Engine Active 24/7

Auto-Evolution: Security Rules That Write Themselves

New CVE drops at 2 AM. By 2:01 AM, Fortly has a detection rule — harvested from threat feeds, generated by AI, confidence-scored, and deployed to your scanners. No human intervention required.

How It Works

Three autonomous steps. Zero manual work.

1 Harvest

Threat Intelligence Harvesting

Our crawlers monitor 12+ threat intelligence sources 24/7: NVD, GitHub Security Advisories, ExploitDB, CISA KEV, PacketStorm, and vendor-specific feeds. Every new CVE, advisory, and proof-of-concept is captured within minutes of publication.

threat-harvest-worker

CVE-2025-29927 nextjs middleware bypass

CVE-2025-1974 ingress-nginx RCE

CVE-2025-24813 apache tomcat RCE

+ 47 more this week...

2 Generate

AI-Powered Rule Generation

Each threat is analyzed by our generative AI engine. It evolves attack vectors, generates detection rules with YAML signatures, maps to MITRE ATT&CK techniques, assigns CVSS scores, and produces scanner-ready payloads. Every rule includes a confidence score from 0-100.

rules-generate-worker

rule: nextjs-middleware-bypass

confidence: 94%

mitre: T1190 (Exploit Public App)

cvss: 9.1 (Critical)

3 Deploy

Automatic Deployment

High-confidence rules (score >= 80) are automatically deployed to all active scanners. Your next scan will include the latest threats — whether that's a scheduled midnight scan or a CI/CD pipeline run. Average time from CVE publication to live detection: under 3 minutes.

rules-deploy-worker

status: deployed

scanners: 6/6 updated

latency: 2.8 min

coverage: all active projects

Evolution by the Numbers

Real-time stats from our Auto-Evolution engine.

--
Total Rules Generated
--
Rules This Month
--
Avg CVE → Rule (min)
--
Sources Monitored

Fortly vs Traditional Scanners

Fortly Traditional Scanner
Rule Update Frequency Real-time (minutes) Quarterly / manual
CVE → Detection < 3 min Days to weeks
Rule Creation Method AI-generated + scored Manual by security team
Threat Sources 12+ 1-3
Human Intervention None required Required for every rule

Frequently Asked Questions

How does Auto-Evolution differ from regular signature updates?
Traditional scanners update signatures quarterly or when their vendor pushes an update. Fortly's Auto-Evolution monitors threat feeds in real-time and uses AI to generate detection rules within minutes of a new CVE being published. It's the difference between a newspaper and a live news ticker.
Can I review rules before they're deployed?
Yes! The Evolution Dashboard shows every generated rule with its confidence score, source CVE, MITRE mapping, and YAML signature. You can activate or reject rules manually. Only rules with confidence >= 80% are auto-deployed by default.
Which threat sources are monitored?
Fortly monitors NVD (NIST), GitHub Security Advisories, ExploitDB, CISA Known Exploited Vulnerabilities (KEV), PacketStorm, vendor-specific advisories (Microsoft, Google, Apple), and several curated OSINT feeds. Enterprise plans can add custom threat feeds.
Is Auto-Evolution available on all plans?
Auto-Evolution is fully available on Team and Enterprise plans. Pro plan users get view-only access to the Evolution Dashboard. It's also available as an add-on ($99/month) for Pro plan users who want full access.

Start Protecting with Rules That Evolve

Join the teams that never worry about being behind on the latest threats.

Start Your Free Scan

No credit card required. Auto-Evolution active on Team plans and above.