---
title: "OSS vulnerability graphs — niche opportunity inside Cybersecurity"
url: https://signals.gitdealflow.com/niche-down/cybersecurity/oss-vulnerability-graphs
description: "The dependency graph for open source vulnerabilities, indexed for AI agents and humans."
source: VC Deal Flow Signal
---
# OSS vulnerability graphs

> The dependency graph for open source vulnerabilities, indexed for AI agents and humans.

**Sector**: [Cybersecurity](https://signals.gitdealflow.com/niche-down/cybersecurity)  
**Build cost**: One-quarter build  
**Deal velocity**: Trickle — one deal per quarter

## Why now

Agents need machine-readable security context. The graph layer is unbuilt or buried inside paid products.

## What the signal looks like

Repos with CVE / OSV ingestion, dependency-graph build pipelines, and MCP / API surfaces.

## Public examples

*Public projects + categories only — we never name founders tracked inside the paid product.*

- GUAC / OSV graph projects
- Snyk Knowledge Base
- OWASP-style open repos

## What this displaces

A CVE database + npm audit + grep.

## Our build-vs-invest call

Open data is the wedge; commercialization is the platform on top. Fund only with prior security infra background.

## Frequently asked

### Who pays?

Security platforms paying for higher-fidelity data.

### Moat?

Data freshness + graph completeness + API ergonomics.

### Build or fund?

Build only with prior security data background; fund teams with named security backgrounds.

## Canonical

https://signals.gitdealflow.com/niche-down/cybersecurity/oss-vulnerability-graphs