From n8n Winner to Chrome AI Pioneer: Building SOC-CERT Guardian extension with Virtual CVE Intelligence 🚀

🎯 TL;DR

3 Months, 3 Challenges, 1 Vision: From n8n automation winner to Chrome AI cybersecurity pioneer.

This isn't just another hackathon project — it's solving a $10B industry problem with Virtual CVE Intelligence.

The Journey:

• 🏆 August 2025: Won n8n + Bright Data AI Agents Challenge
• 📊 September 2025: Built enterprise SOC dashboard with KendoReact
• 🚀 October 2025: Created first Chrome AI security extension with Virtual CVE Intelligence and CISA KEV correlation

Result: Proactive threat detection in 2.3 seconds vs NVD’s 90-day timeline

---

🏆 Chapter 1: The Win (August 2025)

n8n + Bright Data Challenge Victory

Won the Real-Time AI Agents Challenge with SOC-CERT: Automated Threat Intelligence — an n8n workflow automating CVE correlation and threat detection.

What it did:

• 🔄 Real-time NVD + CISA KEV synchronization
• ⚡ Bright Data proxies for reliable threat data scraping
• 🎯 AI-powered CVE correlation with 1,400+ known exploited vulnerabilities
• 📱 Telegram alerts in 2 seconds

The Foundation: This winning workflow became the backend intelligence for all future SOC-CERT products.

---

📊 Chapter 2: The Dashboard (September 2025)

Enterprise Visualization with KendoReact

After winning with automation, SOC teams needed visualization. Built enterprise-grade dashboard with KendoReact.

Features:

• 📈 Real-time threat analytics and trend visualization
• 🎨 Professional enterprise UI components
• ⚡ High-performance data grids for CVE management
• 🔍 Advanced filtering and correlation rules

Key Learning: Automation without visualization limits SOC decision-making speed.

---

🚀 Chapter 3: The Innovation (October 2025)

First Chrome AI Cybersecurity Extension

The Problem: Dashboards were reactive — enterprises wait 30–90 days for NVD documentation.

The Solution: First Chrome extension combining:

• 🧠 Chrome Built-in AI (Gemini Nano) for local threat analysis
• 🔐 CISA KEV Catalog correlation (1,400+ CVEs)
• 🔮 Virtual CVE Intelligence — industry-first system
• ⚡ Proactive browser-level detection

---

🔮 The Game-Changer: Virtual CVE Intelligence

Solving the 90-Day Security Gap

Industry Challenge:

Day 0: Vulnerability discovered
Day 30: Security research completed
Day 60: CVE submitted to MITRE
Day 90: Official CVE published in NVD
→ 90-day exposure window with NO tracking

SOC-CERT Innovation:

Second 0: User visits suspicious URL
Second 2: Gemini Nano detects threat
Second 5: Virtual CVE created (CVE-2026-XXXXX)
Second 10: Alert with recommendations
→ Immediate threat tracking from detection moment

Virtual CVE Structure:

{
  "cve_id": "CVE-2026-202745",
  "type": "virtual",
  "url": "http://example.com/vulnerable.php?id=1'",
  "indicators": ["SQL injection", "URL encoding"],
  "riskScore": 90,
  "confidence": 0.95,
  "timestamp": "2025-10-13T10:43:37.556Z",
  "aiAnalysis": "Likely vulnerable to SQL injection attacks...",
  "recommendations": [
    "Implement input validation",
    "Use parameterized queries",
    "Deploy WAF protection"
  ]
}

Why This Matters

Feature	NVD/KEV CVEs	Virtual CVEs
Detection Time	60–90 days	Real-time (2–3s)
Coverage	Known vulnerabilities	Emerging threats
Tracking	Post-discovery	From day zero
Use Case	Reactive security	Proactive security

---

🤖 Chrome Built-in AI Integration

Production Cybersecurity Use Case

Chrome AI Stack:

• 🧠 Prompt API (LanguageModel): Core threat analysis with Gemini Nano
• 📝 Summarizer API: Concise threat alerts for SOC teams
• ✍️ Writer API: Detailed security advisories and remediation steps
• 🌍 Translator API: Bilingual support (EN, FR) with expansion ready
• ✅ Proofreader API: Clean, professional security reports

Example Implementation:

// Local threat analysis with Gemini Nano
const session = await ai.languageModel.create({
  systemPrompt: "You are a cybersecurity expert analyzing web pages...",
  temperature: 0.3,
  topK: 3
});

const analysis = await session.prompt(`
Analyze this code for security vulnerabilities:
${codeSnippet}
Return JSON with:
Vulnerability type
Severity (CRITICAL, HIGH, MEDIUM, LOW)
Exploitation potential
Mitigation recommendations
`);

// Concise alert generation
const summarizer = await ai.summarizer.create({
  type: 'tldr',
  length: 'short'
});
const alert = await summarizer.summarize(analysis);

---

🎯 First CISA KEV Browser Integration

Real-Time Correlation Engine

Industry First: Browser extension with direct CISA KEV correlation.

async function correlateCISAKEV(cveId) {
  const kevData = await fetch(`${API}/cisa-kev?cve=${cveId}`);
  if (kevData.inKEV) {
    return {
      priority: 'CRITICAL',
      exploited: true,
      dueDate: kevData.actionDueDate,
      ransomwareUse: kevData.knownRansomware,
      mitigation: kevData.requiredAction
    };
  }
}

Real CVE Example:

Detected: CVE-2020-0618 (SQL Server RCE)
CISA KEV Status: ✅ Known Exploited
CVSS Score: 9.8 (Critical)
Action Due Date: 2020-02-14
Ransomware Use: ✅ Confirmed
Required Action: Apply security updates immediately

---

🏗️ The Hybrid AI Architecture

Best of Both Worlds

Client-Side (Gemini Nano):

• ⚡ Speed: Instant analysis < 2 seconds
• 🔒 Privacy: All sensitive data stays local
• ✅ Offline: Works without internet connection
• 🧠 AI Reasoning: Pattern detection and risk scoring

Server-Side (n8n + KEV):

• 📚 Intelligence: Real CVE database (1,400+ vulnerabilities)
• 🎯 Accuracy: Validated threat data from CISA
• 📊 Enrichment: CVSS scores, mitigation strategies, exploit info
• 🔄 Updates: Live threat intelligence feeds

Architecture Flow:

Browser Visit
↓
⚡ Analysis 1: Gemini Nano (local, <2s)
↓
📊 Instant Results + Risk Score
↓
🔄 Analysis 2: n8n Workflow (server-side)
↓
📚 KEV Catalog Query + CVE Correlation
↓
✅ Enriched Results with Real CVE Data
↓
🛡️ User Alert with Mitigation Steps

---

📊 Performance & Impact

Speed:

• ⚡ 2.3 seconds average detection time
• 🚀 38,000× faster than NVD’s 90-day timeline
• 🧠 Local processing (privacy-first architecture)

Coverage:

• 📋 1,400+ CVEs from CISA KEV Catalog
• 🔮 Virtual CVE generation for zero-days
• 🌍 2 languages supported (EN, FR)

Innovation:

• 🥇 First Virtual CVE generation system
• 🥇 First CISA KEV browser integration
• 🥇 First Chrome AI cybersecurity extension
• 🥇 First hybrid AI security architecture

Localization Ready: English + French (Spanish, Japanese, Chinese coming soon).

---

🔗 The Complete Ecosystem

Three Months, Three Products, One Vision:

August: n8n Automation (backend intelligence)
↓
September: KendoReact Dashboard (visualization)
↓
October: Chrome AI Extension (proactive detection)

Data Flow:

Browser Extension → AI Analysis → Virtual CVE Generation
↓
n8n Enrichment → CISA KEV Correlation
↓
Dashboard Visualization → Analytics
↓
Telegram Alerts → SOC Team

Reusing Winning Architecture:

• ✅ Same n8n workflows (August challenge)
• ✅ Same CISA KEV correlation logic
• ✅ Same Telegram alerting system
• ✅ Added: Chrome AI for proactive detection
• ✅ Added: Virtual CVE intelligence system

---

🎓 Lessons Learned

Technical Insights

• ✅ Gemini Nano is production-ready for security analysis
• ✅ Hybrid architecture overcomes on-device AI limitations
• ✅ Local processing enables privacy-first security
• ✅ Progressive analysis provides optimal UX

Architecture Decisions

• 🎯 Reuse proven workflows (n8n from winning project)
• 🔄 Build ecosystems, not isolated features
• 📊 Visualize data for faster SOC decisions
• 🔮 Innovate on emerging problems (90-day gap)

Strategic Learning

• 🏆 Winning once isn’t enough — keep evolving
• 📈 Build on previous victories — leverage your wins
• 🚀 Embrace new platforms early — Chrome AI first-mover advantage
• 💡 Solve real problems — 90-day gap costs enterprises millions

---

🚀 What’s Next

Q4 2025 Roadmap

Immediate:

• 🌐 Chrome Web Store publication (after challenge results)
• 📊 SOC team beta program (enterprise pilot)
• 🔄 Custom detection rules engine
• 📱 Mobile companion app

2026 Vision:

• 🤖 Multimodal threat analysis (image/audio via Prompt API)
• 🔗 SIEM/SOAR platform integrations
• 👥 Team collaboration features
• 🌍 Open-source community edition

---

🏆 Try SOC-CERT Guardian

Chrome Extension:

📋 Devpost: https://devpost.com/software/soc-cert-guardian
📺 Demo Video: https://www.youtube.com/watch?v=jEfFdMXPSn0
🔗 GitHub: https://github.com/joupify/soc-cert-guardian-extension
🏅 Challenge: https://googlechromeai2025.devpost.com/

n8n Automation (Winner 🏆):

📖 Original Article: https://dev.to/joupify/soc-cert-automated-threat-intelligence-system-with-n8n-ai-5722

🏆 Challenge: Real-Time AI Agents Challenge (August 2025)

---

💬 Connect & Contribute

Questions? Ideas? Drop them in the comments!
Want to contribute? Check out the GitHub repository: https://github.com/joupify/soc-cert-guardian-extension
SOC teams interested in beta?
Open to consulting, remote roles, and partnerships.

---

🙏 Acknowledgments

• 🏆 n8n + Bright Data for the challenge platform and winning opportunity
• 📊 Progress KendoReact for enterprise UI components
• 🤖 Google Chrome AI for pioneering Built-in AI APIs
• 🔐 CISA for the KEV Catalog and public threat intelligence
• 💬 Dev.to community for continuous support and feedback

---

From n8n automation to Chrome AI innovation: Building the first cybersecurity extension with Virtual CVE Intelligence and real-time CISA KEV correlation.

Series: SOC-CERT Evolution 🚀📈🤖

• ✅ Part 1: Winning n8n + Bright Data AI Agents Challenge
• ✅ Part 2: Enterprise Cybersecurity Dashboard with KendoReact
• 🟢 Part 3: Chrome AI Pioneer with Virtual CVE Intelligence (current)
• 🔜 Part 4: Open Source Launch & Enterprise Adoption (November 2025)

3 months. 3 challenges. 1 ecosystem. The SOC-CERT evolution continues. 🚀