TL;DR: Vulnerability intelligence depends more on right-sized context than on larger general-purpose models, according to Oligo Security, whose NVIDIA-powered pipeline cut inference cost by 55x, sped response by 2.5x, and expanded CVE coverage by 20% while keeping accuracy. For IAM and security teams, the lesson is that prioritisation quality now depends on function-level evidence, runtime context, and pipeline economics.
NHIMG editorial — based on content published by Oligo Security: Oligo Accelerates Vulnerability Intelligence with NVIDIA AI for real-time cybersecurity at scale
Questions worth separating out
Q: How should security teams prioritise vulnerabilities when code scans and runtime data disagree?
A: Treat runtime evidence as the tie-breaker.
Q: Why do generic LLMs struggle with vulnerability enrichment at scale?
A: Generic LLMs often add cost without adding enough task-specific precision.
Q: What signals show that a vulnerability intelligence pipeline is working?
A: Look for lower enrichment latency, better function-level coverage, fewer false positives, and more confident links between advisories and actual runtime exposure.
Practitioner guidance
- Build a function-level prioritisation layer Require runtime evidence, code-path relevance, and advisory enrichment before a vulnerability enters the top remediation queue.
- Separate reasoning from extraction workloads Use larger models only where deeper correlation is needed and reserve smaller models for high-volume enrichment, NER, and classification.
- Standardise preprocessing inputs Pull advisory feeds, GitHub Security Advisories, patch metadata, and code references into a consistent preprocessing stage so downstream models do not have to infer structure from incomplete text.
What's in the full article
Oligo Security's full article covers the operational detail this post intentionally leaves for the source:
- The full model comparison behind the 55x cost reduction and 2.5x response-time improvement
- The preprocessing design used to increase CVE coverage and improve function-level enrichment
- The runtime validation method that cross-checks suggested functions against production execution data
- The pipeline architecture used to move from evaluation to production without sacrificing accuracy
👉 Read Oligo Security's analysis of real-time vulnerability intelligence with NVIDIA AI →
Real-time CVE enrichment at scale: what changes for security teams?
Explore further
Context quality is now the limiting factor in vulnerability intelligence. The article shows that better outputs came from feeding the model the right advisory and runtime context, not from using a larger generic model. In practice, that means the bottleneck is no longer raw detection capacity but the quality of the evidence pipeline that supports prioritisation.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, which helps explain why enrichment and validation still matter at the point of control.
A question worth separating out:
Q: How can teams avoid spending too much on enrichment pipelines?
A: Right-size the model for each task, keep preprocessing disciplined, and measure cost against validated security outcomes instead of raw throughput. If the pipeline enriches quickly but does not improve prioritisation, the spend is not translating into risk reduction.
👉 Read our full editorial: Vulnerability intelligence at scale needs context, not bigger LLMs