The difference between detection and exploitation often comes down to minutes. VulnCheck’s newly launched
KEV (Known Exploited Vulnerabilities) Alerts aims to bridge that gap by offering instant notifications on vulnerabilities with confirmed public exploitation. Delivered via Slack and email, these alerts enable security teams to act faster, prioritizing threats already being used in the wild.
But the roadmap goes beyond alerts in inboxes and chat tools. According to
VulnCheck's
Security Researcher and Evangelist Patrick Garrity, VulnCheck is focused on extensibility and automation from the outset.
Designed for Integration and Automation
“As an API-first company, we continue to expand the ability to extend VulnCheck into any use case,” Garrity tells MSSP Alert. “We’re building integrations with commonly used platforms like the ServiceNow integration we launched last week.”
This means KEV Alerts won’t just live in isolated notification channels. Security teams can plug the feed into SOAR, SIEM, and EDR workflows to drive automated incident response. That flexibility positions VulnCheck as not just a threat intel source, but as an enabler for broader security orchestration.
Vetting Exploitation with Transparency
VulnCheck reports that its KEV catalog includes 175% more vulnerabilities than CISA’s KEV list. But what’s behind the difference?
“VulnCheck KEV entries include the source references for where and when exploitation was reported,” Garrity explains. “CISA KEV has a limited scope tied to federal agencies, which contributes to the delta. Another factor is speed. 70% of CISA KEVs had public evidence of exploitation at least a day before they were added to the CISA catalog.”
This level of transparency allows defenders to review the source of each alert and better trust the data informing their decisions.
Built to Scale for MSSPs and Platform Providers
For managed security service providers and threat intel platforms, VulnCheck’s infrastructure updates bring performance improvements that go beyond speed.
“We already have the APIs available and adopted by MSSPs, product security companies, large enterprises, and government agencies,” Garrity says. “What KEV Alerts adds is easier access, now anyone can receive this intelligence through Slack or email.”
The backend improvements also enhance data throughput and reliability, enabling use across multi-tenant environments and large-scale operations.
A Faster, Broader View of Exploitation in the Wild
The expanded VulnCheck KEV catalog, now tracking more than 3,700 vulnerabilities, provides contextual data like exploit links and threat actor associations. That breadth, combined with real-time alerting and workflow-ready APIs, offers a clearer and faster picture of active threats than many traditional sources.
For security teams looking to tighten their response time and for partners building threat intel into their own products or services, VulnCheck’s KEV Alerts marks a step toward more proactive, automation-friendly vulnerability intelligence.
