Phoenix Security launches Blue Intelligence 2.0 for unified vuln and package threat intel

Phoenix Security relaunched Phoenix Blue on June 30, 2026, as a free open-access intelligence platform for security teams, developers, and AI workflows. The platform combines vulnerability, malware, advisory, and malicious package data with MCP and API access to help defenders spot risk faster and prioritize remediation.

Why it matters: - Phoenix Blue is meant to cut through fragmented vulnerability data and give security teams one place to compare exploitation risk, advisory quality, and package-supply-chain threats. - The platform targets human analysts and AI agents, which matters as security workflows become more automated and attackers move faster. - Phoenix Security says the goal is better context before teams prioritize, assign, or remediate vulnerabilities.

What happened: - Phoenix Security relaunched Phoenix Blue, a free public intelligence platform, on June 30, 2026. - The platform is available through Phoenix Security's public web interface, REST APIs, and Model Context Protocol integrations. - Phoenix Blue is positioned as Blue Intelligence 2.0 and is open access with tiered accounts for Free, Registered, Pro, and Enterprise users. - CEO and Co-Founder Francesco Cipollone said the relaunch is intended to make vulnerability intelligence easier to access, validate, and use in human and AI-assisted workflows.

The details: - Phoenix Blue currently indexes more than 380,000 vulnerability and malware intelligence records and more than 2,080,000 advisory references. - The platform pulls from NVD, CISA Known Exploited Vulnerabilities, EPSS, VulnCheck, Shadowserver, GreyNoise, zero-day intelligence sources, ransomware intelligence, malicious package repositories, vendor advisories, and Phoenix Security research. - Each record includes structured data such as CVSS v3.1 and CVSS v4.0, CWE mapping, CPE associations, EPSS probability, KEV status, exploit evidence, affected product and vendor context, malware and package signals, remediation information, and advisory references. - Phoenix Blue adds proprietary scoring models to compare vulnerability urgency across multiple dimensions instead of relying on a single severity score. - The platform exposes structured vulnerability, product, vendor, and package intelligence modules for security research and remediation workflows. - The MCP integration lets AI assistants and security agents query Phoenix Blue directly inside security, developer, and remediation workflows. - Phoenix Blue uses an AI-assisted advisory pipeline to extract root cause, affected scope, exploitation status, technical impact, remediation guidance, detection indicators, timeline information, and threat actor or campaign attribution when available. - Phoenix Security uses a producer-and-judge validation model to review AI-generated analysis before it reaches users. - Outputs are scored for evidence discipline, technical accuracy, logic flow, CWE and CVSS mapping quality, detection engineering usefulness, remediation practicality, and vendor patch accuracy. - Users can rate AI-generated content, creating a feedback loop for quality monitoring and improvement.

Between the lines: - The relaunch signals a push to make vulnerability intelligence more machine-readable at a time when security teams are trying to use AI without losing review control. - Phoenix Blue is built around a validation layer, which suggests the company is trying to address a common concern with AI-generated security analysis: speed without accuracy. - The platform also broadens the security lens beyond CVEs to include package ecosystems, malicious packages, vendor posture, and time-to-exploit patterns. - That mix could make Phoenix Blue more useful for supply-chain risk management, not just vulnerability tracking.

What's next: - Phoenix Security is previewing zero-day monitoring that watches repositories for security-relevant commits before a CVE exists. - Users can monitor projects such as the Linux kernel, Apache httpd, and OpenSSL, with support for live pull requests, commit monitoring, historical analysis, full repository traversal, and analyst verification workflows. - The zero-day preview includes feedback controls for true positives and false positives, budget controls for LLM use, and user-selected LLM provider options. - Phoenix Blue is also being extended to broader ecosystem coverage, including package managers, VSX extensions, skills, plugins, and other software distribution mechanisms. - The platform is expected to keep expanding its scoring, classification, and malicious package detection capabilities across major open source ecosystems.

The bottom line: - Phoenix Security is turning vulnerability intel into a broader AI-ready risk platform that combines CVEs, supply-chain signals, and zero-day monitoring in one place.