International Journal of Computational and Electronics Aspects in Engineering
Volume 7 · Issue 1 · February 2026 · pp. 27-44
Review Article · Peer Reviewed
Received: December 04, 2025 · Accepted: January 18, 2025 · Published: 04 February 2026
DOI: 10.26706/ijceae.7.1.20260103
Open Access · CC BY 4.0

A Comprehensive Review of Predictive Vulnerability Prioritization Using AI

Marwa Q. Mohammed1*, Zahraa A. Jaaz2
1,2Computer Department, College of Science, Al Nahrain University, Jadriya, Baghdad 10072, Iraq

*Corresponding author: marwa.q.mohammed.sci24@ced.nahrainuniv.edu.iq
Download PDF Cite this article Certificate Volume 7 Issue 1

Abstract

This article provides a comprehensive review of artificial intelligence–based techniques for predictive vulnerability prioritization, addressing the limitations of traditional static scoring mechanisms such as CVSS in reflecting real-world exploitation likelihood and operational impact. The review systematically surveys advances in exploit prediction, severity modeling, impact assessment, contextual scoring, and vulnerability classification. The literature is organized into a coherent taxonomy encompassing machine learning, deep learning, natural language processing, graph-based approaches, and human–AI hybrid systems. Key methodological challenges—including data quality, temporal drift, cross-domain generalization, and incomplete multi-source integration—are identified as major barriers to predictive accuracy. Despite notable progress, existing solutions remain fragmented and task-specific, highlighting the need for adaptive, integrated AI platforms capable of incorporating behavioral, contextual, and semantic signals for effective vulnerability risk prioritization.

Keywords

Vulnerability Prioritization Exploit Prediction Severity Modeling CVSS EPSS Machine Learning Deep Learning NLP Cybersecurity Risk Assessment

References

References

  1. T. H. M. Le, H. Chen, and M. A. Babar, “A survey on data-driven software vulnerability assessment and prioritization,” ACM Computing Surveys, vol. 55, no. 5, pp. 1–39, May 2023, doi: 10.1145/3529757.
  2. S. Bin Hulayyil, S. Li, and L. Xu, “Machine-learning-based vulnerability detection and classification in Internet of Things device security,” Electronics, vol. 12, no. 18, Sep. 2023, doi: 10.3390/electronics12183927.
  3. S. Yang and B. K. Koo, “Coronary physiology-based approaches for plaque vulnerability: Implications for risk prediction and treatment strategies,” Korean Circulation Journal, Sep. 2023, doi: 10.4070/kcj.2023.0117.
  4. F. Al Debeyan, T. Hall, and L. Madeyski, “Emerging results in using explainable AI to improve software vulnerability prediction,” in Proc. ACM SIGSOFT Symp. Foundations of Software Engineering, ACM, Jul. 2025, pp. 561–565, doi: 10.1145/3696630.3728499.
  5. M. Esposito and D. Falessi, “VALIDATE: A deep dive into vulnerability prediction datasets,” Information and Software Technology, Jun. 2024, doi: 10.1016/j.infsof.2024.107448.
  6. V. A. Mehri, P. Arlos, and E. Casalicchio, “Automated context-aware vulnerability risk management for patch prioritization,” Electronics, vol. 11, no. 21, Nov. 2022, doi: 10.3390/electronics11213580.
  7. J. Reyes, W. Fuertes, P. Arévalo, and M. Macas, “An environment-specific prioritization model for information-security vulnerabilities based on risk factor analysis,” Electronics, vol. 11, no. 9, May 2022, doi: 10.3390/electronics11091334.
  8. A. Brezavšček and A. Baggia, “Recent trends in information and cyber security maturity assessment: A systematic literature review,” Systems, Jan. 2025, doi: 10.3390/systems13010052.
  9. A. Abdenour, M. Sinan, and B. Lekhlif, “Toward sustainable wetland management: A literature review of global wetland vulnerability assessment techniques,” Sustainability, Sep. 2025, doi: 10.3390/su17177962.
  10. M. A. Aygül, H. A. Çırpan, and H. Arslan, “Machine learning-based spectrum occupancy prediction: A comprehensive survey,” Frontiers in Communications and Networks, 2025, doi: 10.3389/frcmn.2025.1482698.
  11. R. Croft, Y. Xie, and M. A. Babar, “Data preparation for software vulnerability prediction: A systematic literature review,” IEEE Transactions on Software Engineering, vol. 49, no. 3, pp. 1044–1063, Mar. 2023, doi: 10.1109/TSE.2022.3171202.
  12. A. A. Bouramdane, “Cyberattacks in smart grids: Challenges and multi-criteria decision-making for cybersecurity options using AHP,” Journal of Cybersecurity and Privacy, vol. 3, no. 4, pp. 662–705, Dec. 2023, doi: 10.3390/jcp3040031.
  13. Z. Zeng, Z. Yang, D. Huang, and C.-J. Chung, “LICALITY: Likelihood and criticality vulnerability risk prioritization through logical reasoning and deep learning,” IEEE Transactions on Network and Service Management, doi: 10.1109/TNSM.2022.3133811.
  14. F. Hujainah et al., “SRPTackle: A semi-automated requirements prioritisation technique,” Information and Software Technology, vol. 131, Mar. 2021, doi: 10.1016/j.infsof.2020.106501.
  15. A. M. Adebowale and O. B. Akinnagbe, “Leveraging AI-driven data integration for predictive risk assessment in decentralized financial markets,” International Journal of Engineering Technology Research & Management, vol. 12, 2021.
  16. Z. Liu et al., “Artificial intelligence for flood risk management: A comprehensive state-of-the-art review and future directions.”
  17. S. Weber, “Machine learning-specific vulnerability management in artificial intelligence supply chains.”
  18. J. Jacobs et al., “Enhancing vulnerability prioritization: Data-driven exploit predictions with community-driven insights,” Jun. 2023. [Online]. Available: http://arxiv.org/abs/2302.14172
  19. R. Croft, Y. Xie, and M. A. Babar, “Data preparation for software vulnerability prediction,” Apr. 2022. [Online]. Available: http://arxiv.org/abs/2109.05740
  20. Mst. S. Sultana, “Predictive neural network models for cyberattack pattern recognition,” Review of Applied Science and Technology, vol. 4, no. 2, pp. 777–819, Jun. 2025, doi: 10.63125/qp0de852.
  21. R. Anwar and M. B. Bashir, “A systematic literature review of AI-based software requirements prioritization techniques,” IEEE Access, vol. 11, pp. 143815–143860, 2023, doi: 10.1109/ACCESS.2023.3343252.
  22. M. Soud, G. Liebel, and M. Hamdaqa, “PrAIoritize: Automated early prediction and prioritization of vulnerabilities in smart contracts,” May 2024. [Online]. Available: http://arxiv.org/abs/2308.11082
  23. B. Zapico-Blanco et al., “Enhanced macroseismic method for vulnerability assessment,” Bulletin of Earthquake Engineering, Oct. 2025, doi: 10.1007/s10518-025-02242-6.
  24. S. Wan et al., “Bridging the gap: A study of AI-based vulnerability management,” May 2024. [Online]. Available: http://arxiv.org/abs/2405.02435
  25. W. Strielkowski et al., “Prospects and challenges of machine learning methods for predictive analysis of power systems,” Energies, May 2023, doi: 10.3390/en16104025.
  26. “Cybersecurity risk assessment frameworks for engineering databases,” Strategic Data Management and Innovation, vol. 2, no. 1, Jan. 2025, doi: 10.71292/sdmi.v2i01.22.
  27. A. Gupta and C. Gupta, “CDBR: A semi-automated collaborative requirement prioritization approach,” Journal of King Saud University – Computer and Information Sciences, vol. 34, no. 2, pp. 421–432, Feb. 2022, doi: 10.1016/j.jksuci.2018.10.004.
  28. G. Ortiz, C. Rehtanz, and G. Colomé, “Monitoring power system dynamics under incomplete PMU observability,” IET Generation, Transmission & Distribution, vol. 15, no. 9, pp. 1435–1450, May 2021, doi: 10.1049/gtd2.12111.
  29. M. Walkowski, J. Oko, and S. Sujecki, “Vulnerability management models using CVSS,” Applied Sciences, vol. 11, no. 18, Sep. 2021, doi: 10.3390/app11188735.
  30. H. I. Kure et al., “Asset criticality and risk prediction for cybersecurity risk management,” Neural Computing and Applications, vol. 34, no. 1, pp. 493–514, Jan. 2022, doi: 10.1007/s00521-021-06400-0.
  31. E. Jamshidi et al., “Symptom prediction and mortality risk calculation for COVID-19,” Frontiers in Artificial Intelligence, vol. 4, Jun. 2021, doi: 10.3389/frai.2021.673527.
  32. Z. Fu and C. Tantithamthavorn, “LineVul: A transformer-based line-level vulnerability prediction,” in Proc. MSR ’22, ACM, 2022, doi: 10.1145/3524842.
  33. S. A. Oladosu et al., “Next-generation network security: A unified AI-powered architecture,” International Journal of Science and Technology Research Archive, vol. 3, no. 2, pp. 270–280, Dec. 2022, doi: 10.53771/ijstra.2022.3.2.0143.
  34. A. O. Adewusi et al., “The role of AI in enhancing cybersecurity for smart farms,” World Journal of Advanced Research and Reviews, vol. 15, no. 3, pp. 501–512, Sep. 2022, doi: 10.30574/wjarr.2022.15.3.0889.
  35. C. I. Kithulgoda et al., “Predictive risk modeling to identify homeless clients,” Journal of Technology in Human Services, vol. 40, no. 2, pp. 134–156, 2022, doi: 10.1080/15228835.2022.2042461.
  36. B. Rao et al., Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM, 2010.
  37. C. Sabottke et al., “Vulnerability disclosure in the age of social media,” 2015. [Online]. Available: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/sabottke
  38. J. Jacobs et al., “Exploit prediction scoring system (EPSS),” Digital Threats: Research and Practice, vol. 2, no. 3, Jun. 2021, doi: 10.1145/3436242.
  39. Y. Dong et al., “Detection of inconsistencies in public security vulnerability reports.” [Online]. Available: https://github.com/pinkymm/inconsistency_detection
  40. Abisoye and J. I. Akerele, “A high-impact data-driven decision-making model for cybersecurity policy,” International Journal of Multidisciplinary Research and Growth Evaluation, vol. 2, no. 1, pp. 702–716, 2021, doi: 10.54660/.ijmrge.2021.2.1.702-716.
  41. L. Romeo and E. Frontoni, “A unified hierarchical XGBoost model for classifying priorities,” Pattern Recognition, vol. 121, Jan. 2022, doi: 10.1016/j.patcog.2021.108197.
  42. A. Ali et al., “Role of requirement prioritization techniques,” IEEE Access, vol. 8, pp. 27549–27573, 2020, doi: 10.1109/ACCESS.2020.2971382.
  43. A. Bagheri and P. Hegedűs, “Application of advanced AI methods for precise vulnerability detection.”
  44. K. Bennouk et al., “Dynamic data updates and weight optimization,” IEEE Access, vol. 13, pp. 65266–65284, 2025, doi: 10.1109/ACCESS.2025.3558990.
  45. M. I. Khan, “Managing threats in cloud computing,” International Journal of Advanced Research in Computer Science, vol. 16, no. 5, pp. 37–43, Oct. 2025, doi: 10.26483/ijarcs.v15i5.7347.
  46. J. Dąbrowski et al., “Analysing app reviews for software engineering,” Empirical Software Engineering, vol. 27, no. 2, Mar. 2022, doi: 10.1007/s10664-021-10065-7.