{"id":176665,"date":"2026-01-12T03:45:11","date_gmt":"2026-01-12T08:45:11","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/12\/vulnerability-exploit-assessment-tool-epss-exposed-to-adversarial-atta\/"},"modified":"2026-01-12T03:45:14","modified_gmt":"2026-01-12T08:45:14","slug":"vulnerability-exploit-assessment-tool-epss-exposed-to-adversarial-atta","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/12\/vulnerability-exploit-assessment-tool-epss-exposed-to-adversarial-atta\/","title":{"rendered":"Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Atta"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/epss-exposed-to-adversarial-attack\/\">Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Atta<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/epss-exposed-to-adversarial-attack\/\">https:\/\/www.infosecurity-magazine.com\/news\/epss-exposed-to-adversarial-attack\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-08 23:30:13<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p><strong>Summary:<\/strong><br \/>\nMorphisec, an endpoint security provider, demonstrated the potential vulnerability of the Exploit Prediction Scoring System (EPSS) to adversarial attacks through a new proof-of-concept conducted by Threat Researcher Ido Ikar. EPSS, developed by FIRST, uses 1,477 features to predict the likelihood of vulnerability exploitation. Ikar illustrated a scenario where subtle modifications to indicators like social media mentions and public code availability could influence EPSS predictions artificially. For instance, generating random tweets discussing a vulnerability and creating a fake GitHub repository elevated the predicted probability of exploitation for an old IBM WebSphere MQ vulnerability from 0.1 to 0.14 and pushed its percentile ranking above the median. Despite being a proof-of-concept indicating the possibility of manipulation, Ikar emphasized the importance of a multi-faceted risk assessment, advising organizations to correlate EPSS outputs with other metrics and conduct deeper investigations into unexpected score changes.<\/p>\n<p><strong>Key Points:<\/strong><\/p>\n<ul>\n<li><strong>EPSS Model\u2019s Vulnerability:<\/strong> The EPSS model\u2019s reliance on external signals makes it susceptible to manipulation, potentially causing misguiding prioritization of vulnerabilities by organizations.<\/li>\n<li><strong>Proof-of-Concept Details:<\/strong> Ikar\u2019s method included artificially increasing social media mentions and creating an exploit repository to increase EPSS scores for a low-risk vulnerability.<\/li>\n<li><strong>Implications:<\/strong> Highlighted risks suggest that organizations need to complement EPSS use with other assessment methods.<\/li>\n<li><strong>Call to Action:<\/strong> Organizations should monitor changes in EPSS scores and investigate potential manipulations using varied data sources.<\/li>\n<li><strong>General Model Vulnerability:<\/strong> The study emphasizes the general vulnerability of AI models to adversarial attacks, necessitating vigilance in their deployment.<\/li>\n<\/ul>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Atta https:\/\/www.infosecurity-magazine.com\/news\/epss-exposed-to-adversarial-attack\/ Publish Date: 2026-01-08 23:30:13 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":176666,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/11446807-04bf-4277-8bef-db2bf6b56b01.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,31,27],"class_list":["post-176665","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/176665"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=176665"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/176665\/revisions"}],"predecessor-version":[{"id":176667,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/176665\/revisions\/176667"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/176666"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=176665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=176665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=176665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}