u/rozetyp

Abstracting 10k H1 reports into an "Intelligence Layer" / MCP tool for agents - does mechanism-transfer retrieval actually work in practice?

I came across a skill (the one with 2.8K stars), and it got me thinking on a specific concept: most vulnerability mechanisms have already been disclosed and written up somewhere. The same basic edge keeps getting refiled against new products years later, and the product itself is somewhat incidental; the mechanism itself is the reusable part.

So I parsed ~10,000 publicly disclosed H1 reports, stripped out the product names and reduced each report to a product-agnostic "mechanism card" (source, sink, trigger, preconditions, impact) and embedded them. The idea is that an agent (or human) can point MCP at a stack or a bug they are stuck on, and it pulls the closest real-world mechanics: "Here is how this exact edge was successfully exploited on 6 other products," ranked by novelty, alongside basic grounding data (KEV/EPSS, etc.).

It does not magically find bugs, it acts more like a map of historical attack vectors. Full disclosure - I'm not a professional hunter, and I don't have a great feedback loop. The only signal I have is that an agent using it seemed to orient faster and caught a few of its own false positives - but that's incredibly weak evidence (my own tool, judged by my own agent setup).

Has anyone else already built a mechanism-level transfer? If you've tried a similar approach, does it actually move the needle?

reddit.com
u/rozetyp — 4 days ago