CISA KEV · EPSS · signed

Verifiable exploited-CVE evidence for cyber insurance.

Cyber risk turns on actively-exploited vulnerabilities. Dynamic Feed matches the software you name against CISA's live Known Exploited Vulnerabilities catalog and returns a signed, timestamped record — so an underwriter or adjuster has verifiable evidence of what public exploited-in-the-wild data showed about the named stack at a point in time, not a self-reported claim.

The call

Keyless over MCP, or one REST call with a free key. Every datapoint is provenance-stamped and citeable.

# REST (free key)
curl -H "X-API-Key: $KEY" "https://dynamicfeed.ai"

# MCP (keyless) — point any client at https://dynamicfeed.ai/mcp, then call:

Sample response

{ "cve": "CVE-2026-1234", "in_kev": true, "epss": 0.97,
  "measured_at": "...Z", "source": "CISA KEV + FIRST.org EPSS",
  "signature": { "alg": "Ed25519", "key_id": "df-ed25519-4cb32e72f333" } }

Why live data

Cyber underwriting and claims both hinge on one question: was a known-exploited vulnerability present in the insured's stack, and when? Dynamic Feed serves the full live CISA KEV catalog — the CVEs attackers are actually using — enriched with FIRST.org EPSS exploit-probability and CVSS severity, and signs every result over its exact bytes. You (or the insured) name the software; we match it against public, exploited-in-the-wild data and return a signed, timestamped record either side can re-check. To be exact about what this is: Dynamic Feed does NOT scan anyone's systems and cannot see them — it matches a declared stack against public KEV data. It's evidence of what public data showed at a time — not a security assessment, an audit, or a guarantee of security, and not legal, insurance or coverage advice or a determination of liability, fault, or whether a vulnerability is material to a claim.

Use it for

A signed record of exploited-CVE exposure for a named stack, at a point in time
An underwriting input for cyber / tech E&O — verifiable, not self-reported
Claims evidence: what KEV data showed at the time of an incident
A policy-condition input you can require and re-check (drafting is your decision)

Get a free API key ↗ See it live ↗ API docs ↗

FAQ

Does Dynamic Feed scan our systems?

No — we can't see your systems. You name the software you run; we match it against CISA's public, exploited-in-the-wild KEV data and return a signed record of what that public data showed. Evidence, not a scan.

Is this a security assessment or a guarantee?

No. It's a signed, timestamped record of public exploited-CVE data matched to a declared stack — not an audit, not an assessment, and not a guarantee of security. One verifiable input among many.

How fresh is the KEV data?

Live — the record carries the exact measurement time, and the signature verifies against /.well-known/keys. CISA adds to the KEV catalog as new exploitation is observed.

Related live feeds

Exploited-CVE API Real-time CVE API AI underwriting evidence All use cases →