +1146 -0
  17. package/data/playbooks/cicd-pipeline-compromise.json +3 -0
  18. package/data/playbooks/cred-stores.json +1 -0
  19. package/data/playbooks/crypto.json +3 -0
  20. package/data/playbooks/framework.json +3 -0
  21. package/data/playbooks/idp-incident.json +2 -1
  22. package/data/playbooks/kernel.json +1 -0
  23. package/data/playbooks/mcp.json +27 -2
  24. package/data/playbooks/post-quantum-migration.json +1268 -0
  25. package/data/playbooks/runtime.json +1 -0
  26. package/data/playbooks/sbom.json +3 -0
  27. package/data/playbooks/supply-chain-recovery.json +1332 -0
  28. package/data/zeroday-lessons.json +0 -89
  29. package/lib/schemas/cve-catalog.schema.json +2 -1
  30. package/lib/schemas/playbook.schema.json +5 -0
  31. package/lib/validate-cve-catalog.js +27 -0
  32. package/manifest.json +80 -80
  33. package/orchestrator/index.js +58 -1
  34. package/package.json +1 -1
  35. package/sbom.cdx.json +99 -66
  36. package/skills/age-gates-child-safety/skill.md +2 -0
  37. package/skills/ai-attack-surface/skill.md +2 -0
  38. package/skills/ai-c2-detection/skill.md +2 -0
  39. package/skills/ai-risk-management/skill.md +2 -0
  40. package/skills/api-security/skill.md +2 -0
  41. package/skills/attack-surface-pentest/skill.md +2 -0
  42. package/skills/cloud-security/skill.md +2 -0
  43. package/skills/compliance-theater/skill.md +28 -2
  44. package/skills/container-runtime-security/skill.md +2 -0
  45. package/skills/coordinated-vuln-disclosure/skill.md +1 -1
  46. package/skills/defensive-countermeasure-mapping/skill.md +2 -0
  47. package/skills/dlp-gap-analysis/skill.md +2 -0
  48. package/skills/exploit-scoring/skill.md +30 -1
  49. package/skills/framework-gap-analysis/skill.md +28 -1
  50. package/skills/fuzz-testing-strategy/skill.md +4 -2
  51. package/skills/global-grc/skill.md +2 -0
  52. package/skills/identity-assurance/skill.md +2 -0
  53. package/skills/kernel-lpe-triage/skill.md +2 -0
  54. package/skills/mcp-agent-trust/skill.md +4 -0
  55. package/skills/mlops-security/skill.md +2 -0
  56. package/skills/ot-ics-security/skill.md +2 -0
  57. package/skills/policy-exception-gen/skill.md +28 -1
  58. package/skills/pqc-first/skill.md +2 -0
  59. package/skills/rag-pipeline-security/skill.md +2 -0
  60. package/skills/researcher/skill.md +2 -0
  61. package/skills/sector-energy/skill.md +2 -0
  62. package/skills/sector-federal-government/skill.md +2 -0
  63. package/skills/sector-financial/skill.md +2 -0
  64. package/skills/sector-healthcare/skill.md +2 -0
  65. package/skills/security-maturity-tiers/skill.md +2 -0
  66. package/skills/skill-update-loop/skill.md +2 -0
  67. package/skills/supply-chain-integrity/skill.md +2 -0
  68. package/skills/threat-model-currency/skill.md +37 -1
  69. package/skills/threat-modeling-methodology/skill.md +2 -0
  70. package/skills/webapp-security/skill.md +2 -0
  71. package/skills/zeroday-gap-learn/skill.md +33 -1
package/data/playbooks/ai-discovered-cve-triage.json ADDED
@@ -0,0 +1,1146 @@
1
+ {
2
+ "_meta": {
3
+ "id": "ai-discovered-cve-triage",
4
+ "version": "1.0.0",
5
+ "last_threat_review": "2026-05-18",
6
+ "threat_currency_score": 95,
7
+ "changelog": [
8
+ {
9
+ "version": "1.0.0",
10
+ "date": "2026-05-18",
11
+ "summary": "Initial seven-phase AI-discovered CVE operational-triage playbook. Distinct from `ai-api` (AI as attack surface) and from existing ai-c2 detection (AI as command-and-control channel): ai-discovered-cve-triage covers the OPERATOR-SIDE response when a CVE is published with an AI-discovery attribution. Walks the AI-discovery claim verification process (Big Sleep / depthfirst / Zellic AI-agentic / Xint / GTIG), the elevated weaponization-velocity expectation (the same AI tooling that found the bug shortens exploit-development cycles), the AI-discovery RWEP factor consequence (+15 to RWEP under the canonical formula), and the framework-coverage gap — none of NIST 800-53 / ISO 27001 / NIS2 / DORA / EU CRA / SOC 2 require AI-discovery to be a tracked input to vulnerability management. Anchors on CVE-2026-31431 (Copy Fail, Theori + Xint), CVE-2026-46300 (Fragnesia, Zellic AI-agentic), CVE-2026-42945 (NGINX Rift, depthfirst — first publicly-attributed AI-discovered nginx CVE), the GTIG 41% of 2025 zero-days statistic, and Hard Rule #7 from AGENTS.md (AI as current reality, not 'emerging'). Cross-walks to framework for compliance-gap surfacing and to kernel for AI-discovered LPE-class follow-through.",
12
+ "cves_added": [
13
+ "CVE-2026-31431",
14
+ "CVE-2026-46300",
15
+ "CVE-2026-42945"
16
+ ],
17
+ "framework_gaps_updated": [
18
+ "nist-800-53-RA-5-ai-discovery-input",
19
+ "nist-800-53-SI-5-ai-discovery-feed",
20
+ "iso-27001-2022-A.5.7-ai-threat-intelligence",
21
+ "nis2-art21-2c-ai-discovery-cadence",
22
+ "dora-art10-ai-discovery-tpp-feeds",
23
+ "eu-cra-art14-ai-discovery-disclosure",
24
+ "soc2-CC7.1-ai-discovery-anomaly"
25
+ ]
26
+ }
27
+ ],
28
+ "owner": "@blamejs/platform-security",
29
+ "air_gap_mode": false,
30
+ "scope": "cross-cutting",
31
+ "preconditions": [
32
+ {
33
+ "id": "vulnerability-feed-readable",
34
+ "description": "Agent must be able to read the operator's vulnerability-management feed: NVD ingest, CISA KEV ingest, GHSA / OSV feeds, vendor advisories, organisation-internal vulnerability tracker (Jira, ServiceNow VR, Snyk export). Without this, AI-discovered CVE arrival cannot be correlated to assets in scope.",
35
+ "check": "agent_has_vulnerability_feed_access == true",
36
+ "on_fail": "halt"
37
+ },
38
+ {
39
+ "id": "asset-inventory-readable",
40
+ "description": "Agent must be able to query the operator's asset inventory to determine whether the AI-discovered CVE applies. A CVE-arrival without an asset-applicability map degrades to noise.",
41
+ "check": "agent_has_cmdb_api_token == true OR agent_has_filesystem_read == true",
42
+ "on_fail": "halt"
43
+ }
44
+ ],
45
+ "mutex": [],
46
+ "feeds_into": [
47
+ {
48
+ "playbook_id": "framework",
49
+ "condition": "analyze.compliance_theater_check.verdict == 'theater'"
50
+ },
51
+ {
52
+ "playbook_id": "kernel",
53
+ "condition": "finding.cve_class == 'kernel-lpe'"
54
+ },
55
+ {
56
+ "playbook_id": "sbom",
57
+ "condition": "finding.cve_class == 'supply-chain' OR finding.affects_dependency_tree == true"
58
+ },
59
+ {
60
+ "playbook_id": "runtime",
61
+ "condition": "finding.cve_class == 'webapp-rce' OR finding.cve_class == 'kernel-lpe' OR finding.requires_runtime_indicators == true"
62
+ }
63
+ ]
64
+ },
65
+ "domain": {
66
+ "name": "AI-discovered CVE operational triage",
67
+ "attack_class": "ai-attack-surface",
68
+ "atlas_refs": [
69
+ "AML.T0017",
70
+ "AML.T0040"
71
+ ],
72
+ "attack_refs": [
73
+ "T1068",
74
+ "T1190",
75
+ "T1059",
76
+ "T1588.006"
77
+ ],
78
+ "cve_refs": [
79
+ "CVE-2026-31431",
80
+ "CVE-2026-46300",
81
+ "CVE-2026-42945"
82
+ ],
83
+ "cwe_refs": [
84
+ "CWE-20",
85
+ "CWE-94",
86
+ "CWE-200",
87
+ "CWE-269",
88
+ "CWE-787"
89
+ ],
90
+ "d3fend_refs": [
91
+ "D3-CA",
92
+ "D3-IOPR",
93
+ "D3-FAPA"
94
+ ],
95
+ "frameworks_in_scope": [
96
+ "nist-800-53",
97
+ "nist-csf-2",
98
+ "iso-27001-2022",
99
+ "soc2",
100
+ "nis2",
101
+ "dora",
102
+ "eu-cra",
103
+ "uk-caf",
104
+ "au-ism",
105
+ "cmmc"
106
+ ]
107
+ },
108
+ "phases": {
109
+ "govern": {
110
+ "jurisdiction_obligations": [
111
+ {
112
+ "jurisdiction": "EU",
113
+ "regulation": "NIS2 Art.23",
114
+ "obligation": "notify_regulator",
115
+ "window_hours": 24,
116
+ "clock_starts": "detect_confirmed",
117
+ "evidence_required": [
118
+ "ai_discovery_attribution_evidence",
119
+ "affected_asset_inventory",
120
+ "remediation_eta"
121
+ ]
122
+ },
123
+ {
124
+ "jurisdiction": "EU",
125
+ "regulation": "DORA Art.19",
126
+ "obligation": "notify_regulator",
127
+ "window_hours": 4,
128
+ "clock_starts": "detect_confirmed",
129
+ "evidence_required": [
130
+ "ict_critical_function_impact",
131
+ "containment_record"
132
+ ]
133
+ },
134
+ {
135
+ "jurisdiction": "EU",
136
+ "regulation": "EU CRA Art.14",
137
+ "obligation": "notify_regulator",
138
+ "window_hours": 24,
139
+ "clock_starts": "detect_confirmed",
140
+ "evidence_required": [
141
+ "actively_exploited_assessment",
142
+ "user_notification_draft"
143
+ ]
144
+ },
145
+ {
146
+ "jurisdiction": "US-Federal",
147
+ "regulation": "CIRCIA (proposed; CISA reporting)",
148
+ "obligation": "notify_regulator",
149
+ "window_hours": 72,
150
+ "clock_starts": "analyze_complete",
151
+ "evidence_required": [
152
+ "covered_cyber_incident_assessment",
153
+ "ai_discovery_attribution"
154
+ ]
155
+ },
156
+ {
157
+ "jurisdiction": "US-Federal",
158
+ "regulation": "SEC Item 1.05 (8-K)",
159
+ "obligation": "notify_regulator",
160
+ "window_hours": 96,
161
+ "clock_starts": "analyze_complete",
162
+ "evidence_required": [
163
+ "material_impact_determination",
164
+ "incident_description"
165
+ ]
166
+ },
167
+ {
168
+ "jurisdiction": "AU",
169
+ "regulation": "APRA CPS 234",
170
+ "obligation": "notify_regulator",
171
+ "window_hours": 72,
172
+ "clock_starts": "validate_complete",
173
+ "evidence_required": [
174
+ "materiality_assessment",
175
+ "remediation_completed_evidence"
176
+ ]
177
+ },
178
+ {
179
+ "jurisdiction": "UK",
180
+ "regulation": "NCSC CAF B5 (Resilient Networks) + ICO Art.33",
181
+ "obligation": "notify_regulator",
182
+ "window_hours": 72,
183
+ "clock_starts": "detect_confirmed",
184
+ "evidence_required": [
185
+ "incident_assessment",
186
+ "containment_record"
187
+ ]
188
+ }
189
+ ],
190
+ "theater_fingerprints": [
191
+ {
192
+ "pattern_id": "cvss-only-triage-for-ai-discovered",
193
+ "claim": "Our patch-management SLA is calibrated to CVSS, so a CVSS 7.8 AI-discovered CVE is processed under the standard 30-day window.",
194
+ "fast_detection_test": "Read the operator's vulnerability-management policy. Confirm it has a separate triage tier for AI-discovered CVEs that recognises (a) the same AI tooling that found the bug shortens exploit-development cycles, (b) AI-discovered CVEs accumulate to KEV listing faster than the historical mean (Copy Fail KEV-listed within 7 weeks of disclosure), (c) RWEP for AI-discovered CVEs is +15 above the non-AI baseline under the canonical scoring formula. If the policy treats AI-discovered identically to non-AI, the policy is theater — operationally the population behaves differently.",
195
+ "implicated_controls": [
196
+ "nist-800-53-RA-5",
197
+ "nist-800-53-SI-2",
198
+ "iso-27001-2022-A.8.8"
199
+ ]
200
+ },
201
+ {
202
+ "pattern_id": "ai-discovery-attribution-unverified",
203
+ "claim": "The CVE was reported as AI-discovered, so we are tracking it accordingly.",
204
+ "fast_detection_test": "Pull the source attribution. AI-discovery claims fall into bands: (a) AI tool found AND publicly attributed (e.g. depthfirst for nginx-rift, Theori + Xint for Copy Fail) — confidently AI-discovered, (b) AI-assisted (human researcher + AI tool, e.g. Zellic's AI-agentic platform for Fragnesia, Bowling + tool) — confirm via the secondary source, (c) AI-claimed without independent corroboration — treat as unverified, decline the +15 RWEP factor. Theater is calling all three the same. Verify before applying the factor.",
205
+ "implicated_controls": [
206
+ "nist-800-53-SI-5",
207
+ "iso-27001-2022-A.5.7"
208
+ ]
209
+ },
210
+ {
211
+ "pattern_id": "no-ai-discovery-feed",
212
+ "claim": "Our vulnerability-intel feed covers NVD + KEV + GHSA — we have AI-discovered CVE coverage.",
213
+ "fast_detection_test": "NVD and KEV record CVE metadata but do not flag AI-discovery attribution as a structured field. The operator must independently track AI-discovery sources (Theori writeups, depthfirst disclosures, Zellic publications, Google Project Zero AI program, GTIG zero-day annual report). If the operator's feed pipeline does not enumerate any of those sources, the operator is structurally blind to the AI-discovery signal regardless of NVD/KEV coverage.",
214
+ "implicated_controls": [
215
+ "nist-800-53-SI-5",
216
+ "iso-27001-2022-A.5.7",
217
+ "nis2-art21-2c"
218
+ ]
219
+ },
220
+ {
221
+ "pattern_id": "kev-as-only-escalation-signal",
222
+ "claim": "We escalate when CISA KEV lists the CVE — that is our active-exploitation signal.",
223
+ "fast_detection_test": "KEV-list lag is operationally significant. Copy Fail was disclosed 2026-04-29 and KEV-listed 2026-05-01; many AI-discovered CVEs accumulate to KEV within 1-7 weeks. Waiting for KEV abandons the 1-7 week window where AI-accelerated exploit-development closes against operator-side patch-deployment. The escalation must combine AI-discovery + public PoC + the RWEP-derived SLA, not KEV alone.",
224
+ "implicated_controls": [
225
+ "nist-800-53-SI-2",
226
+ "nist-800-53-RA-7",
227
+ "iso-27001-2022-A.8.8"
228
+ ]
229
+ }
230
+ ],
231
+ "framework_context": {
232
+ "gap_summary": "No compliance framework in scope as of 2026-05 requires AI-discovery to be a tracked input to vulnerability management. NIST 800-53 RA-5 (Vulnerability Scanning) defines scan cadence and severity-based triage but treats discovery-mechanism as an undifferentiated property — an AI-discovered CVE is processed identically to a manually-discovered one. SI-5 (Security Alerts, Advisories, and Directives) names feed sources without anchoring AI-discovery vendor feeds (Theori, depthfirst, Zellic, GTIG). ISO 27001 A.5.7 (Threat intelligence) describes feed collection without naming AI-discovery as a discrimination axis. NIS2 Art.21(2)(c) names vulnerability handling as essential measure without algorithm specifics. DORA Art.10 (ICT-related Incident Management) covers incident classification but not the AI-discovery-derived weaponization-velocity prediction. EU CRA Art.14 (Coordinated vulnerability disclosure) covers manufacturer disclosure obligations but not consumer-side triage acceleration. SOC 2 CC7.1 (System operation monitoring) covers anomaly detection without anchoring AI-discovered CVE intel as a discrete control. The result: an organisation can be fully NIST/ISO/NIS2/DORA/SOC 2 compliant while running 30-day patch SLAs against a population of CVEs whose AI-accelerated weaponization tempo makes 30 days an exploitation window, not a security window. Hard Rule #7 of AGENTS.md (AI as current reality, not 'emerging') sets the project's normative position: 41% of 2025 zero-days had AI involvement per GTIG; treating discovery-mechanism as undifferentiated mis-prices the operational risk.",
233
+ "lag_score": 540,
234
+ "per_framework_gaps": [
235
+ {
236
+ "framework": "nist-800-53",
237
+ "control_id": "RA-5 — Vulnerability Scanning",
238
+ "designed_for": "Scheduled vulnerability scanning + severity-based remediation tracking.",
239
+ "insufficient_because": "Treats discovery-mechanism as undifferentiated. No control text requires AI-discovery to be tracked as a triage input. A vulnerability-management programme can satisfy RA-5 with quarterly scanning + 30-day SLA against a CVE that the originating AI tool can re-target faster than the SLA window."
240
+ },
241
+ {
242
+ "framework": "nist-800-53",
243
+ "control_id": "RA-7 — Risk Response",
244
+ "designed_for": "Risk-response selection: accept, transfer, mitigate, avoid.",
245
+ "insufficient_because": "Risk-response decisions calibrated to CVSS-equivalent severity without AI-discovery weaponization-velocity input under-weight the response urgency. RA-7 names risk assessment but not the operational signal that AI-discovery shortens exploit cycles."
246
+ },
247
+ {
248
+ "framework": "nist-800-53",
249
+ "control_id": "SI-2 — Flaw Remediation",
250
+ "designed_for": "Flaw remediation 'within organization-defined timeframes'.",
251
+ "insufficient_because": "Organisation-defined timeframes are typically 30 days for critical without acknowledging AI-discovery class. An AI-discovered RCE with public PoC has been weaponised before the typical 30-day window completes; SI-2 timeframe definitions don't enforce the right time-bound."
252
+ },
253
+ {
254
+ "framework": "nist-800-53",
255
+ "control_id": "SI-5 — Security Alerts, Advisories, and Directives",
256
+ "designed_for": "Receive and act on advisories from authoritative sources.",
257
+ "insufficient_because": "Names CISA, US-CERT, vendor advisories. Does not require subscription to AI-discovery vendor feeds (Theori, depthfirst, Zellic, GTIG annual reports). Operators relying only on the named sources are blind to the AI-discovery attribution that elevates RWEP."
258
+ },
259
+ {
260
+ "framework": "iso-27001-2022",
261
+ "control_id": "A.5.7 — Threat intelligence",
262
+ "designed_for": "Collection + analysis of threat-intelligence feeds.",
263
+ "insufficient_because": "Describes feed collection without naming AI-discovery as a discrimination axis. Compliant feed coverage can omit every AI-discovery source and still satisfy A.5.7."
264
+ },
265
+ {
266
+ "framework": "iso-27001-2022",
267
+ "control_id": "A.8.8 — Management of technical vulnerabilities",
268
+ "designed_for": "Identification, evaluation, treatment of technical vulnerabilities.",
269
+ "insufficient_because": "'Appropriate timescales' undefined and AI-discovery not surfaced as a treatment input. Standard 30-day interpretation is unsafe for deterministic AI-discovered RCE/LPE with public PoC."
270
+ },
271
+ {
272
+ "framework": "nis2",
273
+ "control_id": "Art.21(2)(c) — Vulnerability handling and disclosure",
274
+ "designed_for": "Vulnerability handling as essential cybersecurity measure.",
275
+ "insufficient_because": "Process-only; no algorithm specifics. AI-discovery weaponization-velocity is not a recognised triage input. Essential entities can satisfy Art.21(2)(c) with a documented process that ignores AI-discovery signal."
276
+ },
277
+ {
278
+ "framework": "dora",
279
+ "control_id": "Art.10 — ICT-related Incident Management",
280
+ "designed_for": "Incident classification + reporting for financial entities.",
281
+ "insufficient_because": "Classification thresholds inherit CVSS-equivalent severity. No AI-discovery uplift. Financial-entity-side weaponization tempo against AI-discovered CVEs is unaddressed."
282
+ },
283
+ {
284
+ "framework": "eu-cra",
285
+ "control_id": "Art.14 — Coordinated vulnerability disclosure",
286
+ "designed_for": "Manufacturer obligation to disclose actively-exploited vulnerabilities.",
287
+ "insufficient_because": "Covers manufacturer disclosure. Consumer-side: a product operator's triage of an AI-discovered CVE in a third-party dependency is unaddressed by Art.14; the consumer inherits the manufacturer's lag without an operational signal."
288
+ },
289
+ {
290
+ "framework": "soc2",
291
+ "control_id": "CC7.1 — System operation monitoring",
292
+ "designed_for": "Anomaly detection + alerting on system events.",
293
+ "insufficient_because": "Does not anchor AI-discovered CVE intel as a discrete control. A CC7.1 trust-services-criteria report can pass without AI-discovery feed coverage."
294
+ },
295
+ {
296
+ "framework": "uk-caf",
297
+ "control_id": "B4 — System security",
298
+ "designed_for": "NCSC CAF outcome that systems are protected from compromise.",
299
+ "insufficient_because": "Outcome-based. AI-discovery weaponization-velocity not named as a B4 input. A vulnerability-management programme that doesn't subscribe to any AI-discovery source can still be assessed as 'achieving' the outcome."
300
+ },
301
+ {
302
+ "framework": "au-ism",
303
+ "control_id": "ISM-1493 — Vulnerability management",
304
+ "designed_for": "Identification + remediation of vulnerabilities in line with Essential 8 ML2/ML3.",
305
+ "insufficient_because": "Patch-application ladder anchors on advisory date + severity. AI-discovery cycle compression not addressed. ML3 48h SLA still long for a deterministic AI-discovered RCE with public PoC."
306
+ }
307
+ ]
308
+ },
309
+ "skill_preload": [
310
+ "ai-attack-surface",
311
+ "exploit-scoring",
312
+ "framework-gap-analysis",
313
+ "compliance-theater",
314
+ "policy-exception-gen",
315
+ "threat-model-currency",
316
+ "ai-risk-management"
317
+ ]
318
+ },
319
+ "direct": {
320
+ "threat_context": "AI-discovered CVE landscape mid-2026 is operational reality, not emerging. GTIG annual zero-day report (early 2026) records 41% of 2025 zero-days carrying AI involvement: AI tools found the bug, AI tools assisted weaponization, or both. Anchor cases for the current cycle: CVE-2026-31431 (Copy Fail) — Linux kernel page-cache CoW LPE, discovered by Theori using Xint Code AI scanner against the Linux crypto/ subsystem with one operator prompt, disclosed 2026-04-29, KEV-listed 2026-05-01 (3 days), 30-day patch SLA insufficient for a CISA KEV + deterministic + 732-byte public exploit. CVE-2026-46300 (Fragnesia) — Linux kernel XFRM ESP-in-TCP page-cache corruption, AI-assisted discovery by William Bowling using Zellic.io AI-agentic platform, deterministic LPE with module-unload mitigation available, disclosed 2026-05-13; rwep 35 today with explicit notes that score jumps to 55+ on KEV listing + 65+ on confirmed exploitation. CVE-2026-42945 (NGINX Rift) — first publicly-attributed AI-discovered nginx CVE, depthfirst autonomous-analysis discovered heap-buffer-overflow in nginx_http_rewrite_module within 6 hours of scan time, vulnerable code present since nginx 0.6.27 (18 years); operator-side live mitigation = replace unnamed PCRE captures with named captures, no nginx restart. The cycle reads: AI tool finds long-standing bug → public attribution → public PoC within hours-to-days → KEV listing within days-to-weeks → exploitation tempo matches AI-discovery tempo. Operator-side: triage must apply RWEP +15 ai_factor at disclosure (not at KEV listing), source corroborate the AI-discovery claim (Theori writeup mirrored at xint.io, depthfirst github, Zellic publications, GTIG report), and tighten the SLA against the original SI-2 / A.8.8 / Art.21(2)(c) clock by treating AI-discovered as a 'KEV-pending' class. The AI-asymmetry is structural: a vulnerability researcher with an AI tool produces both a finder and a weaponiser; the operator with no AI-discovery feed processes both as a single CVE event lagging the disclosure clock.",
321
+ "rwep_threshold": {
322
+ "escalate": 75,
323
+ "monitor": 50,
324
+ "close": 30
325
+ },
326
+ "framework_lag_declaration": "NIST 800-53 RA-5 + RA-7 + SI-2 + SI-5, ISO 27001 A.5.7 + A.8.8, NIS2 Art.21(2)(c), DORA Art.10, EU CRA Art.14, SOC 2 CC7.1, UK CAF B4, AU ISM-1493 are all structurally insufficient for AI-discovered CVE triage. None require AI-discovery to be a tracked input to vulnerability management. None require subscription to AI-discovery vendor feeds (Theori, depthfirst, Zellic, GTIG). None require SLA tightening for the AI-discovered class. The framework cadence is ~540 days behind the operational AI-discovery wave (FIPS-style AI auditing landed mid-2024; 41% AI-zero-day attribution landed early 2026). Compensating controls (AI-discovery feed subscription + AI-discovery RWEP factor enforcement + tightened SLA tier for AI-discovered class + AI-attribution verification process) must close the gap before SLA-only compliance can be accepted. None of the frameworks in scope require any of those four controls.",
327
+ "skill_chain": [
328
+ {
329
+ "skill": "ai-attack-surface",
330
+ "purpose": "Apply the AI-attack-surface taxonomy to the discovery event: was the AI a finder, an assistant, or a weaponiser? Surface which AI-tooling families are in operational use against this CVE class.",
331
+ "required": true
332
+ },
333
+ {
334
+ "skill": "exploit-scoring",
335
+ "purpose": "Apply RWEP scoring with the +15 ai_factor enforced; cross-walk against CVSS to surface the framework-SLA underweighting.",
336
+ "required": true
337
+ },
338
+ {
339
+ "skill": "threat-model-currency",
340
+ "purpose": "Confirm the CVE catalog entry carries last_updated within the recency window; refuse stale-intel triage per Hard Rule #1.",
341
+ "required": true
342
+ },
343
+ {
344
+ "skill": "framework-gap-analysis",
345
+ "purpose": "Map the AI-discovery signal against the eleven framework controls listed above; surface which framework would have flagged the underweighting and which would not.",
346
+ "required": true
347
+ },
348
+ {
349
+ "skill": "compliance-theater",
350
+ "purpose": "Run the four theater tests in govern.theater_fingerprints; emit verdict per pattern.",
351
+ "required": true
352
+ },
353
+ {
354
+ "skill": "ai-risk-management",
355
+ "purpose": "Apply NIST AI RMF mapping where the AI-discovery class touches the operator's own AI / ML deployments; surface model-supply-chain implications.",
356
+ "skip_if": "operator_ai_estate_empty == true",
357
+ "required": false
358
+ },
359
+ {
360
+ "skill": "policy-exception-gen",
361
+ "purpose": "Generate auditor-ready exception language for assets that cannot reach the AI-discovered-tier SLA within the cycle.",
362
+ "skip_if": "close.exception_generation.trigger_condition == false",
363
+ "required": false
364
+ }
365
+ ],
366
+ "token_budget": {
367
+ "estimated_total": 19500,
368
+ "breakdown": {
369
+ "govern": 2800,
370
+ "direct": 1700,
371
+ "look": 2200,
372
+ "detect": 2800,
373
+ "analyze": 4200,
374
+ "validate": 3500,
375
+ "close": 2300
376
+ }
377
+ }
378
+ },
379
+ "look": {
380
+ "artifacts": [
381
+ {
382
+ "id": "ai-discovery-source-feeds",
383
+ "type": "api_response",
384
+ "source": "Subscribe + fetch from the operator's configured AI-discovery vendor feeds: Theori writeups (https://xint.io/blog/, https://theori.io/research/), depthfirst disclosures (https://github.com/depthfirstdisclosures), Zellic publications (https://zellic.io/blog), Google Project Zero AI (https://googleprojectzero.blogspot.com/), GTIG annual + monthly zero-day reports, Microsoft Security Research AI-discovery flags, Sysdig research blog, BleepingComputer + The Register AI-discovery coverage.",
385
+ "description": "Discovery-attribution evidence per CVE. Cross-correlated against NVD + KEV to enrich CVE catalog with ai_discovered flag + discovery_attribution_note.",
386
+ "required": true,
387
+ "air_gap_alternative": "If network unreachable, fall back to locally cached vendor PDFs + the operator's offline ai-discovery archive (mirrored vendor writeups, GitHub repository clones). Mark live discovery-feed state as inventory_gap=feeds_unreachable."
388
+ },
389
+ {
390
+ "id": "cve-catalog-ai-flagged-entries",
391
+ "type": "config_file",
392
+ "source": "Read data/cve-catalog.json + the operator's organisation-internal CVE store (Snyk export, Wiz CNAPP CVE list, GitHub Dependabot alerts). Filter for entries where ai_discovered == true OR ai_assisted_weaponization == true. Capture per-entry: cve_id, ai_discovery_notes, discovery_attribution_note, rwep_score, rwep_factors.ai_factor.",
393
+ "description": "Operator-side AI-discovered CVE inventory. Validates that ai_factor +15 is applied per Hard Rule #7 across every flagged entry.",
394
+ "required": true,
395
+ "air_gap_alternative": "Local cve-catalog.json + cached enterprise CVE store."
396
+ },
397
+ {
398
+ "id": "vulnerability-management-policy",
399
+ "type": "config_file",
400
+ "source": "Read the operator's vulnerability-management policy + SLA matrix: typical paths are policy/vulnerability-management.md, GRC platform export (Archer, ServiceNow VR), security-handbook. Capture per-severity SLA windows + escalation thresholds + per-class overrides (KEV, AI-discovered if present).",
401
+ "description": "Policy artefact that the triage process binds to. Used to detect the cvss-only-triage-for-ai-discovered theater.",
402
+ "required": true,
403
+ "air_gap_alternative": "Local policy filesystem walk."
404
+ },
405
+ {
406
+ "id": "asset-applicability-map",
407
+ "type": "config_file",
408
+ "source": "Cross-reference data/cve-catalog.json affected + affected_versions per AI-discovered entry against the operator's CMDB / package inventory. Sample: for CVE-2026-31431 + CVE-2026-46300 (Linux kernel LPE), query host inventory for kernel >= 4.14 + kernel < 6.8.10. For CVE-2026-42945 (nginx), query nginx deployment list + version pin.",
409
+ "description": "Per-AI-discovered-CVE asset applicability. Bounds the triage scope.",
410
+ "required": true,
411
+ "air_gap_alternative": "Local CMDB + filesystem package query (rpm -qa, dpkg -l, etc.)."
412
+ },
413
+ {
414
+ "id": "feed-currency-attestation",
415
+ "type": "audit_trail",
416
+ "source": "Check the operator's vulnerability-feed pipeline for AI-discovery source coverage: are Theori / depthfirst / Zellic / GTIG / Project Zero AI named as configured sources? When did each source last update the pipeline? A pipeline that names NVD + KEV only is structurally incomplete for AI-discovered class.",
417
+ "description": "Audit trail showing AI-discovery feed coverage + last-update timestamps.",
418
+ "required": true
419
+ },
420
+ {
421
+ "id": "patch-deployment-tempo",
422
+ "type": "audit_trail",
423
+ "source": "Historical patch-deployment-time metric per CVE severity, per AI-discovered flag. Sample: for the trailing 90 days, what was median time-to-deploy for critical AI-discovered vs critical non-AI? If the tempos are identical, the operator is processing both populations the same despite the operational asymmetry.",
424
+ "description": "Operator-side tempo metric. Used to surface whether AI-discovery is currently treated as a discrete class in deployment cadence.",
425
+ "required": false
426
+ },
427
+ {
428
+ "id": "ai-discovery-verification-archive",
429
+ "type": "config_file",
430
+ "source": "Per-AI-discovered-CVE attribution verification record: source URLs cited in the CVE catalog discovery_attribution_note, secondary corroboration (e.g. The Hacker News + Help Net Security cross-citation for Fragnesia), classification (band A — confidently AI-discovered, band B — AI-assisted, band C — claimed-unverified).",
431
+ "description": "Verification archive that supports applying the +15 ai_factor only when attribution clears band A or B.",
432
+ "required": false
433
+ }
434
+ ],
435
+ "collection_scope": {
436
+ "time_window": "rolling_90d_plus_current_cve_arrival",
437
+ "asset_scope": "operator_full_asset_estate_intersected_with_ai_discovered_cve_applicability",
438
+ "depth": "deep",
439
+ "sampling": "complete coverage of operator-internal CVE store; sample 5% of asset estate for applicability validation per CVE. Re-collect on every AI-discovered CVE arrival, every quarterly GTIG report, every vendor publishing cadence."
440
+ },
441
+ "environment_assumptions": [
442
+ {
443
+ "assumption": "operator's vulnerability-management feed pipeline is operational",
444
+ "if_false": "Halt with feed_pipeline_required — AI-discovered CVE triage is moot without the ingestion layer."
445
+ },
446
+ {
447
+ "assumption": "CMDB / asset inventory queries return current data",
448
+ "if_false": "Per-CVE applicability cannot be bounded; mark asset-applicability-map as inventory_gap=cmdb_stale and downgrade overall confidence to medium."
449
+ },
450
+ {
451
+ "assumption": "data/cve-catalog.json is reachable",
452
+ "if_false": "Halt — the catalog is the canonical AI-discovery flag store."
453
+ },
454
+ {
455
+ "assumption": "AI-discovery vendor sources are reachable OR locally cached",
456
+ "if_false": "Run in cached-only mode and mark live verification as inventory_gap=feeds_unreachable; do not refuse triage on currently-active critical CVEs because the verification source happens to be unreachable."
457
+ }
458
+ ],
459
+ "fallback_if_unavailable": [
460
+ {
461
+ "artifact_id": "ai-discovery-source-feeds",
462
+ "fallback_action": "use_compensating_artifact",
463
+ "confidence_impact": "medium"
464
+ },
465
+ {
466
+ "artifact_id": "cve-catalog-ai-flagged-entries",
467
+ "fallback_action": "escalate_to_human",
468
+ "confidence_impact": "high"
469
+ },
470
+ {
471
+ "artifact_id": "vulnerability-management-policy",
472
+ "fallback_action": "escalate_to_human",
473
+ "confidence_impact": "high"
474
+ },
475
+ {
476
+ "artifact_id": "asset-applicability-map",
477
+ "fallback_action": "use_compensating_artifact",
478
+ "confidence_impact": "medium"
479
+ },
480
+ {
481
+ "artifact_id": "feed-currency-attestation",
482
+ "fallback_action": "mark_inconclusive",
483
+ "confidence_impact": "low"
484
+ }
485
+ ]
486
+ },
487
+ "detect": {
488
+ "indicators": [
489
+ {
490
+ "id": "ai-discovered-cve-applicable",
491
+ "type": "log_pattern",
492
+ "value": "Within the cve-catalog-ai-flagged-entries artefact: any entry with ai_discovered == true OR ai_assisted_weaponization == true AND the asset-applicability-map shows at least one operator asset in scope of the CVE's affected_versions.",
493
+ "description": "Operator has an asset in scope of an AI-discovered CVE. Primary trigger for the playbook's downstream phases.",
494
+ "confidence": "deterministic",
495
+ "deterministic": true,
496
+ "cve_ref": "CVE-2026-31431",
497
+ "false_positive_checks_required": [
498
+ "Confirm the asset-applicability-map covers the CVE's actual exploitation precondition. A Linux kernel CVE applies to kernel-resident hosts; a container running a different kernel is not in scope. Verify by cross-referencing the kernel version actually loaded (uname -r) rather than the package-manager kernel version.",
499
+ "Confirm the asset is reachable to the threat model in scope. An asset in an isolated dev environment with no external network has lower exposure than the same asset in production."
500
+ ]
501
+ },
502
+ {
503
+ "id": "ai-discovery-attribution-band-c-unverified",
504
+ "type": "log_pattern",
505
+ "value": "Within the ai-discovery-verification-archive: an entry classified as band-C (claimed-AI-discovered without secondary corroboration) AND the cve-catalog entry sets ai_discovered == true with rwep_factors.ai_factor == 15.",
506
+ "description": "RWEP +15 ai_factor applied without verified attribution. Operator may be over-prioritising; decline the factor until corroborated.",
507
+ "confidence": "high",
508
+ "deterministic": false,
509
+ "false_positive_checks_required": [
510
+ "Confirm secondary corroboration genuinely absent. Sometimes attribution lives in a vendor blog the operator's feed pipeline hasn't ingested yet; check the catalog's verification_sources URL list before flagging the entry as band C.",
511
+ "If the catalog entry is recently added (< 30 days), allow a grace window for corroboration to land — flag as band-C-pending rather than band-C-final."
512
+ ]
513
+ },
514
+ {
515
+ "id": "ai-discovery-feed-coverage-incomplete",
516
+ "type": "behavioral_signal",
517
+ "value": "Within the feed-currency-attestation artefact: the configured feed pipeline names NVD + KEV + GHSA but does NOT name at least one of {Theori / Xint, depthfirst, Zellic, Google Project Zero AI, GTIG annual zero-day report, Microsoft Security Research AI program}.",
518
+ "description": "Structurally blind to AI-discovery attribution signal. The operator may receive the CVE through NVD but without the AI-discovery enrichment.",
519
+ "confidence": "deterministic",
520
+ "deterministic": true,
521
+ "false_positive_checks_required": [
522
+ "Confirm the operator does not consume AI-discovery signal through a secondary aggregator (Snyk Intel, Wiz CNAPP threat-intel, Mandiant Advantage, Recorded Future) that already enriches with AI-discovery attribution. Aggregator coverage is acceptable if it explicitly surfaces the ai_discovered field.",
523
+ "Confirm the operator's organisation-internal CVE store doesn't independently flag AI-discovery via a manual triage step. Manual triage on the receiving side is acceptable but should be documented in policy."
524
+ ]
525
+ },
526
+ {
527
+ "id": "policy-no-ai-discovered-tier",
528
+ "type": "log_pattern",
529
+ "value": "Within the vulnerability-management-policy artefact: the SLA matrix has no row keyed off ai_discovered == true / AI-discovered class / equivalent. The matrix uses only severity (critical / high / medium / low) and KEV flag.",
530
+ "description": "Policy treats AI-discovered identically to non-AI-discovered. Per Hard Rule #7 and the +15 RWEP factor, this under-weights the operational risk class.",
531
+ "confidence": "deterministic",
532
+ "deterministic": true,
533
+ "false_positive_checks_required": [
534
+ "Confirm the policy's KEV-tier handling is sufficient for the operator's AI-discovered CVE arrival pattern. If the operator has a 4-hour SLA on KEV that fires when an AI-discovered CVE accumulates to KEV, the effective handling may close the gap — but only if the KEV-listing lag is acceptable.",
535
+ "Confirm the policy doesn't reference AI-discovery in a non-SLA section (e.g. a 'threat intelligence triage' standalone document). Find the cross-reference before concluding the gap."
536
+ ]
537
+ },
538
+ {
539
+ "id": "deployment-tempo-equal-ai-vs-non-ai",
540
+ "type": "behavioral_signal",
541
+ "value": "Within the patch-deployment-tempo artefact: median time-to-deploy for critical AI-discovered CVEs is within 10% of median time-to-deploy for critical non-AI CVEs over the trailing 90 days.",
542
+ "description": "Operationally, the operator processes AI-discovered identically to non-AI despite the structural asymmetry. Confirms the policy-no-ai-discovered-tier finding has operational consequence.",
543
+ "confidence": "high",
544
+ "deterministic": false,
545
+ "false_positive_checks_required": [
546
+ "Confirm the 90-day sample contains sufficient AI-discovered CVE volume to be statistically meaningful (≥ 5 entries). Small-sample tempo equality may reflect noise, not policy.",
547
+ "Confirm the tempo metric measures time-to-deploy on AFFECTED assets, not time-to-acknowledge or time-to-ticket-creation. Deployment is the gate that matters."
548
+ ]
549
+ },
550
+ {
551
+ "id": "asset-unpatched-past-rwep-sla",
552
+ "type": "log_pattern",
553
+ "value": "Cross-join cve-catalog-ai-flagged-entries × asset-applicability-map × patch-deployment-tempo: any asset still unpatched after the RWEP-derived SLA window (4h for RWEP >= 90, 24h for 75-89, 72h for 60-74) for an AI-discovered CVE.",
554
+ "description": "Asset has exceeded the canonical RWEP-derived SLA for an AI-discovered CVE. Immediate-action class.",
555
+ "confidence": "deterministic",
556
+ "deterministic": true,
557
+ "attack_ref": "T1068",
558
+ "false_positive_checks_required": [
559
+ "Confirm the asset has live-patch coverage in place. A kernel asset with kpatch / canonical-livepatch active against the specific CVE is not 'unpatched' from a risk-state perspective even if the reboot-installed patch is still pending.",
560
+ "Confirm the asset is not on a documented exception register with compensating controls. Exception with compensating controls is not the same shape as overdue.",
561
+ "Confirm the RWEP score derivation matches lib/scoring.js — a score that's been hand-edited above the formula output is itself a finding (catalog drift), not a deployment failure."
562
+ ]
563
+ },
564
+ {
565
+ "id": "no-ai-discovery-verification-process",
566
+ "type": "behavioral_signal",
567
+ "value": "The ai-discovery-verification-archive artefact is empty OR every entry is band-C-unverified — the operator's process does not include attribution verification before applying the +15 ai_factor.",
568
+ "description": "Operator applies (or fails to apply) ai_factor based on the CVE catalog's flag without independent verification. Either over-prioritises unverified claims or under-prioritises confirmed AI-discoveries depending on operator policy.",
569
+ "confidence": "high",
570
+ "deterministic": false
571
+ }
572
+ ],
573
+ "false_positive_profile": [
574
+ {
575
+ "indicator_id": "ai-discovered-cve-applicable",
576
+ "benign_pattern": "Asset has live-patch coverage in place against the specific CVE (e.g. canonical-livepatch / kpatch for kernel LPE) and the live-patch is loaded.",
577
+ "distinguishing_test": "Cross-reference the asset's livepatch state against the CVE id. For kernel CVEs, read /sys/kernel/livepatch/*/cve-ids; for RHEL kpatch, kpatch list. If the CVE id appears in the loaded patch list, downgrade to monitor and re-check on reboot or next livepatch reconciliation."
578
+ },
579
+ {
580
+ "indicator_id": "policy-no-ai-discovered-tier",
581
+ "benign_pattern": "Operator's SLA matrix has a 'KEV + public PoC' tier that ages AI-discovered CVEs into the same handling tier within the time window the operator's deployment can absorb.",
582
+ "distinguishing_test": "Compute the lag between disclosure and KEV-listing for the most recent 5 AI-discovered CVEs in scope. If the median lag plus the KEV-tier SLA exceeds the AI-accelerated weaponization tempo (~7-14 days for the current cycle), the KEV-tier handling is insufficient."
583
+ }
584
+ ],
585
+ "minimum_signal": {
586
+ "detected": "At least one of {ai-discovered-cve-applicable, asset-unpatched-past-rwep-sla, ai-discovery-feed-coverage-incomplete, policy-no-ai-discovered-tier} fires AND the operator has assets in scope.",
587
+ "inconclusive": "CVE catalog accessible but asset-applicability-map cannot be reconciled (CMDB unreachable). Cannot bound triage scope.",
588
+ "not_detected": "Feed pipeline names at least one AI-discovery source, policy SLA matrix has an AI-discovered tier with SLA aligned to RWEP-derived timeline, no asset is past the RWEP-SLA for any flagged AI-discovered CVE, attribution-verification process is operational with band-A or band-B classification for every entry where ai_factor is applied."
589
+ }
590
+ },
591
+ "analyze": {
592
+ "rwep_inputs": [
593
+ {
594
+ "signal_id": "ai-discovered-cve-applicable",
595
+ "rwep_factor": "ai_weaponization",
596
+ "weight": 15,
597
+ "notes": "Per the canonical lib/scoring.js formula, ai_discovered = true contributes +15 ai_factor."
598
+ },
599
+ {
600
+ "signal_id": "ai-discovered-cve-applicable",
601
+ "rwep_factor": "public_poc",
602
+ "weight": 20,
603
+ "notes": "AI-discovered CVEs in the 2026 cycle almost always have public PoC at disclosure (Copy Fail 732 bytes; Fragnesia one-line; nginx-rift depthfirst github)."
604
+ },
605
+ {
606
+ "signal_id": "asset-unpatched-past-rwep-sla",
607
+ "rwep_factor": "active_exploitation",
608
+ "weight": 20,
609
+ "notes": "Asset overdue past RWEP-SLA on an AI-discovered CVE class with public PoC is operationally already in the active-exploitation window."
610
+ },
611
+ {
612
+ "signal_id": "asset-unpatched-past-rwep-sla",
613
+ "rwep_factor": "blast_radius",
614
+ "weight": 25,
615
+ "notes": "Blast radius proportional to the underlying CVE's affected population × the operator's asset count in scope."
616
+ },
617
+ {
618
+ "signal_id": "ai-discovery-feed-coverage-incomplete",
619
+ "rwep_factor": "ai_weaponization",
620
+ "weight": 10,
621
+ "notes": "Structurally blind to AI-discovery signal: every AI-discovered CVE in the cycle is mis-prioritised."
622
+ },
623
+ {
624
+ "signal_id": "policy-no-ai-discovered-tier",
625
+ "rwep_factor": "ai_weaponization",
626
+ "weight": 10,
627
+ "notes": "Policy gap propagates to every AI-discovered CVE the operator processes."
628
+ },
629
+ {
630
+ "signal_id": "ai-discovery-attribution-band-c-unverified",
631
+ "rwep_factor": "patch_available",
632
+ "weight": -5,
633
+ "notes": "Modest mitigation: unverified attribution argues for moderate triage tempo until corroborated."
634
+ }
635
+ ],
636
+ "blast_radius_model": {
637
+ "scope_question": "If the operator fails to triage an AI-discovered CVE within the AI-accelerated weaponization window, what scope of compromise does the operator's asset estate realistically deliver to an adversary with access to the same AI tooling?",
638
+ "scoring_rubric": [
639
+ {
640
+ "condition": "AI-discovered CVE applies to <= 5 ephemeral or low-sensitivity assets; no production data path.",
641
+ "blast_radius_score": 1,
642
+ "description": "Limited to ephemeral asset compromise; minimal data path."
643
+ },
644
+ {
645
+ "condition": "AI-discovered CVE applies to one production service with internal data only; no PII / regulated data.",
646
+ "blast_radius_score": 2,
647
+ "description": "Internal-data exposure; embarrassment + competitive cost."
648
+ },
649
+ {
650
+ "condition": "AI-discovered CVE applies to production service handling PII / PHI / cardholder data with retention 3-10 years.",
651
+ "blast_radius_score": 3,
652
+ "description": "Personal data exposure under GDPR / HIPAA / PCI scope; notification obligations on the standard clock."
653
+ },
654
+ {
655
+ "condition": "AI-discovered CVE applies to multiple production services OR a service in critical-function path (DORA Art.3 critical or important function) OR the underlying CVE is a kernel LPE / pre-auth RCE on web-fabric.",
656
+ "blast_radius_score": 4,
657
+ "description": "Multi-asset cross-service compromise OR critical-function disruption. Material impact under SEC Item 1.05; DORA major-incident classification."
658
+ },
659
+ {
660
+ "condition": "AI-discovered CVE applies to identity-plane / signing-root / org-admin path OR the operator's response is structurally blind (no AI-discovery feed coverage) across the whole estate.",
661
+ "blast_radius_score": 5,
662
+ "description": "Identity-plane compromise OR estate-wide structural blindness — every future AI-discovered CVE in the cycle inherits the same gap."
663
+ }
664
+ ]
665
+ },
666
+ "compliance_theater_check": {
667
+ "claim": "Vulnerability management is operating per NIST 800-53 RA-5 + SI-2 + SI-5, ISO 27001 A.5.7 + A.8.8, NIS2 Art.21(2)(c), DORA Art.10, SOC 2 CC7.1 — feeds are ingested, SLAs are tracked, severity-based remediation is in flight.",
668
+ "audit_evidence": "Quarterly vulnerability scan reports, SLA conformance dashboard, NVD + KEV + GHSA feed ingestion logs, severity-based remediation tickets.",
669
+ "reality_test": "For the trailing 90 days: (a) enumerate every AI-discovered CVE the operator was in scope of; (b) confirm the operator's feed pipeline ingested the AI-discovery attribution within 7 days of public disclosure (not the CVE itself — the AI-discovery attribution); (c) confirm RWEP-tier handling applied a tighter SLA than CVSS-tier on every AI-discovered entry; (d) confirm at least one band-A or band-B verification record exists for entries where ai_factor was applied. Theater verdict if (a)-(d) miss: the audit-clean vulnerability-management programme is structurally blind to the AI-discovery class.",
670
+ "theater_verdict_if_gap": "Operator demonstrates a NIST/ISO-compliant vulnerability-management programme that processes AI-discovered CVEs at the same tempo as non-AI CVEs, without subscription to any AI-discovery vendor feed, without RWEP-tier SLA differentiation, without attribution verification. Either (a) subscribe to AI-discovery vendor feeds (Theori, depthfirst, Zellic, GTIG) and add ingestion to the pipeline, (b) introduce an ai_discovered SLA tier in the policy matrix with windows tied to RWEP-derived timelines, (c) deploy an attribution-verification process before applying +15 ai_factor, (d) track patch-deployment-tempo by ai_discovered flag to surface tempo equality as a finding, OR (e) generate a defensible policy exception via policy-exception-gen acknowledging the structural blindness + compensating-control posture."
671
+ },
672
+ "framework_gap_mapping": [
673
+ {
674
+ "finding_id": "ai-discovered-cve-triage-gap",
675
+ "framework": "nist-800-53",
676
+ "claimed_control": "RA-5 — Vulnerability Scanning",
677
+ "actual_gap": "Treats discovery-mechanism as undifferentiated. No control text requires AI-discovery to be tracked as triage input.",
678
+ "required_control": "Extend RA-5 with an ai_discovered triage input requirement: vulnerability-management programmes must track ai_discovered as a structured field, apply tighter SLA tier than non-AI CVEs of equivalent severity, and subscribe to at least one AI-discovery vendor feed."
679
+ },
680
+ {
681
+ "finding_id": "ai-discovered-cve-triage-gap",
682
+ "framework": "nist-800-53",
683
+ "claimed_control": "SI-2 — Flaw Remediation",
684
+ "actual_gap": "Organisation-defined timeframes typically 30 days for critical. AI-discovered + public PoC has been weaponised before 30-day window completes.",
685
+ "required_control": "Add SI-2 sub-control binding remediation timeframe to RWEP-derived SLA for AI-discovered class: 4h for RWEP >= 90, 24h for 75-89, 72h for 60-74."
686
+ },
687
+ {
688
+ "finding_id": "ai-discovered-cve-triage-gap",
689
+ "framework": "nist-800-53",
690
+ "claimed_control": "SI-5 — Security Alerts, Advisories, and Directives",
691
+ "actual_gap": "Names CISA + US-CERT + vendor advisories. AI-discovery vendor feeds not enumerated.",
692
+ "required_control": "Update SI-5 enumeration to include AI-discovery vendor feeds: Theori, depthfirst, Zellic, Google Project Zero AI, GTIG annual zero-day reports, Microsoft Security Research AI program."
693
+ },
694
+ {
695
+ "finding_id": "ai-discovered-cve-triage-gap",
696
+ "framework": "iso-27001-2022",
697
+ "claimed_control": "A.5.7 — Threat intelligence",
698
+ "actual_gap": "Describes feed collection without naming AI-discovery as discrimination axis.",
699
+ "required_control": "Amend A.5.7 implementation guidance to require AI-discovery as a discrete threat-intelligence axis with named vendor coverage."
700
+ },
701
+ {
702
+ "finding_id": "ai-discovered-cve-triage-gap",
703
+ "framework": "iso-27001-2022",
704
+ "claimed_control": "A.8.8 — Management of technical vulnerabilities",
705
+ "actual_gap": "'Appropriate timescales' undefined; AI-discovery not surfaced as treatment input.",
706
+ "required_control": "Amend A.8.8 implementation guidance: AI-discovered CVE class has 'appropriate timescale' aligned to RWEP-derived SLA, not standard 30-day critical interpretation."
707
+ },
708
+ {
709
+ "finding_id": "ai-discovered-cve-triage-gap",
710
+ "framework": "nis2",
711
+ "claimed_control": "Art.21(2)(c) — Vulnerability handling and disclosure",
712
+ "actual_gap": "Process-only; AI-discovery weaponization-velocity not recognised triage input.",
713
+ "required_control": "Implementing act binding essential-entity vulnerability-handling to ai_discovered tracking + tightened SLA tier + AI-discovery feed coverage."
714
+ },
715
+ {
716
+ "finding_id": "ai-discovered-cve-triage-gap",
717
+ "framework": "dora",
718
+ "claimed_control": "Art.10 — ICT-related Incident Management",
719
+ "actual_gap": "Classification thresholds inherit CVSS-equivalent severity. No AI-discovery uplift.",
720
+ "required_control": "RTS/ITS adding AI-discovered class as classification axis for financial-entity incident management; AI-discovered + critical-function path triggers major-incident classification."
721
+ },
722
+ {
723
+ "finding_id": "ai-discovered-cve-triage-gap",
724
+ "framework": "eu-cra",
725
+ "claimed_control": "Art.14 — Coordinated vulnerability disclosure",
726
+ "actual_gap": "Covers manufacturer disclosure; consumer-side AI-discovery-aware triage unaddressed.",
727
+ "required_control": "Implementing act extending Art.14 with consumer-side guidance: AI-discovered CVE in a third-party dependency triggers manufacturer + consumer joint triage with RWEP-derived SLA."
728
+ },
729
+ {
730
+ "finding_id": "ai-discovered-cve-triage-gap",
731
+ "framework": "soc2",
732
+ "claimed_control": "CC7.1 — System operation monitoring",
733
+ "actual_gap": "Does not anchor AI-discovered CVE intel as discrete control.",
734
+ "required_control": "Trust-services-criteria update: CC7.1 evidence must include AI-discovery feed coverage attestation + per-CVE attribution verification log."
735
+ },
736
+ {
737
+ "finding_id": "ai-discovered-cve-triage-gap",
738
+ "framework": "uk-caf",
739
+ "claimed_control": "B4 — System security",
740
+ "actual_gap": "Outcome-based; AI-discovery weaponization-velocity not named.",
741
+ "required_control": "NCSC profile addendum: B4 evidence must demonstrate AI-discovery feed coverage + AI-discovered CVE tempo metric tracked separately from non-AI."
742
+ },
743
+ {
744
+ "finding_id": "ai-discovered-cve-triage-gap",
745
+ "framework": "au-ism",
746
+ "claimed_control": "ISM-1493 — Vulnerability management",
747
+ "actual_gap": "Patch-application ladder on advisory date + severity. AI-discovery cycle compression not addressed.",
748
+ "required_control": "ACSC ISM update binding AI-discovered CVE class to a tighter SLA than ML3 48h; AI-discovered + deterministic + public PoC = 4h immediate-action."
749
+ }
750
+ ],
751
+ "escalation_criteria": [
752
+ {
753
+ "condition": "rwep >= 90 AND asset-unpatched-past-rwep-sla == fired",
754
+ "action": "page_on_call"
755
+ },
756
+ {
757
+ "condition": "blast_radius_score >= 4",
758
+ "action": "raise_severity"
759
+ },
760
+ {
761
+ "condition": "ai-discovery-feed-coverage-incomplete == fired AND jurisdiction_obligations contains 'EU'",
762
+ "action": "notify_legal"
763
+ },
764
+ {
765
+ "condition": "compliance_theater_check.verdict == 'theater'",
766
+ "action": "trigger_playbook",
767
+ "target_playbook": "framework"
768
+ },
769
+ {
770
+ "condition": "any matched_cve.attack_class == 'kernel-lpe' AND asset-unpatched-past-rwep-sla == fired",
771
+ "action": "trigger_playbook",
772
+ "target_playbook": "kernel"
773
+ },
774
+ {
775
+ "condition": "any matched_cve.affects_dependency_tree == true",
776
+ "action": "trigger_playbook",
777
+ "target_playbook": "sbom"
778
+ }
779
+ ]
780
+ },
781
+ "validate": {
782
+ "remediation_paths": [
783
+ {
784
+ "id": "subscribe-ai-discovery-feeds",
785
+ "description": "Add subscription to AI-discovery vendor feeds in the operator's vulnerability-intel pipeline: Theori writeups, depthfirst disclosures, Zellic publications, Google Project Zero AI, GTIG annual + monthly zero-day reports, Microsoft Security Research AI program. Configure the pipeline to enrich CVE entries with ai_discovered + discovery_attribution_note fields.",
786
+ "preconditions": [
787
+ "vulnerability_intel_pipeline_operational == true",
788
+ "operator_can_add_feed_sources == true"
789
+ ],
790
+ "priority": 1,
791
+ "compensating_controls": [
792
+ "ai_discovery_aggregator_subscription_as_interim",
793
+ "manual_weekly_triage_against_named_sources_during_pipeline_buildout"
794
+ ],
795
+ "estimated_time_hours": 16
796
+ },
797
+ {
798
+ "id": "introduce-ai-discovered-sla-tier",
799
+ "description": "Add an ai_discovered SLA tier to the vulnerability-management policy matrix. SLA windows aligned to RWEP-derived timeline: 4h for RWEP >= 90, 24h for 75-89, 72h for 60-74, 7d for 40-59, 30d for 20-39. Bind to a deployment cadence metric tracked per AI-discovered CVE.",
800
+ "preconditions": [
801
+ "policy_ownership_attested == true",
802
+ "deployment_cadence_supports_sla_tightening == true"
803
+ ],
804
+ "priority": 1,
805
+ "compensating_controls": [
806
+ "interim_compensating_controls_for_assets_unable_to_meet_sla",
807
+ "live_patch_subscription_for_kernel_assets"
808
+ ],
809
+ "estimated_time_hours": 12
810
+ },
811
+ {
812
+ "id": "deploy-attribution-verification-process",
813
+ "description": "Establish a verification process before applying the +15 ai_factor: source-corroborate attribution against vendor writeup + at least one secondary outlet (The Hacker News, Help Net Security, BleepingComputer, The Register), classify into band A (publicly attributed), band B (AI-assisted with secondary corroboration), or band C (claimed without corroboration). Apply +15 only on band A or B.",
814
+ "preconditions": [
815
+ "verification_archive_writable == true",
816
+ "operator_assigns_verification_owner == true"
817
+ ],
818
+ "priority": 2,
819
+ "compensating_controls": [
820
+ "weekly_attribution_corroboration_review",
821
+ "automated_secondary_source_polling"
822
+ ],
823
+ "estimated_time_hours": 10
824
+ },
825
+ {
826
+ "id": "track-tempo-per-ai-flag",
827
+ "description": "Add deployment-tempo metric segmented by ai_discovered flag. Surface tempo equality between AI and non-AI populations as a programme-level finding requiring policy update.",
828
+ "preconditions": [
829
+ "deployment_metric_pipeline_operational == true"
830
+ ],
831
+ "priority": 3,
832
+ "compensating_controls": [
833
+ "monthly_metric_review_with_security_leadership"
834
+ ],
835
+ "estimated_time_hours": 8
836
+ },
837
+ {
838
+ "id": "live-patch-coverage-for-ai-kernel-class",
839
+ "description": "Subscribe to live-patch services (kpatch / canonical-livepatch / kGraft / CloudLinux KernelCare) for every kernel host in scope of AI-discovered kernel LPE CVEs. Confirm the live patch covers the specific CVE id via /sys/kernel/livepatch/*/cve-ids.",
840
+ "preconditions": [
841
+ "kernel_inventory_in_ai_discovered_scope == true",
842
+ "operator_holds_live_patch_subscription == true"
843
+ ],
844
+ "priority": 3,
845
+ "compensating_controls": [
846
+ "module_unload_mitigation_where_applicable",
847
+ "host_isolation_during_window_pending_reboot"
848
+ ],
849
+ "estimated_time_hours": 6
850
+ },
851
+ {
852
+ "id": "policy-exception",
853
+ "description": "For assets that cannot reach the AI-discovered-tier SLA within the cycle: generate auditor-ready policy exception with compensating controls (live patch, network isolation, module unload, monitoring), time-bound risk acceptance, and remediation milestones.",
854
+ "preconditions": [
855
+ "remediation_paths[1..5] partially blocked",
856
+ "ciso_acceptance_obtainable == true"
857
+ ],
858
+ "priority": 6,
859
+ "compensating_controls": [
860
+ "enhanced_endpoint_monitoring",
861
+ "compensating_network_segmentation",
862
+ "weekly_exception_register_review"
863
+ ],
864
+ "estimated_time_hours": 6
865
+ }
866
+ ],
867
+ "validation_tests": [
868
+ {
869
+ "id": "feed-coverage-includes-ai-discovery",
870
+ "test": "Read the feed-currency-attestation. Assert at least one of {Theori, depthfirst, Zellic, GTIG, Project Zero AI, Microsoft Security Research AI} is named as a configured source AND last_update is within 30 days.",
871
+ "expected_result": "Configured AI-discovery feed sources count >= 1; last_update <= 30 days ago.",
872
+ "test_type": "functional"
873
+ },
874
+ {
875
+ "id": "policy-has-ai-discovered-tier",
876
+ "test": "Read the vulnerability-management-policy SLA matrix. Assert a row keyed off ai_discovered == true with SLA windows aligned to RWEP-derived timeline.",
877
+ "expected_result": "Policy matrix has ai_discovered tier; SLA windows match {4h, 24h, 72h, 7d, 30d} for RWEP brackets {>=90, 75-89, 60-74, 40-59, 20-39}.",
878
+ "test_type": "functional"
879
+ },
880
+ {
881
+ "id": "verification-band-applied-correctly",
882
+ "test": "For each cve-catalog entry where rwep_factors.ai_factor == 15: assert a band-A or band-B record exists in the ai-discovery-verification-archive.",
883
+ "expected_result": "100% of ai_factor-applied entries have band-A or band-B verification on file.",
884
+ "test_type": "functional"
885
+ },
886
+ {
887
+ "id": "no-asset-past-sla-for-ai-discovered",
888
+ "test": "Cross-join cve-catalog-ai-flagged-entries × asset-applicability-map × patch-deployment-tempo. Assert 0 assets past their RWEP-derived SLA window for any AI-discovered CVE.",
889
+ "expected_result": "Zero assets past SLA; or assets past SLA are on the exception register with compensating controls.",
890
+ "test_type": "functional"
891
+ },
892
+ {
893
+ "id": "kernel-live-patch-cve-id-present",
894
+ "test": "For every kernel host in scope of an AI-discovered kernel LPE CVE: read /sys/kernel/livepatch/*/cve-ids. Assert the CVE id is present OR a documented reboot is scheduled within the SLA window.",
895
+ "expected_result": "Every kernel host either has the CVE-specific live patch loaded OR has a scheduled reboot inside the SLA.",
896
+ "test_type": "functional"
897
+ },
898
+ {
899
+ "id": "tempo-metric-segmented",
900
+ "test": "Read the patch-deployment-tempo artefact. Assert the metric is reported separately for ai_discovered == true vs ai_discovered == false.",
901
+ "expected_result": "Tempo dashboard has two distinct series.",
902
+ "test_type": "functional"
903
+ },
904
+ {
905
+ "id": "synthetic-exploit-replay-negative",
906
+ "test": "For each AI-discovered kernel LPE CVE in scope where remediation is claimed complete: run the public PoC (or equivalent benign reproducer) against a non-production canary host. Confirm exploitation fails post-remediation.",
907
+ "expected_result": "PoC fails on every remediated canary host.",
908
+ "test_type": "exploit_replay"
909
+ }
910
+ ],
911
+ "residual_risk_statement": {
912
+ "risk": "Operator estate retains exposure to AI-discovered CVE class for assets where AI-discovery feed coverage, SLA-tier handling, or live-patch coverage is incomplete, leaving an AI-accelerated weaponization window during which the same AI tooling that found the bug can develop the exploit.",
913
+ "why_remains": "AI-discovery feed coverage is dependent on vendor publication cadence (Theori, depthfirst, Zellic publish on their own timelines). RWEP-derived SLA tightening requires deployment-cadence investment the operator may need a programme cycle to reach. Live-patch coverage is vendor + subscription dependent. Attribution verification is human-loop today; corroboration is delayed by 24-72h after disclosure. The residual window is the gap between operational AI-discovery cycle (~hours-to-days) and the operator's hardened response cycle (~days-to-weeks).",
914
+ "acceptance_level": "ciso",
915
+ "compensating_controls_in_place": [
916
+ "ai_discovery_feed_subscription",
917
+ "ai_discovered_sla_tier_in_policy",
918
+ "attribution_verification_process",
919
+ "deployment_tempo_segmented_metric",
920
+ "live_patch_coverage_for_kernel_class",
921
+ "enhanced_monitoring_during_residual_window",
922
+ "asset_isolation_for_exception_register_entries"
923
+ ]
924
+ },
925
+ "evidence_requirements": [
926
+ {
927
+ "evidence_type": "attestation",
928
+ "description": "Feed-coverage attestation listing configured AI-discovery vendor sources + last-update timestamps; signed.",
929
+ "retention_period": "7_years",
930
+ "framework_satisfied": [
931
+ "nist-800-53-SI-5",
932
+ "iso-27001-2022-A.5.7",
933
+ "nis2-art21-2c"
934
+ ]
935
+ },
936
+ {
937
+ "evidence_type": "config_diff",
938
+ "description": "Diff of vulnerability-management-policy showing introduction of ai_discovered SLA tier + RWEP-derived window mapping; change-management approval reference.",
939
+ "retention_period": "audit_cycle",
940
+ "framework_satisfied": [
941
+ "nist-800-53-SI-2",
942
+ "nist-800-53-RA-5",
943
+ "iso-27001-2022-A.8.8",
944
+ "soc2-CC7.1"
945
+ ]
946
+ },
947
+ {
948
+ "evidence_type": "scan_report",
949
+ "description": "Per-CVE deployment-tempo report segmented by ai_discovered flag; trailing 90 days.",
950
+ "retention_period": "1_year",
951
+ "framework_satisfied": [
952
+ "nist-800-53-SI-2",
953
+ "iso-27001-2022-A.8.8",
954
+ "soc2-CC7.1"
955
+ ]
956
+ },
957
+ {
958
+ "evidence_type": "exploit_replay_negative",
959
+ "description": "Synthetic PoC reproduction against canary hosts confirming exploitation fails post-remediation.",
960
+ "retention_period": "1_year",
961
+ "framework_satisfied": [
962
+ "soc2-CC7.1",
963
+ "iso-27001-2022-A.8.8"
964
+ ]
965
+ },
966
+ {
967
+ "evidence_type": "attestation",
968
+ "description": "Attribution-verification archive showing band-A or band-B classification for every entry where ai_factor was applied.",
969
+ "retention_period": "7_years",
970
+ "framework_satisfied": [
971
+ "iso-27001-2022-A.5.7",
972
+ "nis2-art21-2c"
973
+ ]
974
+ }
975
+ ],
976
+ "regression_trigger": [
977
+ {
978
+ "condition": "new_ai_discovered_cve_published",
979
+ "interval": "on_event"
980
+ },
981
+ {
982
+ "condition": "gtig_annual_zero_day_report_published",
983
+ "interval": "on_event"
984
+ },
985
+ {
986
+ "condition": "vendor_publishes_ai_discovery_advisory",
987
+ "interval": "on_event"
988
+ },
989
+ {
990
+ "condition": "monthly",
991
+ "interval": "30d"
992
+ }
993
+ ]
994
+ },
995
+ "close": {
996
+ "evidence_package": {
997
+ "bundle_format": "csaf-2.0",
998
+ "contents": [
999
+ "feed_coverage_attestation",
1000
+ "vulnerability_management_policy_diff",
1001
+ "deployment_tempo_segmented_report",
1002
+ "exploit_replay_negative",
1003
+ "attribution_verification_archive",
1004
+ "framework_gap_mapping",
1005
+ "compliance_theater_verdict",
1006
+ "residual_risk_statement",
1007
+ "attestation"
1008
+ ],
1009
+ "destination": "local_only",
1010
+ "signed": true
1011
+ },
1012
+ "learning_loop": {
1013
+ "enabled": true,
1014
+ "lesson_template": {
1015
+ "attack_vector": "AI-discovered CVE class triage failure — the operator processes AI-discovered CVEs at non-AI tempo because the vulnerability-management programme has no ai_discovered axis. Adversary with access to the same AI tooling that found the bug develops the exploit faster than the operator's deployment SLA closes.",
1016
+ "control_gap": "Vulnerability management treats discovery-mechanism as undifferentiated. No feed coverage of AI-discovery vendor sources. No SLA-tier differentiation. No attribution verification before triage. No tempo metric segmented by ai_discovered.",
1017
+ "framework_gap": "NIST RA-5 + RA-7 + SI-2 + SI-5, ISO A.5.7 + A.8.8, NIS2 Art.21(2)(c), DORA Art.10, EU CRA Art.14, SOC 2 CC7.1, UK CAF B4, AU ISM-1493 all permit AI-blind vulnerability-management programmes as compliant. Framework cadence ~540 days behind operational AI-discovery wave.",
1018
+ "new_control_requirement": "Add an 'AI-discovery aware vulnerability management' sub-control across the framework set requiring: (a) AI-discovery vendor feed subscription with ingestion attested, (b) ai_discovered SLA tier in policy aligned to RWEP-derived window, (c) attribution-verification process producing band classification, (d) deployment-tempo metric segmented by ai_discovered, (e) annual review against GTIG zero-day report and named-source publication cadence."
1019
+ },
1020
+ "feeds_back_to_skills": [
1021
+ "ai-attack-surface",
1022
+ "exploit-scoring",
1023
+ "framework-gap-analysis",
1024
+ "compliance-theater",
1025
+ "ai-risk-management",
1026
+ "threat-model-currency",
1027
+ "zeroday-gap-learn"
1028
+ ]
1029
+ },
1030
+ "notification_actions": [
1031
+ {
1032
+ "obligation_ref": "EU/NIS2 Art.23 24h",
1033
+ "deadline": "computed_at_runtime",
1034
+ "recipient": "internal_legal",
1035
+ "evidence_attached": [
1036
+ "ai_discovery_attribution_evidence",
1037
+ "affected_asset_inventory",
1038
+ "remediation_eta"
1039
+ ],
1040
+ "draft_notification": "Initial NIS2 Art.23 24-hour early-warning notification: AI-discovered CVE ${cve_id} (${cve_name}) impacting ${affected_asset_count} asset(s) in scope. AI-discovery attribution: ${attribution_band} (source: ${attribution_source}). RWEP at detection: ${rwep_at_detection}. Containment: ${containment_record}. Remediation ETA: ${remediation_eta}. Full incident assessment to follow within 72 hours per Art.23(4)."
1041
+ },
1042
+ {
1043
+ "obligation_ref": "EU/DORA Art.19 4h",
1044
+ "deadline": "computed_at_runtime",
1045
+ "recipient": "internal_legal",
1046
+ "evidence_attached": [
1047
+ "ict_critical_function_impact",
1048
+ "containment_record"
1049
+ ],
1050
+ "draft_notification": "DORA Art.19 initial notification: Major ICT-related incident — AI-discovered CVE ${cve_id} impacting ICT services supporting ${critical_or_important_functions}. AI-discovery attribution adds operational weaponization-velocity factor; affected dependencies: ${affected_dependencies}. Full classification + impact assessment to follow within statutory windows."
1051
+ },
1052
+ {
1053
+ "obligation_ref": "EU/EU CRA Art.14 24h",
1054
+ "deadline": "computed_at_runtime",
1055
+ "recipient": "internal_legal",
1056
+ "evidence_attached": [
1057
+ "actively_exploited_assessment",
1058
+ "user_notification_draft"
1059
+ ],
1060
+ "draft_notification": "EU CRA Art.14 notification: AI-discovered vulnerability ${cve_id} affecting ${product_name} (manufactured by ${manufacturer}). Actively-exploited assessment: ${active_exploitation_state}. User notification draft attached for review."
1061
+ },
1062
+ {
1063
+ "obligation_ref": "US-Federal/CIRCIA (proposed; CISA reporting) 72h",
1064
+ "deadline": "computed_at_runtime",
1065
+ "recipient": "internal_legal",
1066
+ "evidence_attached": [
1067
+ "covered_cyber_incident_assessment",
1068
+ "ai_discovery_attribution"
1069
+ ],
1070
+ "draft_notification": "CIRCIA covered cyber incident report: AI-discovered CVE ${cve_id} (${cve_name}) with public PoC and ${active_exploitation_state} active exploitation. Operator's affected assets: ${affected_asset_count}. Remediation milestones: ${remediation_milestones}."
1071
+ },
1072
+ {
1073
+ "obligation_ref": "US-Federal/SEC Item 1.05 (8-K) 96h",
1074
+ "deadline": "computed_at_runtime",
1075
+ "recipient": "internal_legal",
1076
+ "evidence_attached": [
1077
+ "material_impact_determination",
1078
+ "incident_description"
1079
+ ],
1080
+ "draft_notification": "SEC Item 1.05 8-K disclosure draft: Material cybersecurity incident — AI-discovered CVE ${cve_id} affecting ${affected_systems}. Materiality determination: ${materiality_justification}. Remediation status: ${remediation_status}."
1081
+ }
1082
+ ],
1083
+ "exception_generation": {
1084
+ "trigger_condition": "remediation_blocked == true OR vendor_patch_pending == true OR live_patch_unavailable_for_specific_cve == true",
1085
+ "exception_template": {
1086
+ "scope": "Asset(s) ${asset_list} cannot reach AI-discovered-tier SLA for CVE ${cve_id} within current cycle. Blocking factors: ${blocking_factors} (e.g. vendor patch pending, reboot window constrained, live-patch service lacks CVE-specific cover, dependency-chain rebuild required).",
1087
+ "duration": "until_vendor_patch_or_72h",
1088
+ "compensating_controls": [
1089
+ "enhanced_endpoint_monitoring_for_affected_asset",
1090
+ "network_segmentation_isolating_affected_asset",
1091
+ "module_unload_mitigation_where_applicable",
1092
+ "host_isolation_during_window",
1093
+ "live_patch_subscription_status_tracked",
1094
+ "regression_alerting_on_exploitation_indicators"
1095
+ ],
1096
+ "risk_acceptance_owner": "ciso",
1097
+ "auditor_ready_language": "Pursuant to ${framework_id} ${control_id}, the organisation documents a time-bound risk acceptance for AI-discovered CVE ${cve_id} (${cve_name}) affecting asset(s) ${asset_list}. AI-discovery attribution: ${attribution_band} (source: ${attribution_source}); RWEP at detection: ${rwep_at_detection}; AI-accelerated weaponization-velocity factor applied. The organisation acknowledges that current framework controls do not require AI-discovery as a discrete triage input and that this gap is documented in ${exceptd_framework_gap_mapping_ref}. Compensating controls in place: ${compensating_controls}. Remediation milestones: ${remediation_milestones}. Risk accepted by ${ciso_name} on ${acceptance_date}. Time-bound until ${duration_expiry} (vendor patch publication, live-patch availability, OR ${default_72h_expiry}, whichever is first). Re-evaluation triggers: vendor patch publication, live-patch coverage gain, CISA KEV listing, confirmed in-the-wild exploitation, OR scheduled expiry."
1098
+ }
1099
+ },
1100
+ "regression_schedule": {
1101
+ "next_run": "computed_at_runtime",
1102
+ "trigger": "both",
1103
+ "notify_on_skip": true
1104
+ }
1105
+ }
1106
+ },
1107
+ "directives": [
1108
+ {
1109
+ "id": "full-ai-discovered-triage",
1110
+ "title": "Full AI-discovered CVE triage — feed coverage + SLA tier + attribution verification + tempo metric",
1111
+ "applies_to": {
1112
+ "always": true
1113
+ }
1114
+ },
1115
+ {
1116
+ "id": "copy-fail-class-recheck",
1117
+ "title": "Targeted recheck for Copy Fail (CVE-2026-31431) and Copy Fail-class AI-discovered kernel LPE",
1118
+ "applies_to": {
1119
+ "cve": "CVE-2026-31431"
1120
+ },
1121
+ "phase_overrides": {
1122
+ "direct": {
1123
+ "rwep_threshold": {
1124
+ "escalate": 85,
1125
+ "monitor": 60,
1126
+ "close": 30
1127
+ }
1128
+ }
1129
+ }
1130
+ },
1131
+ {
1132
+ "id": "fragnesia-class-recheck",
1133
+ "title": "Targeted recheck for Fragnesia (CVE-2026-46300) Dirty Frag family",
1134
+ "applies_to": {
1135
+ "cve": "CVE-2026-46300"
1136
+ }
1137
+ },
1138
+ {
1139
+ "id": "nginx-rift-class-recheck",
1140
+ "title": "Targeted recheck for NGINX Rift (CVE-2026-42945) class — AI-discovered web-fabric CVEs",
1141
+ "applies_to": {
1142
+ "cve": "CVE-2026-42945"
1143
+ }
1144
+ }
1145
+ ]
1146
+ }