BreachSpiderBREACHSPIDER
Research Intel Features Docs About Sign In Sign Up Free
CITED Relevance LLC • BreachSpider • SAGE

The infrastructure operator who got tired of watching critical systems go undefended.

Most cybersecurity companies are built by people who think like attackers. BreachSpider was built by someone who spent 27 years keeping critical infrastructure running - and understood exactly what defenders need when a CVE drops at 2AM and the plant cannot go offline.

27
Years Critical Infrastructure Operations
352k+
CVEs Indexed with AI Enrichment
15 min
KEV Alert Delivery
1
USPTO Provisional Patent Filed

The Problem Nobody Was Solving

Every ICS/OT security engineer knows the scenario. A CVE drops at 9.8. Someone from IT forwards it marked urgent. You open NVD and get three sentences, a vector string, and a CPE list that requires a separate lookup to decode.

You still don't know if your Siemens SIMATIC S7-1500 on line 4 is actually affected. You don't know if a Suricata rule exists. You don't know if CISA has flagged it as actively exploited. You don't know if there's a patch or if you're looking at an 18-month wait for your vendor's maintenance window.

That information exists - scattered across NVD, CISA KEV, vendor PSIRTs, ZDI advisories, and security research blogs. Pulling it together manually takes hours. In operational environments where every change requires a change management process and every outage costs real money, hours matter.

"The tools built for IT security teams assume you can push a patch the same day. In operational technology, that assumption breaks down at the plant gate."

Joshua Hayes, Founder - CITED Relevance LLC

Who Built This

Joshua Hayes spent 27 years in outside plant fiber optic network operations - the physical layer of critical communications infrastructure spanning thousands of route miles, where a splice failure cascades into regional outages and a single backhoe strike at the wrong junction shuts down emergency services.

Before that, he designed chemical batch control systems - environments where a misconfigured PLC setpoint doesn't mean a degraded user experience, it means a process upset with real safety consequences. He understands what it means when a vulnerability affects a system that cannot simply be rebooted.

That operational background shapes every design decision in BreachSpider. The platform is built for the engineer who gets paged at 2AM, not the analyst with the luxury of a morning briefing. The SAGE AI enrichment exists because context-free CVE data is worthless to someone making a remediation decision before the next shift starts.

Original Vulnerability Research

CITED Relevance LLC conducts original ICS/OT vulnerability research. This is active security research - finding real vulnerabilities in real systems, documenting them with precision, and handling them through responsible, coordinated disclosure.

Focus

ICS/OT Vulnerability Research

Research across ICS/OT software stacks, spanning pre-authentication RCE, SSRF, denial of service, and path traversal vulnerability classes.

Methodology

Systematic ICS/OT Target Selection

Research focuses on software stacks that underpin industrial control - MQTT brokers, EV charging infrastructure, medical imaging platforms, and industrial protocol implementations. Targeted analysis of the attack surface that matters to critical infrastructure operators.

Intelligence Loop

Research Feeds the Platform

First-hand vulnerability research informs the SAGE enrichment models. When CITED Relevance discovers a pre-auth crash in an MQTT broker, that context improves SAGE analysis accuracy across similar vulnerability classes.

Recognition

Active in Coordinated Disclosure

CITED Relevance LLC conducts its research through responsible, coordinated disclosure with affected vendors.

SAGE - Sovereign AI Governance Engine

SAGE is the AI system enriching every CVE in the BreachSpider database. It is not a wrapper around a commercial LLM API. It is a purpose-built architecture trained on ICS/OT vulnerability data, designed around one constraint: the output must be mathematically verifiable.

Every SAGE enrichment node carries a SHA-512 cryptographic audit hash. Every confidence score is computed from a defined formula - hypothesis weight, observation weight, rule application weight - producing a traceable result. This is not AI generating plausible-sounding text. It is a governed inference system where every output can be audited back to its inputs.

The core architectural insight: vulnerability intelligence needs to be deployable at the edge without cloud dependency. An OT security team in a manufacturing facility with air-gapped networks cannot rely on a cloud API call to assess whether a CVE affects their equipment. SAGE is designed with that constraint from the ground up.

App. 64/015,948
Filed March 24, 2026

USPTO Provisional Patent

SAGE - Sovereign AI Governance Engine

Coordinate-based AI knowledge architecture enabling GPU-free edge deployment of verified vulnerability intelligence. Conversion deadline March 24, 2027.

Why Independent Matters

CITED Relevance LLC is not venture-backed. No investors to satisfy with growth metrics. No sales team that needs a quota-friendly feature. No marketing department softening technical findings to avoid upsetting vendor relationships.

BreachSpider publishes what the data shows. Rockwell Automation has a KEV rate 14 times the global average. Siemens has 462 network-exploitable critical CVEs. Those numbers are in the platform and in the public research report because they are accurate - not because a vendor approved them.

Independence also means the research operation can pursue vulnerabilities wherever they lead - EV charging infrastructure, medical imaging, industrial automation, IoT protocol stacks - without concern for whether the vendor is a platform partner or a paying customer.

The Mission

The systems that treat drinking water, generate electricity, run manufacturing lines, and manage hospital infrastructure are running software with known, documented vulnerabilities - some of them years old, some actively exploited, many without patches. The people defending those systems deserve better intelligence than a three-sentence NVD description and a CVSS score.

The Platform: BreachSpider

📊

352,632 CVEs

Indexed from NVD, CISA KEV, ZDI, and 17 vendor PSIRT feeds. Updated daily. 100% enriched by SAGE.

15-Minute KEV Alerts

CISA adds a vulnerability to the Known Exploited list. Your team knows within 15 minutes with full SAGE context.

🛡

Virtual Patches

Suricata and Snort rules for network-level detection - including 171 KEV entries with no vendor patch available.

📄

NERC-CIP + IEC 62443

Every high and critical CVE mapped to NERC-CIP standards and IEC 62443 security levels. Compliance evidence on demand.

🔍

ICS/OT Specific

6,713 ICS/OT CVEs. Coverage across Siemens, Rockwell, Honeywell, Mitsubishi, ABB, and 36,000+ vendors.

🔐

SHA-512 Audit Trail

Every SAGE enrichment record carries a cryptographic audit hash. Mathematically verified intelligence.

Contact

For research inquiries, vulnerability disclosures, partnership discussions, or enterprise deployments:

[email protected]

CITED Relevance LLC • Jefferson, Georgia • United States

PGP key available on request for secure communications.

Start With the Data

Search 352,632 CVEs free. No account required. See what's in your vendor's history before you sign up for anything.

Search CVEs Free Start Free Account Read the Research Report