NVIDIA Agent Morpheus uses generative AI agents and RAG to analyze CVEs at enterprise scale
The number of reported CVEs hit a record high in 2022, with over two hundred thousand cumulative vulnerabilities by end of 2023, making traditional scanning and patching unmanageable at enterprise scale. Investigating each CVE to determine whether it is actually exploitable is a manual, tedious, and time-consuming process.
How it works
Common implementation structure
How this type of workflow is generally built, generalized across documented cases — not tied to any one vendor's stack. Click any stage to read what happens there. Specific products that implement these stages appear in “Tools commonly seen” below.
Stage 1 · Container upload triggers workflow
The workflow is triggered automatically by a container upload event whenever a new container is pushed to the registry.
Tools used
Agent MorpheusNVIDIA NIMLlama3Morpheus
Outcome
Agent Morpheus reduces vulnerability triage time from hours or days to seconds; parallel execution delivers a 9.3x speedup, processing 20 CVEs in 304.72 seconds versus 2842.35 seconds serially. The human analyst is engaged only when sufficient information is available for a decision.
What failed first
Requiring a package-version bump for every detected CVE is unrealistic at enterprise scale because dependency chains often make upgrades infeasible and fixed versions are not always available from maintainers.