EN/DE Start free trial
AI & PSIRT

PSIRT Automation

Coordinate vulnerability reports, prioritise risks, publish advisories — all under growing regulatory pressure. TrustSource PSIRT Automation gives your team an AI agent that handles the routine work and acts directly inside TrustSource.

Learn more — get in touch →
PSIRT Automation

At a glance

OSCAR AI Agent

Our Opensource Security Compliance Assurance Robot — assesses risks, develops integration scripts, and drives TrustSource workflows directly from the chat.

ts-mcp Integration

The TrustSource MCP server provides around 19 tools — for natural-language control of SBOMs, vulnerabilities, threat models, and CVD workflows.

Automated PSIRT Workflows

From incoming report to coordinated advisory publication: every step documented, prioritised, and assigned — without manual coordination.

Platform Integration

SCA, SBOM Management, Threat Modelling, Risk Management, CVD, CSAF and Vulnerability Management connected through a unified API and shared semantics.

Ready to act immediately

OSCAR knows the context of every project and responds immediately — update a threat model, prioritise a vulnerability, kick off a CVD process.

CRA & NIS2 compliant

Every step is logged in an audit-ready manner. The structured PSIRT process meets the requirements of the Cyber Resilience Act and the NIS2 Directive.

The Challenge

PSIRTs are under constant pressure: vulnerability reports come in, CVD deadlines run, advisories must be coordinated and published — all while regulatory requirements from the CRA and NIS2 keep rising. Teams that handle this manually tie up capacity that is needed for what matters most: resolving the vulnerability itself, quickly and traceably.

TrustSource has already structured and automated the CVD process. With PSIRT Automation we go a step further: AI-based agents take over the routine work — and act directly inside TrustSource.

From assistance to action: OSCAR

In spring 2025 we introduced OSCAR — the Opensource Security Compliance Assurance Robot. What began as a smart FAQ assistant has since become a fully-fledged compliance advisor: OSCAR develops integration scripts, assesses risks, and drives TrustSource workflows directly.

OSCAR — the TrustSource AI agent for PSIRT automation
OSCAR: from online help to an autonomous PSIRT agent

ts-mcp: controlling TrustSource by voice

The ts-mcp server makes TrustSource operable in natural language — embedded as a Claude skill or as a standalone server in complex AI setups. Around 19 tools enable direct interaction: query SBOMs, prioritise vulnerabilities, kick off CVD workflows, update threat models. The foundation is TrustSource's extensive API.

Sample dialogue — OSCAR via ts-mcp
Stefan
Hi OSCAR, can you help me with the threat model for project Waldfürst?
OSCAR

Hi Stefan, of course. What would you like me to do?

  • a) Bring the threat model up to date?
  • b) Re-evaluate the risks?
  • c) Review or update the countermeasures?
  • d) All three at once.
Stefan
Let's start with a review of the model.
OSCAR
Sure. Starting the review now and collecting current data from the SBOMs…

Integrated across all products

Connecting SCA, SBOM Management, Threat Modelling, Risk Management, CVD, CSAF and Vulnerability Management through a unified API and shared semantics opens up a new dimension of automation. OSCAR knows the context of every project — and acts accordingly.

Want to be at the cutting edge?

See how AI is redefining software compliance — talk to us now.

Related articles

28 Jan 2026

ts-scan available as github-action

TrustSource added ts-scan github action to github's marketplace. You may add it directly into your repositories workflows. Read more for details!

 19 Jan 2025

Cyber Resilience Act published

The EU Cyber Resilience Act (CRA) has been published recently. This article summarises the major impacts and obligations this will cause.