In an era where cyber threats are growing in both volume and sophistication, risk management has become a cornerstone of effective organizational defense. Risk management involves identifying, assessing, and prioritizing potential threats, enabling organizations to allocate their resources where they matter most. The ultimate goal is to minimize potential losses while maintaining business continuity and operational resilience.
At the heart of risk management lies the challenge of balancing proactive measures with efficient resource allocation. Cybersecurity teams are often inundated with vulnerability data, making it difficult to determine which issues to address first. This is where predictive tools play a pivotal role by providing actionable insights. By analyzing vast amounts of data, these tools help organizations focus on the most critical threats, enhancing their ability to mitigate risk effectively.
One such predictive tool is the Exploit Prediction Scoring System (EPSS). EPSS is designed to estimate the likelihood of a known software vulnerability being exploited "in the wild." By assigning probabilities to vulnerabilities, it empowers organizations to prioritize those with the highest exploitation risks, integrating seamlessly into their broader risk management strategies.
However, while AI models like EPSS are advancing rapidly, AI security is struggling to keep pace. This gap creates vulnerabilities that adversaries can exploit, raising significant concerns about the reliability of AI-driven tools. As with any machine learning model, EPSS is not immune to potential manipulation.
Adversarial attacks—small, often imperceptible adjustments to input data—can sometimes mislead predictive models, impacting the reliability of their outputs. Such attacks are well-documented in fields like image recognition but remain relatively unexplored in cybersecurity-focused models like EPSS. This raises an essential question: could adversarial inputs affect how EPSS evaluates risk, potentially skewing vulnerability prioritization?
In this blog post, I’ll walk you through my journey of executing a successful adversarial attack on the EPSS model, demonstrating how subtle modifications to vulnerability features can alter the model's predictions. I’ll discuss the methods I used, the challenges I faced, and the implications this has for cybersecurity at large.
The Exploit Prediction Scoring System (EPSS) is a groundbreaking model developed to assist cybersecurity teams in vulnerability management. Developed through a collaboration of industry experts, EPSS provides a score indicating the likelihood that a specific software vulnerability will be exploited in the near future.
By leveraging a mix of historical data on exploits, vulnerability characteristics, and machine learning techniques, EPSS helps prioritize which vulnerabilities need immediate attention, potentially reducing the time and resources required to manage and mitigate risks.
EPSS predicts exploitation activity using a set of 1,477 features that capture various aspects of each CVE. These features are fed into a machine learning model (specifically, XGBoost), which uses them to predict the probability of exploitation.
Here’s an overview of some key categories of data and features that EPSS leverages:
Let’s explore the mechanics of the adversarial attack on the EPSS model. By leveraging specific features that the EPSS model uses for exploitation prediction, I was able to manipulate its probability estimate for a chosen vulnerability.
The attack targeted two key features in EPSS’s feature set: social media mentions and public code availability. EPSS includes these features since activity in these areas—such as discussions on Twitter or the presence of exploit code on platforms like GitHub—can indicate a heightened risk of exploitation. By artificially inflating these indicators, I aimed to influence the model’s output.
It’s important to highlight that the Published Exploit Code feature is a binary indicator that simply reflects the existence of any exploit code, regardless of the quantity or quality of the content. Therefore, when selecting a CVE to test the attack, I specifically chose one for which no exploit code was available on GitHub and that had minimal mentions on Twitter. This allowed me to better assess the impact of artificially increasing these signals.
For this attack, I selected the CVE-2017-1235 vulnerability as the target. This vulnerability was used as a case study to observe how changes in related activity metrics might influence the EPSS model’s prediction.
Prior to the attack, the EPSS for CVE-2017-1235 indicated a predicted exploitation probability of 0.1, placing it in the 41st percentile for potential exploitation among all assessed vulnerabilities. This relatively low score suggested that, according to the EPSS model, it was not a high-priority target for exploitation based on its existing activity indicators.
I generated random tweets discussing CVE-2017-1235 using ChatGPT. These tweets were intended to mimic authentic mentions of the vulnerability and aimed to increase its social media activity score in EPSS.
In addition, I created a GitHub repository labeled “CVE-2017-1235_exploit.” The repository contained a simple, empty Python file, which technically provided no exploit functionality.
The attack produced a noticeable impact on the EPSS model’s evaluation of CVE-2017-1235. Following the injection of artificial activity through generated social media posts and the creation of a placeholder exploit repository, the model's predicted probability for exploitation increased from 0.1 to 0.14. Additionally, the percentile ranking of the vulnerability rose from the 41st percentile to the 51st percentile, pushing it above the median level of perceived threat.
While this experiment successfully influenced the EPSS model, it remains to be seen how robust these changes are over time or whether additional model safeguards could be implemented to detect such artificial patterns. Further exploration is needed to understand the thresholds at which activity signals trigger significant changes in EPSS predictions and to explore potential defenses against such adversarial attacks.
It is important to acknowledge the possibility that factors unrelated to the attack could have contributed to the observed changes. However, a review of the change history of CVE-2017-1235 prior to the attack showed only a single modification in its probability score, which occurred more than a year before our intervention. This historical stability makes it unlikely that other coincidental factors were responsible for the sudden change observed immediately following my manipulation.
Organizations should adopt a proactive approach when using EPSS by consistently monitoring probability scores. Any significant changes in these scores should prompt a deeper investigation to understand the underlying reasons and assess whether the shift is legitimate or potentially manipulated. This level of scrutiny ensures that organizations are not reacting to false signals, which could divert resources away from actual threats.
In general, it’s crucial to recognize that machine learning models, while powerful, are not immune. Just as in the cyber domain where it is standard practice to assume that adversaries are always attempting to exploit vulnerabilities, organizations should similarly treat predictive models with a similar mindset—acknowledging that models themselves can be influenced or exploited. By treating model outputs as valuable but not infallible indicators, organizations can better anticipate risks and make more resilient security decisions.
Furthermore, while EPSS provides an important tool for prioritizing vulnerabilities, it should not be the sole metric guiding an organization’s actions. Effective vulnerability management requires a holistic approach that incorporates other factors such as the criticality of the systems affected, the organization’s specific threat landscape, and the potential business impact of an exploit.
Relying on multiple data points and cross-referencing model outputs ensures a more comprehensive and robust decision-making process.
In today's evolving threat landscape, staying ahead of sophisticated attack techniques requires more than reactive measures—it demands proactive, intelligent, and adaptive strategies.
Morphisec’s Adaptive Exposure Management delivers exactly that, combining cutting-edge Automated Moving Target Defense (AMTD) technology with robust risk management capabilities. By enabling practitioners to prioritize vulnerabilities, uncover hidden risks, and continuously adapt to emerging threats, Morphisec empowers organizations to achieve true cyber resilience.
With benefits like assured protection, reduced costs, enhanced visibility, and a strengthened cybersecurity posture, Morphisec provides a comprehensive solution for organizations looking to outsmart increasingly sophisticated attacks. Its ability to address AI-enabled threats and safeguard legacy systems ensures that organizations remain prepared for the challenges of today and tomorrow.
As the stakes continue to rise, the shift from reactive to proactive security is no longer optional—it’s essential. With Morphisec, organizations gain the tools and confidence to anticipate, adapt, and stay secure in the face of any cyber threat.