API Documentation
Public endpoints for integrating AI threat intelligence into your security tooling. No authentication required. Rate limited to 60 requests/minute.
STIX 2.1 Feed
Industry-standard Structured Threat Information eXpression bundle. Compatible with MISP, OpenCTI, ThreatConnect, and any STIX 2.1 consumer.
/api/stix/feed Query Parameters
| Param | Type | Default | Description |
|---|---|---|---|
since | date | - | Only items modified after this date (YYYY-MM-DD) |
severity | string | all | Comma-separated: critical, high, medium, low |
limit | number | 100 | Max objects returned (1-500) |
Example
curl "http://localhost:4321/api/stix/feed?severity=critical,high&limit=50"STIX Object Types
identity— Platform source identityvulnerability— CVEs mapped from our databaseattack-pattern— MITRE ATLAS techniquesrelationship— CVE-to-technique mappings (type: "uses")
SIEM/SOAR Integration
Point your STIX/TAXII consumer at the feed URL. For incremental sync, use the since parameter with your last sync timestamp. The feed is updated after each scraper run.
GET /api/v1/cves
Paginated list of AI-related CVEs with severity, CVSS scores, EPSS, KEV status, and classification data.
/api/v1/cves Query Parameters
| Param | Type | Default | Description |
|---|---|---|---|
severity | string | all | Comma-separated: critical, high, medium, low |
ai_category | string | - | Filter by AI category |
in_kev | boolean | - | "true" or "false" — filter by CISA KEV membership |
since | date | - | Only CVEs modified after this date |
page | number | 1 | Page number |
limit | number | 20 | Results per page (max 50) |
Example
curl "http://localhost:4321/api/v1/cves?severity=critical,high&limit=10"Response
{
"total": 142,
"page": 1,
"limit": 10,
"data": [
{
"cve_id": "CVE-2026-33497",
"severity": "critical",
"cvss_v31_score": 9.8,
"epss_score": 0.04,
"in_kev": false,
"summary": "Remote code execution in LangChain...",
"ai_category": "llm_framework",
"published_at": "2026-03-20T...",
"package_name": "langchain",
"attack_types": ["prompt_injection"],
"ai_components": ["llm"]
}
]
}GET /api/v1/papers
Paginated list of AI security research papers from arXiv with relevance scoring and CISO summaries.
/api/v1/papers Query Parameters
| Param | Type | Default | Description |
|---|---|---|---|
type | string | all | attack, defense, benchmark, survey, tool, other |
relevance | string | all | high, medium, low |
since | date | - | Only papers published after this date |
page | number | 1 | Page number |
limit | number | 20 | Results per page (max 50) |
Example
curl "http://localhost:4321/api/v1/papers?type=attack&relevance=high&limit=5"GET /api/v1/stats
Aggregate statistics across CVEs, papers, and ATLAS mappings. Useful for dashboards and monitoring.
/api/v1/stats Example
curl "http://localhost:4321/api/v1/stats"Response
{
"cves": {
"total": 1196,
"by_severity": {
"critical": 89,
"high": 342,
"medium": 521,
"low": 244
},
"in_kev": 12,
"new_this_week": 23,
"new_this_month": 87,
"ai_categories": 8
},
"papers": {
"total": 2015,
"high_relevance": 312
},
"atlas": {
"techniques": 155,
"cve_mappings": 847
},
"generated_at": "2026-03-24T12:00:00.000Z"
}Embeddable Widget
Add a live AI threat feed to any website. The widget renders inside a Shadow DOM for complete style isolation. Lightweight (<15KB), no dependencies.
Basic Usage
<script src="http://localhost:4321/widget.js" data-limit="5" data-theme="dark"></script>Attributes
| Attribute | Default | Description |
|---|---|---|
data-limit | 5 | Number of CVEs to show (1-10) |
data-theme | dark | "dark" or "light" |
data-severity | all | Comma-separated severity filter: "critical,high" |
Critical + High Only, Light Theme
<script src="http://localhost:4321/widget.js"
data-limit="3"
data-theme="light"
data-severity="critical,high">
</script>Rate Limits
All public endpoints are rate-limited to 60 requests per minute per IP address.
Response Headers
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window (60) |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | ISO timestamp when the window resets |
When the limit is exceeded, you will receive a 429 Too Many Requests response with a
Retry-After: 60 header.
CORS
All API endpoints return Access-Control-Allow-Origin: * headers, allowing cross-origin requests from any domain. This enables browser-based integrations and the embeddable widget.