PatchProof

PatchProof is a web app (with lightweight endpoint agents) that verifies vulnerability remediation by measuring real outcomes, not ticket status. It ingests findings from common scanners (Tenable, Qualys, Rapid7) and correlates them with endpoint telemetry to confirm whether a CVE is actually no longer exploitable on a host. The AI layer auto-triages noisy findings, groups duplicates, and drafts remediation notes with evidence (before/after signals, package versions, config diffs). It also flags “false closure” cases where a patch was pushed but the vulnerable component remains (stale services, shadow IT, container images, rollback). Reporting is built for auditors and executives: clear proof, timelines, and exceptions with owner accountability. This is not a full VM platform; it’s a verification and evidence layer that sits on top of what companies already use, aimed at reducing re-opened vulns and audit pain.