Trustsee

Agentic security navigating the sea of new threats. Powered by TinyFish, we dive deep to catch vulnerabilities weeks before public APIs surface them. Proactive OSINT for the modern enterprise.

Comment 3

Inspiration

Standard vulnerability scanners are stuck in the past. There is a documented 21-to-27-day lag between a vulnerability being exploited in the wild and it appearing in official public APIs like the NVD. We realized that while security teams are waiting for an API update, hackers are reading researcher blogs and silent GitHub commits. We built TrustSee to bridge this "Discovery Gap" by giving AI agents the eyes to see threats as they emerge in the deep web, not just when they hit a database.

What it does

TrustSee is an agentic vulnerability intelligence platform. It uses TinyFish to autonomously navigate security research portals, private blogs, and developer discussions to find Celebrity CVEs and zero-day proofs-of-concept.

  • Baseline Intelligence: Pulls known vulnerabilities from standard APIs.
  • Agentic Intelligence: TinyFish agents log into security forums and scrape unstructured data to find the "Delta", the critical window of time where a company is at risk before a patch is official.
  • Reachability Analysis: It doesn't just find a bug; it browses your repo to see if the vulnerable code is actually reachable and exploitable in your specific environment.

How we built it

We used a modern, high-velocity stack:

  • Agentic Layer: Built on the TinyFish framework using AgentQL for semantic web navigation, allowing our agents to handle dynamic UIs that traditional scrapers can't touch.
  • Frontend/Backend: Developed with Next.js and Tailwind CSS for an enterprise-grade dark-mode dashboard, with Supabase handling our real-time vulnerability database and authentication.
  • Development Flow: We moved from concept to deployment in record time using Cursor, allowing us to focus on the complex logic of security research rather than boilerplate code.

Challenges we ran into

The biggest hurdle was the brittleness of the web. Security portals and GitHub frequently change their DOM structure to prevent basic scraping. We initially struggled with traditional CSS selectors, but pivoting to TinyFish’s AgentQL allowed the agents to find data based on meaning rather than code structure. We also had to solve for "Signal vs. Noise"—ensuring our agents could distinguish between a legitimate zero-day exploit and a "meme" post on social media.

Accomplishments that we're proud of

We successfully demonstrated the "Discovery Gap Delta." In our testing, TrustSee was able to identify three critical library vulnerabilities by analyzing developer "hush" patches on GitHub days before they were assigned a CVE number. We are also incredibly proud of our "Authenticated Agent" workflow, where a TinyFish agent can securely log into a demo researcher portal to fetch non-public data.

What we learned

We learned that the future of the web isn't just chatting with AI, it’s AI performing labor. Building TrustSee taught us that "Agentic Web Infrastructure" is the missing link in cybersecurity. When you give an LLM the ability to act and navigate the live web like a human researcher, the speed of defense finally begins to outpace the speed of attack.

What's next for TrustSee

We plan to expand the Agentic capabilities into Automated Remediation. The next version of TrustSee won't just find the vulnerability; it will use TinyFish to find the official patch, analyze the fix, and automatically open a Pull Request in the user's repository with the corrected code. We are also looking into deeper integrations with private bug bounty platforms to create a truly end-to-end Seer for enterprise security.

Built With

  • cursor
  • netifly
  • next.js
  • supabase
  • tailwind
  • tinyfish
Share this project:

Updates