This work addresses the challenges of vulnerability alert overload, fragmented toolchains, and inefficient manual triage caused by the growing complexity of software systems by proposing a multi-agent framework for vulnerability management. The framework employs a decomposed agent architecture that tightly integrates large language models with security tools, incorporating a rule engine, a BERT-based CVSS prediction module, and specialized LLM agents to synthesize data from multiple vulnerability databases while supporting human-in-the-loop governance. Experimental results demonstrate that the approach reduces raw scan findings by 98%—for instance, from 3,983 to 82 high-priority items—and achieves 89.3% accuracy in predicting CVSS attributes, substantially improving the efficiency of vulnerability prioritization and significantly alleviating the burden on security analysts.

As software systems grow in scale and complexity, vulnerability management is increasingly strained by high alert volumes, fragmented toolchains, and manual triage processes. We introduce AgenticVM, a multi-agent framework that integrates large language models with security tools to automate vulnerability detection, assessment, prioritization, and reporting. AgenticVM combines rule-based processing, a BERT-based CVSS prediction module, and specialised LLM-driven agents, leveraging data from sources such as the National Vulnerability Database and the European Union Vulnerability Database. Across multiple evaluation scenarios, AgenticVM reduces raw scanner outputs into compact, actionable queues, achieving up to 98% alert reduction (e.g., from 3,983 findings to 82 high-priority items), while predicting missing CVSS attributes with 89.3% accuracy. These results demonstrate improved prioritisation efficiency and reduced analyst workload without compromising risk visibility. Beyond performance, the framework provides practical design insights into agent decomposition, tool-LLM integration, and human-in-the-loop governance for real-world deployment.