Products

Local Models

Local models are trained on your environmental and telemetry data to support your enterprise’s decision making.

View

Global Models

Global models combine real-time exploitation telemetry with EPSS predictions to accurately depict exploitation.

View

EPSS Model

Empirical builds and maintains the world’s only public machine learning model in cybersecurity, EPSS.

View

How It Works

Our platform supports Empirical's global and local models. The global model, trained on ~2 million exploitation events, captures attacker behavior across the internet. Local models, trained on your environment's telemetry, capture more targeted attacks. The two models work together to surface the vulnerabilities most likely to be exploited in your infrastructure.

External Data

Local Data

Models (Local, Global, and EPSS)

Platform

UI

API

Agent

External Data

Local Data

Models

Platform

UI

API

Agent

External Data

Empirical monitors exploitation activity across 17,000+ CVEs. We observe exploitation as it happens and changes.

• 17,000+ known exploited vulnerabilities, tracked in near-real time

• Hourly exploitation telemetry per CVE, with years of historical depth

• Millions of malware hashes correlated to specific CVEs

• 1,400+ OSINT sources

• Ground-truth data from the team that built EPSS

Local Data

Empirical ingests scan results, asset metadata, compensating controls, patching velocity, network topology and uses that data to train a model only you can access.

• We ingest your scanned assets and vulnerability findings.

• We evaluate your environmental telemetry and compensating controls.

• Your local model improves with every month of data.

Models

Our models are statistical learning systems that produce measurable predictions with coverage and efficiency that you can verify.

• Local Model: trained on your assets, your controls, your environment to determine which findings pose real risk to you.

• Global Model: trained on internet-scale exploitation data to forecast attacker behavior.

• Together: higher coverage, higher efficiency, fewer wasted cycles.

Platform

Explore your security data with known exploitation activity through our web interface. Retrieve the latest intelligence via API. Automate triage with our AI agent.

Use Cases

• Threat Intelligence

• Vulnerability Management

• Application Security

• Cloud Security

Why security teams choose Empirical

A common language for risk decisions

The Empirical global model grounds every prioritization decision in observable evidence. When someone asks "why are we fixing this one first?" The answer is a probability backed by real world exploitation telemetry, with critical indicators explaining the logic in real time.

Your context changes the answer

A critical vulnerability behind a WAF with no internet exposure is not the same risk as a medium CVE on an unpatched, public-facing server running your payments stack. Generic models can't tell the difference. Our local model can because it trains on data only your environment produces.

We predict which vulnerabilities will be exploited in your environment.

CVSS measures severity, and EPSS predicts global exploitation probability, but neither tells you what will be exploited in your environment next month. Our models answer this crucial question. We demonstrate higher coverage and efficiency than traditional methods or off the shelf models. When fixing a limited set of vulnerabilities our predictions catch more of what actually gets exploited and waste less effort on what doesn't. We publish the data to prove our performance.

See how your model would differ

Try our models with your own local data and discover their impact on your cybersecurity environment.

Request Demo

Products

Local Models

Global Models

EPSS Model

How It Works

External Data

Local Data

Models (Local, Global, and EPSS)

Platform

UI

API

Agent

External Data

Local Data

Models

Platform

UI

API

Agent

External Data

Empirical monitors exploitation activity across 17,000+ CVEs. We observe exploitation as it happens and changes.

• 17,000+ known exploited vulnerabilities, tracked in near-real time

• Hourly exploitation telemetry per CVE, with years of historical depth

• Millions of malware hashes correlated to specific CVEs

• 1,400+ OSINT sources

• Ground-truth data from the team that built EPSS

Local Data

Empirical ingests scan results, asset metadata, compensating controls, patching velocity, network topology and uses that data to train a model only you can access.

• We ingest your scanned assets and vulnerability findings.

• We evaluate your environmental telemetry and compensating controls.

• Your local model improves with every month of data.

Models

Our models are statistical learning systems that produce measurable predictions with coverage and efficiency that you can verify.

• Local Model: trained on your assets, your controls, your environment to determine which findings pose real risk to you.

• Global Model: trained on internet-scale exploitation data to forecast attacker behavior.

• Together: higher coverage, higher efficiency, fewer wasted cycles.

Platform

Explore your security data with known exploitation activity through our web interface. Retrieve the latest intelligence via API. Automate triage with our AI agent.

Use Cases

• Threat Intelligence

• Vulnerability Management

• Application Security

• Cloud Security

Effort, Coverage, and Efficiency

All Published Vulns (CVEs we could prioritize)

Effort

Efficiency

Coverage

Why security teams choose Empirical

A common language for risk decisions

The Empirical global model grounds every prioritization decision in observable evidence. When someone asks "why are we fixing this one first?" The answer is a probability backed by real world exploitation telemetry, with critical indicators explaining the logic in real time.

Your context changes the answer

A critical vulnerability behind a WAF with no internet exposure is not the same risk as a medium CVE on an unpatched, public-facing server running your payments stack. Generic models can't tell the difference. Our local model can because it trains on data only your environment produces.

We predict which vulnerabilities will be exploited in your environment.

See how your model would differ

Try our models with your own local data and discover their impact on your cybersecurity environment.