Threat intelligence & CVE alerts

Real-time CVE alerts for the exact stack you run

Declare your tech stack and Velocity matches NVD and GitHub Security Advisory feeds to what you actually run — alerting your security team and its AI agents via email, push, webhook, SSE, and MCP the moment a new vulnerability drops. Plus threat-actor intelligence on 200+ APT groups.

Watch your stack — freeOpen the security board
Catalog entities
1,000+
Catalog entities
CPE-aware, versioned
Advisory sources
2
Advisory sources
NVD CVE + GitHub GHSA
Alert channels
5
Alert channels
email · push · webhook · SSE · MCP
Threat actors
200+
Threat actors
MITRE · MISP · CISA
Tech Stack Watchlist

From “what do we run?” to “we’re alerted” in three steps

The core loop: declare your stack once, and Velocity watches the global advisory feeds against it so you never manually triage a CVE firehose again.

  • 1 · Declare your stack

    Pick from a 1000+ entity, CPE-aware catalog — frameworks, runtimes, databases, OS, libraries. Pin exact versions and choose client, server, or mobile variants (iOS, Windows Server, and more) so matches reflect what you actually run.

  • 2 · We match advisories in real time

    Velocity ingests CVE and GitHub Security Advisory (GHSA) feeds continuously from NVD and GitHub, then matches each advisory against your declared stack — version- and variant-aware, so you are not buried in CVEs for software you do not run.

  • 3 · You (and your agents) get alerted

    A new match fires alerts over email, push, webhook, a Server-Sent-Events stream, and an MCP tool — so the moment a CVE drops for something you run, both your security team and the AI agents working for them know.

Why not just a CVE feed?

Matched, not just monitored

A raw advisory feed tells you everything. Velocity tells you what matters to you — and routes it to your people and your agents.

Velocity's tech-stack-matched security intelligence compared to subscribing to a raw CVE feed.
CapabilityVelocityA raw CVE feed
Matched to your exact stackYesNo
Version & variant aware (client / server / mobile)YesNo
Real-time NVD + GitHub Advisory ingestYesOften NVD only
Alerts to email, push, webhook & SSEYesNo
MCP tool so AI agents subscribe nativelyYesNo
APT / threat-actor intel with confidenceYesNo
You filter the full firehose yourselfNot neededYes
Alerts everywhere

One match, five ways to know

A new CVE match on your stack reaches humans and machines through whichever channel fits your workflow.

  • Email & push

    Human-readable alerts to your inbox and devices the moment a match lands — with the advisory severity and the affected component from your stack.

  • Webhook

    POST every new match to your own endpoint — wire it into Slack, PagerDuty, a ticketing system, or your SOAR pipeline with no scraping.

  • Server-Sent Events

    A live SSE stream at /api/alerts/stream pushes matches to dashboards and long-running processes in real time, with no polling.

  • MCP tool for agents

    security_subscribe_stack_hits lets a team’s AI agents subscribe to new CVE matches on the stack directly over the Model Context Protocol — native, structured, agent-first.

Agent-native

Your agents are on the wall, too

Security is increasingly run by automated agents. Velocity treats them as first-class subscribers: the security_subscribe_stack_hits MCP tool delivers new CVE matches on your stack as structured data, the instant they land.

MCP server setup →Read the docs →
tools/call · security_subscribe_stack_hitsjson
// Your agent subscribes to new CVE matches on the stack
{
  "jsonrpc": "2.0",
  "id": 7,
  "method": "tools/call",
  "params": {
    "name": "security_subscribe_stack_hits",
    "arguments": { "minSeverity": "high" }
  }
}
// Auth: send "X-MCP-Key: vel_..." (or Authorization: Bearer vel_...)
// Endpoint: POST https://velocity.andiamo.tech/api/agents/mcp
Threat-actor intelligence

Know the adversary, not just the bug

Beyond CVEs, Velocity maps the groups behind the threats — sourced from MITRE ATT&CK, MISP, and CISA, with explainable, confidence-scored attribution.

  • 200+ threat actors

    Profiles for 200+ APT and threat groups sourced from MITRE ATT&CK, MISP, and CISA — with origin, suspected motivation, and known aliases mapped together.

  • Top TTPs

    The tactics and techniques each group is known for, drawn from MITRE ATT&CK, so you can reason about exposure against the way a given adversary actually operates.

  • Confidence-scored attribution

    Every actor↔activity link carries a transparent “why this link?” evidence panel and a confidence score — so attribution is explainable, not a black-box label.

  • Linked to CVE history & daily mentions

    Actors are tied to the CVEs and software in their history, and a daily extraction pass pulls fresh mentions from security feeds so the picture stays current.

For security teams, DevOps & CISOs

The gap between disclosure and awareness is where breaches live

A CVE is published. How long until your team knows it affects something you run? For most organizations the answer is "too long" — buried in a firehose of advisories for software they do not use, or waiting on a weekly scan. Velocity closes that gap by inverting the problem: instead of you searching the feed, the feed is matched against your declared stack, in real time.

Declare it once from the CPE-aware catalog — down to versions and to client, server, or mobile variants — and every incoming NVD CVE and GitHub Security Advisory is checked against it. A match becomes an alert on every channel you use: email and push for people, webhook and SSE for your tooling, and the MCP tool for the AI agents on your team. No scraping, no polling, no manual triage.

Then go a level deeper. Velocity's threat-actor intelligence maps 200+ APT groups from MITRE ATT&CK, MISP, and CISA — their aliases, origin, motivation, and top techniques — with a transparent "why this link?" panel behind every confidence-scored attribution, tied to the CVE history that matters to your stack. Reason about exposure the way an adversary actually operates.

FAQ

Security intelligence, answered

  • How does Velocity know which CVEs matter to me?

    You declare your tech stack from a 1000+ entity, CPE-aware catalog — including exact versions and client/server/mobile variants. Velocity then matches incoming CVE and GitHub Security Advisory records against that declared stack, so you only hear about vulnerabilities in software you actually run.

  • Which advisory feeds do you ingest?

    Velocity ingests CVE data from the National Vulnerability Database (NVD) and advisories from the GitHub Security Advisory (GHSA) database, continuously and in real time.

  • How are my security team’s AI agents alerted?

    Through the Model Context Protocol. The security_subscribe_stack_hits MCP tool lets an agent subscribe to new CVE matches on your stack and receive them as structured data — alongside email, push, webhook, and a Server-Sent-Events stream for humans and services.

  • What is the APT / threat-actor intelligence?

    Profiles for 200+ threat groups sourced from MITRE ATT&CK, MISP, and CISA — with aliases, origin, suspected motivation, top tactics and techniques, and confidence-scored “why this link?” attribution, linked to the CVEs and software in each group’s history.

  • Who is this built for?

    Security teams, DevOps, and CISOs who need to know the instant a new vulnerability affects their stack — and want that signal to reach both their people and their automated agents. Commercial use of the data in your own product is available on Pro tier and above.

  • Where do I see all of this in the app?

    The gated security board surfaces your matched advisories, your stack watchlist, and the threat-actor intelligence. Create a free account to explore it, then connect the MCP server or REST API for your agents.

Get alerted the moment a CVE hits your stack

Declare your stack free, connect the MCP server for your agents, and let Velocity watch NVD and GitHub Security Advisories against exactly what you run.

Watch your stack — freeRead the developer docs