Alfred AI Modules
Alfred is Detectify’s AI-powered system for generating vulnerability detection modules. It complements the Crowdsource research community by providing automated coverage for newly disclosed CVEs and common vulnerability patterns.
How Alfred Works
When a new CVE is disclosed, Alfred analyzes the vulnerability details, including advisory text, affected software, and available proof-of-concept information. It then generates a detection module that can identify the vulnerability during scans.
The process:
- CVE intake — Alfred monitors vulnerability databases and security advisories for newly disclosed CVEs
- Analysis — The AI system analyzes the vulnerability to understand the affected software, attack vector, and exploitability
- Module generation — Alfred generates a detection module with appropriate payloads and response validation logic
- Validation — Generated modules are validated to ensure detection accuracy before deployment
- Deployment — Validated modules are deployed to the scanning infrastructure
Role in the Platform
The volume of newly disclosed CVEs continues to grow each year. Alfred addresses this by:
- Reducing time-to-detection — Alfred generates modules for new CVEs faster than manual research and development
- Expanding coverage — Alfred produces modules for a larger number of CVEs than manual effort alone
- Complementing Crowdsource — Alfred covers the long tail of CVEs while Crowdsource researchers focus on complex, high-impact vulnerabilities that require human expertise
Alfred and Crowdsource Together
Alfred and Crowdsource are complementary systems:
| Aspect | Crowdsource | Alfred AI |
|---|---|---|
| Source | Human security researchers | AI-generated |
| Strength | Complex vulnerabilities requiring creative exploitation | Coverage of disclosed CVEs with known patterns |
| Speed | Variable, depends on researcher availability | Automated generation |
| Depth | Deep, with nuanced detection logic | Focused on known patterns and disclosed details |
When both systems produce modules for the same vulnerability, the higher-quality module is used. In many cases, Alfred provides initial coverage that is later enhanced by a Crowdsource submission with more sophisticated detection logic.
Coverage
Alfred-generated modules cover vulnerabilities in:
- Web application frameworks and content management systems
- Server software and middleware
- JavaScript libraries and frontend dependencies
- Cloud services and infrastructure components
- Network services and protocols
The modules follow the same payload-based detection approach as Crowdsource modules, sending actual exploit payloads and validating responses to confirm exploitability.
Automatic Updates
Alfred-generated modules are deployed automatically. You do not need to take any action to benefit from new Alfred modules. As CVEs are disclosed and modules are generated, your scans automatically include the new detection capabilities.