Real-Time Intelligence Platform · 10 Domains · EU-Hosted · MCP-Native

Ten Domains.
One Platform.
Every Agent.

BrunoSan Intelligence indexes        articles, tracks     active CVEs with Signal DNA, and monitors     crypto assets in real time — UUID-native, EU-hosted, GDPR-compliant, updated daily.

Connect All Ten → View Live Dashboard
LIVE SIGNALS
Loading signals…
        Articles Indexed
     CVEs Tracked
    Coins Monitored
    Active Feeds
Intelligence Domains

Ten intelligence domains.
One unified platform.

Each domain delivers a distinct intelligence layer. Connect one, several, or all ten — your agent decides what to query.

For Developers · MCP Integration

One array.
Ten intelligence streams.

Add all ten domains to your agent with a single config block. Works with Claude (Anthropic API), LangChain, AutoGPT, and any MCP-compatible framework.

anthropic api · mcp_servers 
{
  "mcp_servers": [
    {
      "type": "url",
      "url": "https://cyber.mcp.brunosan.de/mcp",
      "name": "brunosan-cyber"
    },
    {
      "type": "url",
      "url": "https://crypto.mcp.brunosan.de/mcp",
      "name": "brunosan-crypto"
    },
    {
      "type": "url",
      "url": "https://mcp.brunosan.de/mcp",
      "name": "brunosan-ai-news"
    }
  ]
}
  • 🛡 Ask about CVE-2026-1731: get exploit_risk score, Signal DNA provenance chain, AND all AI news articles that mentioned it — in one query.
  • Crypto exploit detected: cross-check with Cyber KEV catalog and AI news burst_score to determine whether the signal is genuine or manufactured.
  • 🤖 Executive briefing: combine Cyber vendor risk + Crypto market signals + AI News decision_maker_priority_score into a single daily intelligence digest.
Signal DNA · Provenance Intelligence

What happens when you
connect all ten?

BrunoSan doesn't just track what happened. It tracks who said it first, how fast it spread, and whether the signal looks real.

18:19:31 UTC
CYBER CVE-2023-22518 · Schneider Electric · exploit_risk=0.96
First source: cisa.gov · Signal DNA: first_fetched_at recorded
+6 minutes
CYBER 10 domains covering · spread_minutes=6 · manipulation_flag=false
cert.at · bleepingcomputer.com · nvd.nist.gov · recordedfuture.com confirmed
Parallel
CRYPTO USDC Exploit · novelty_score=1.0 · first seen in Crypto feed
cointelegraph.com first reporter · 47 min before crypto-specific feeds
Same day
AI NEWS "AI-led vibe coding amplifying security fears" · burst_score=49
Cross-domain pattern: ICS exploit + crypto bridge + AI security cluster

"BrunoSan sees the cross-domain pattern before any single-domain tool could. Your agent would have known first."

Documentation

Frequently asked questions

Everything your agent — or you — needs to know before connecting to the platform.

BrunoSan Intelligence is a real-time intelligence platform with ten domains: AI News (53,000+ articles), Cyber Threat Intelligence (264+ CVEs with CVSS/EPSS/KEV scoring), and Crypto Market Intelligence (1,700+ events, 151 coins). Every data point is stored as a UUID-stable object with a full provenance chain — making intelligence deterministic, auditable, and reproducible. EU-hosted. GDPR-compliant. MCP-native.
Use the mcp_servers array shown above. All ten domains work with the Anthropic Claude API, LangChain, AutoGPT, and any MCP-compatible framework. Free tier: 30 calls/min per domain. No API key required for the free tier.
Signal DNA is BrunoSan's provenance tracking system. For every intelligence cluster, it records: the first source domain, exact timestamp of first detection, spread time in minutes, number of unique covering domains, and a manipulation flag (single-source burst = suspicious). This tells your agent not just what happened — but who said it first, how fast it spread, and whether the signal looks organic or manufactured.
Each domain has its own deterministic score formula. Cyber: exploit_risk = f(CVSS × EPSS × KEV_multiplier). Crypto: final_score = burst_score×0.35 + novelty_score×35 + sources×4 + event_bonus. AI News: decision_maker_priority_score combines AI relevance, business relevance, Mittelstand relevance, hard number count, and compliance signals. All scores are open, reproducible, and UUID-stable — queryable months later.
All ten domains run daily cron pipelines. Cyber: updated every 24h from NVD, CISA KEV, and 30+ security feeds. Crypto: daily from 98 feeds covering 151 coins. AI News: continuous ingestion from 270+ validated feeds. The Pipeline Status section on this page shows the exact last-update timestamp for each domain in real time.
UUID-native means every object — every CVE cluster, crypto event, AI story — has a deterministic UUID v5 ID computed from its content. The same URL always produces the same article ID. This makes intelligence auditable and queryable over time. After 90 days of UUID-stable accumulation, cross-asset correlations and predictive patterns emerge that are impossible to buy — they can only be grown.
CVSS (Common Vulnerability Scoring System): theoretical severity, 0–10 scale.
EPSS (Exploit Prediction Scoring System): probability of exploitation in 30 days.
KEV (CISA Known Exploited Vulnerabilities): confirmed active exploitation right now.

A CVE can be CVSS=9.5 (severe) but EPSS=0.01 (unlikely exploited). Or CVSS=6.0 (moderate) but KEV=true (being attacked today). BrunoSan combines all three into a single exploit_risk score that reflects real-world threat probability, not just theoretical severity.
Cyber: CVE cluster search · KEV alert listing · Vendor risk ranking · Signal DNA lookup · EPSS velocity tracking · Threat feed status.

Crypto: Cluster search by event type · Coin registry · Feed quality scoring · Signal Velocity · Source Intelligence · Cross-asset correlation (coming).

AI News: Article search · Cluster analysis · Entity lookup (772+ tracked orgs) · Editorial candidates · Source registry · Trend analysis with Mittelstand scoring.
Yes. BrunoSan Intelligence is hosted in Germany (Netcup, EU jurisdiction). No personal data is collected from API consumers. All intelligence is derived from publicly available sources: CVE databases, public news feeds, and market data. Data sovereignty is a core design principle — each client deployment is isolated.
Live Pipeline Status
Access Tiers

Start free.
Scale when ready.

Free Trial
Free · 24h access

Experience the full intelligence stack. No commitment required.

  • All intelligence tools per domain
  • 10 MCP calls / min
  • 24h data window
  • API key on request
  • MCP-compatible out of the box
Request Trial →
Single Vertical
€49 / month

Full access to one intelligence domain of your choice.

  • All tools for chosen vertical
  • 30 MCP calls / min
  • 90-day history queries
  • Webhook alerts
  • Signal DNA deep analysis
  • Source Intelligence scoring
  • Priority support
Get Access →
Full MCP Access
€150 / month

All ten intelligence domains. One platform.

  • All 10 intelligence domains
  • Unlimited MCP calls
  • 90-day history — all domains
  • All webhook alerts
  • Cross-domain intelligence
  • Source Intelligence all verticals
  • Priority support
Get All Ten →

Need white-label, on-premise, or custom? Contact us for Enterprise →