empirical security logo Close

Products

Platform Overview

Local Models

Global Models

EPSS Model

Solutions

Methodology

Articles

Whitepapers

Videos

About Us

Docs

Request Demo

Login

Every Enterprise Is Unique. Your Risk Decisions
Should Reflect That.

Empirical builds data-driven models to prioritize, remediate, and summarize cybersecurity findings. We’re building the world’s first organization specific models for cybersecurity.

Request Demo

Our Models

Close

Empirical Local Models

Your enterprise has environmental and telemetry data that should be used in decision making. Empirical unlocks the value of these datasets by training a local model, specific to you and only accessible by you, to support your enterprise’s decision making.

Empirical Global Models

Global models combine real-time internet exploitation telemetry with EPSS predictions to provide the most accurate view of exploitation. It monitors activity over 17,000 known exploited in the wild CVEs, and uses that data in the model. This is 12x DHS CISA’s KEV, and far more than any other vendor out there.

EPSS Model

EPSS provides a prediction of the probability of exploitation of a vulnerability. It uses data contributed by participating vendors and is the free and open model used by over 120 vendors to score vulnerabilities. Empirical maintains and trains the model.

View Local Models Tour local models tour

How It Works

The platform supports Empirical's global and local models. Our global model, trained on ~2 million exploitation events, captures attacker behavior across the internet. Local models, trained on your environment's telemetry, capture more targeted attacks. The two models work together to surface the vulnerabilities most likely to be exploited in your infrastructure.

External Data

Local Data

Models (Local, Global, and EPSS)

Platform

UI

API

Agent

External Data

Local Data

Models

Platform

UI

API

Agent

External Data

Empirical monitors exploitation activity across 17,000+ CVEs. We observe exploitation as it happens and changes.

• 17,000+ known exploited vulnerabilities, tracked in near-real time

• Hourly exploitation telemetry per CVE, with years of historical depth

• Millions of malware hashes correlated to specific CVEs

• 1,400+ OSINT sources

• Ground-truth data from the team that built EPSS

Local Data

Empirical ingests scan results, asset metadata, compensating controls, patching velocity, network topology and uses that data to train a model only you can access.

• We ingest your scanned assets and vulnerability findings.

• We evaluate your environmental telemetry and compensating controls.

• Your local model improves with every month of data.

Models

Our models are statistical learning systems that produce measurable predictions with coverage and efficiency that you can verify.

• Local Model: trained on your assets, your controls, your environment to determine which findings pose real risk to you.

• Global Model: trained on internet-scale exploitation data to forecast attacker behavior.

• Together: higher coverage, higher efficiency, fewer wasted cycles.

Platform

Explore your security data with known exploitation activity through our web interface. Retrieve the latest intelligence via API. Automate triage with our AI agent.

Use Cases

• Threat Intelligence

• Vulnerability Management

• Application Security

• Cloud Security

Effort, Coverage, and Efficiency

Close

All Published Vulns (CVEs we could prioritize)

Effort

Measures the relative workload as the proportion of vulnerabilities prioritized out of all the possible CVEs:

True Positives + False Positives / Everything

Coverage

Measures how well our strategy covers the vulnerabilities we prioritized from all vulnerabilities that show exploitation activity (False Positives are prioritized without any exploitation activity observed):

True Positives / True Positives + False Positives

Efficiency

Measures how accurately our strategy focuses on vulnerabilities that have exploitation activity (False Negatives are not prioritized and exploitation activity is later observed):

True Positives / True Positives + False Negatives

Why security teams choose Empirical

A common language for risk decisions

The Empirical global model grounds every prioritization decision in observable evidence. When someone asks "why are we fixing this one first?" The answer is a probability backed by real world exploitation telemetry, with critical indicators explaining the logic in real time.

Your context changes the answer

A critical vulnerability behind a WAF with no internet exposure is not the same risk as a medium CVE on an unpatched, public-facing server running your payments stack. Generic models can't tell the difference. Our local model can because it trains on data only your environment produces.

We predict which vulnerabilities will be exploited in your environment.

CVSS measures severity, and EPSS predicts global exploitation probability, but neither tells you what will be exploited in your environment next month. Our models answer this crucial question. We demonstrate higher coverage and efficiency than traditional methods or off the shelf models. When fixing a limited set of vulnerabilities our predictions catch more of what actually gets exploited and waste less effort on what doesn't. We publish the data to prove our performance.

Our Products

local model

Local Models

Local models are trained on your environmental and telemetry data to support your enterprise’s decision making.

View
global model

Global Models

Global models combine real-time exploitation telemetry with EPSS predictions to accurately depict exploitation.

View
epss model

EPSS Model

Empirical builds and maintains the world’s only public machine learning model in cybersecurity, EPSS.

View

See how your model would differ

Try our models with your own local data and discover their impact on your cybersecurity environment.

Request Demo