## Microsoft hve-core Proposes 'VEX Generation Agent' for AI-Powered Vulnerability Triage
Microsoft's hve-core project is proposing a new AI-powered security agent designed to automate vulnerability triage for any codebase. The proposed 'VEX Generation Agent' would be a custom Copilot agent within the project's security collection, enabling users to scan for dependency vulnerabilities, perform AI-assisted exploitability analysis, and generate OpenVEX-compliant documents. Crucially, the tool is designed to operate using local CLI tools and plain HTTP fetches, explicitly avoiding dependencies on MCP servers, positioning it as a general-purpose security utility shipped as part of hve-core's security plugin.

The agent, internally tagged `/vex-generator`, is framed as a primary tool for hve-core's consumer base. Its stated purpose is to augment the existing security tooling—which includes a security planner, OWASP code reviewer, and supply chain posture assessor—by adding automated vulnerability exploitability statements (VEX). While the agent's creation would enable a separate, internal 'VEX Workflow' for hve-core's own software releases, the proposal emphasizes that this is a secondary benefit, not the primary goal. The core motivation is to provide external development teams with an integrated, AI-assisted pipeline for security compliance and risk assessment.

This development signals a strategic move by Microsoft to embed advanced, AI-driven security automation directly into developer toolchains. By focusing on local execution and standard formats like OpenVEX, the proposal aims to lower the barrier for teams to produce mandatory security artifacts. The integration into hve-core's security plugin suggests a push to consolidate and elevate software supply chain security practices from within the development environment itself, rather than as a separate, external audit step.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: AI Security, Vulnerability Management, Microsoft hve-core, Software Supply Chain, OpenVEX
- **Credibility**: unverified
- **Published**: 2026-03-27 14:27:29
- **ID**: 37845
- **URL**: https://whisperx.ai/en/intel/37845