Cybellum Vulnerability Management Services is a managed service designed for device manufacturers to detect, triage, and manage product vulnerabilities. The service combines automation, AI, and human expert oversight through a "Human-in-the-loop" framework. The service operates through three stages: 1. Detection and initial triaging – vulnerabilities are identified by matching SBOM and asset data against risk data from multiple threat feeds 2. Context-based analysis – each vulnerability is assessed for relevance based on OS, network configuration, CPU architecture, and other parameters using contextual AI 3. Report creation – vulnerability assessments are stored and structured into reports covering vulnerability status, remediation efforts, and security posture The service is structured around three components: an automation engine for detection and analysis at scale, an AI model trained on the customer's specific products and policies, and Cybellum security professionals who oversee the process and make final decisions. Two service tiers are available — Silver and Gold. Silver includes auto-generated vulnerability detection, configurable triaging, accuracy verification, and detailed assessments of critical vulnerabilities. Gold adds assessments of medium-severity vulnerabilities, additional validation of auto-filtered vulnerabilities, SBOM results from CPE validation, and system impact validation. Primary use cases include compliance documentation for regulations such as automotive (WP.29 R155, ISO 21434), medical device (FDA Premarket Guidance), and critical infrastructure (EU CRA, IEC 62443), as well as vulnerability assessments for manufacturers lacking internal security expertise.