Axonius Documentation
  1. Asset Cloud
  2. Exposures
  3. Axonius Vulnerability Score (AVS)

How Axonius Leverages AI in AVS

Overview

Axonius Vulnerability Score (AVS) is a CVE-only vulnerability intelligence and scoring capability within Exposures. It analyzes vulnerability records, enriches them with external intelligence and AI-derived context, and produces a final score between 0 and 10 along with explanations on the main factors that increased, reduced, or did not materially change the score. The product experience is designed to show not only the final score, but also the factor-level explanations behind it.

AI's role in the process is integrated into the enrichment pipeline, where CVE records are refined prior to final evaluation. This workflow includes a specific LLM-driven stage designed to:

  • Identify the primary vulnerable component based on the text
  • Flag whether the product matches the criteria for a perimeter or a security-edge device
  • Calculate a prevalence value by comparing the product against known usage datasets
  • Surface configuration requirements mentioned in the documentation
  • Apply standardized CVE tags, such as attacker-impact labels, to be used as inputs for the final calculation

Notably, the LLM does not determine the final risk numeric score. This score is determined by a deterministic, rule-based scoring layer.

Customer Control, Accessibility, and Settings

Activation Options & Functional Impact

AVS is enabled by default for all Exposures customers. While the feature is active out-of-the-box, it can be disabled upon request by the Axonius team. When AVS is deactivated, Exposures remains fully functional, but Axonius risk scores are not provided.

Deployment and AI models

AVS relies on Amazon Bedrock (API) for Exposures SaaS instances (unavailable for on-premise deployments).

Data Handling

AVS inputs are vulnerabilities and product-context fields only, not customer PIIs or Device Identifiers.

AVS operates on vulnerability-record data. The AI component analyzes and classifies CVE and product-context information to enrich the vulnerability record before scoring. The documented inputs to the LLM enrichers include CVE-related fields such as:

  • CVE ID

  • CVE Description

  • Affected Vendor or product candidates consolidated from sources such as NVD, VulnCheck, GitHub, and OSV

  • Selected product information

  • Standardized CVE context fields used for analysis

Training and Optimization

AVS does not train, retrain, or fine-tune its global models on user-provided data.

Transparency, Explainability, and Human Oversight

The AI output is clearly labelled as Generated by AI. AVS produces a final score between 0 and 10 along with explanations on the main factors that increased, reduced, or did not materially change the score. The product experience is designed to show not only the final score, but also the factor-level considerations behind it.

Additional information about the logic is provided in Axonius documentation as a table of all the variables that led to the output, or in a similar manner.

AVS does not engage in unsupervised automated decision-making.

Accuracy, Reliability, Security and Integrity

Our AI-enhanced search workflow is engineered to follow a strict, hierarchical retrieval model. The system is configured to prioritize verified, official repositories (such as the National Vulnerability Database (NVD), CISA, and direct vendor advisories) as primary sources. Open-web searches are utilized only as secondary, supplementary layers to ensure comprehensive coverage when official data is unavailable.

Additionally, Axonius maintains an active multi-tiered Quality Assurance (QA) process which includes:

  • Automated Validation: Continuous algorithmic checks for data consistency.
  • Expert Oversight: Targeted manual reviews conducted by security analysts, specifically for high-risk CVE calculations and complex vulnerability assessments.

Reliability is managed through a scheduled monitoring lifecycle. Following the deployment of this AI-driven feature, we conduct periodic performance and accuracy assessments. This iterative process is designed to refine model outputs and align them with evolving security landscapes.

Updated 1 day ago