Alfred AI

Alfred AI is Detectify’s AI-powered system for building vulnerability test modules from public CVE disclosures and proof-of-concept exploits. It supplements the Crowdsource ethical hacker network by accelerating module creation for newly disclosed vulnerabilities.

What Alfred AI Does

When a new CVE is published with an accompanying proof-of-concept (POC) exploit, Alfred AI:

1. Monitors disclosure sources — Continuously watches CVE databases, security advisories, GitHub repositories, and other public disclosure channels for new vulnerability information
2. Analyzes the vulnerability — Parses the CVE description, affected software, exploit mechanism, and available POC code
3. Constructs a test module — Automatically generates a payload-based detection module that can verify whether a target is affected by the vulnerability
4. Submits for review — The generated module enters the same QA pipeline as human-authored Crowdsource modules, including automated testing and human security review

How Alfred AI Works

Alfred AI translates publicly available exploit information into Detectify’s module framework. It reads POC code written by security researchers, understands the exploitation chain, and creates a safe, non-destructive test that confirms vulnerability without causing damage to the target.

Input Sources

Alfred AI processes vulnerability information from:

• National Vulnerability Database (NVD) entries
• Vendor security advisories
• Public POC exploit repositories (GitHub, Exploit-DB)
• Security researcher blog posts and write-ups
• CERT/CC advisories

Module Generation Process

1. POC parsing — Alfred AI extracts the exploit’s HTTP requests, payloads, and expected responses from the POC code
2. Payload adaptation — The raw exploit is adapted into a safe, payload-based test that confirms vulnerability without destructive side effects
3. Detection logic — Response analysis rules are generated to distinguish vulnerable from non-vulnerable targets
4. Metadata generation — Severity scoring, affected technology identification, remediation guidance, and classification (CWE, CVSS) are populated

Human Review Gate

Alfred AI modules are never deployed without human review. Every module passes through the same QA pipeline as Crowdsource modules:

• Automated testing against controlled lab environments
• False positive validation against clean targets
• Human security review for correctness and safety
• Staged rollout with performance monitoring

AI-generated modules go through the same review process as human-authored modules.

Where Alfred AI Excels

Alfred AI performs well for vulnerabilities with the following characteristics:

• Public POC available — The CVE has published exploit code that demonstrates the vulnerability
• Clear exploitation path — The vulnerability follows a straightforward request-response pattern
• Known affected technologies — The vulnerable software and versions are clearly identified
• Standard vulnerability classes — SQL injection, XSS, SSRF, command injection, path traversal, and other well-understood categories

For these cases, Alfred AI can produce production-ready modules within hours of public disclosure.

Impact on Coverage

Alfred AI has expanded Detectify’s module library by enabling faster response to new CVE disclosures. It reduces the time between a CVE being published and a detection module being available to Detectify customers, particularly for vulnerabilities in widely deployed software.

Next Steps

• Crowdsource — The ethical hacker network that complements Alfred AI
• Platform Overview — Product overview