EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Feed API

Signals via API

Feed API access for integrations is available under Business plans. Public endpoints show a limited or redacted payload; Pro is for individual app access.

Public sample from today's flagship detail endpoint. Public payloads can be limited or redacted. The backend exposes read endpoints for signals, storylines, and briefings.

Contact for Business API accessSignalsStorylines
Public flagship sample

GET /v1/narratives/ab79b769-cedd-4e67-85c4-5d003426ba32?tenant=cybersecurity&run_id=b2848f6d-bcb8-4d35-8aa3-a7a453fef8e8

{
  "id": "ab79b769-cedd-4e67-85c4-5d003426ba32",
  "title": "Exploitation of Critical NGINX Vulnerability Begins",
  "summary": "The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek .",
  "first_seen_at": "2026-05-18T07:27:42Z",
  "last_seen_at": "2026-05-18T20:17:57Z",
  "created_at": "2026-05-18T17:10:30.482962Z",
  "updated_at": "2026-05-19T05:14:26.584687Z",
  "timeframe": "24h",
  "run_id": "b2848f6d-bcb8-4d35-8aa3-a7a453fef8e8",
  "metrics": {
    "divergence": 0.7312,
    "post_count": 4,
    "momentum_1h": 0,
    "momentum_7d": 4,
    "score_total": 1.305201,
    "shill_score": 22.5,
    "momentum_24h": 4,
    "market_movers": [],
    "evidence_score": 1,
    "unique_authors": 2,
    "coherence_score": 0.6867,
    "diversity_bonus": 0.2,
    "duplicate_ratio": 0,
    "platforms_count": 1,
    "social_momentum": 4,
    "divergence_label": "chatter_without_pricing",
    "market_conviction": 0,
    "origin_share_top1": 0.25,
    "unique_publishers": 4,
    "origin_layer_posts": 0,
    "source_types_count": 1,
    "unique_authors_24h": 2,
    "unique_origin_urls": 4,
    "amplifier_share_top1": 0.25,
    "author_concentration": 0.75,
    "publisher_share_top1": 0.25,
    "amplifier_layer_posts": 4,
    "concentration_penalty": 0,
    "unique_origin_domains": 4,
    "source_diversity_bonus": 0,
    "unique_publisher_types": 1,
    "unique_origin_publishers": 4
  },
  "platforms": [
    "rss"
  ],
  "top_tickers": [],
  "why_now": [],
  "display_title": "Critical vulnerabilities in NGINX enable remote code execution and denial-of-service attacks",
  "display_summary": "Multiple vulnerabilities have been identified in NGINX's ngx_http_rewrite_module affecting both NGINX Plus and the open-source edition.",
  "narrative_frame_display": null,
  "entities": {
    "companies": [
      "NGINX"
    ]
  },
  "recurring_claims": [
    {
      "claim": "Multiple vulnerabilities in NGINX could allow remote code execution and denial-of-service.",
      "evidence_urls": [
        "https://cisecurity.org/advisory/multiple-vulnerabilities-in-nginx-could-allow-for-remote-code-execution_2026-051",
        "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0164"
      ]
    },
    {
      "claim": "Exploitation of the critical NGINX vulnerability has begun in the wild.",
      "evidence_urls": [
        "https://securityweek.com/exploitation-of-critical-nginx-vulnerability-begins"
      ]
    },
    {
      "claim": "Disabling ASLR increases the risk of remote code execution from these vulnerabilities.",
      "evidence_urls": [
        "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0164"
      ]
    }
  ],
  "stance_map": [
    {
      "stance": "neutral",
      "who": "CERT.BE",
      "evidence_urls": [
        "https://ccb.belgium.be/advisories/warning-multiple-vulnerabilities-nginx-leading-remote-code-execution-and-allowing-rate"
      ]
    }
  ],
  "quality_flags": {
    "mixed_topic_risk": "low",
    "promo_risk": "low",
    "source_quality": "high"
  },
  "editor_note": "This briefing highlights urgent NGINX vulnerabilities with active exploitation, emphasizing the importance of immediate patching and awareness of ASLR status.",
  "display_tags": [
    "cve",
    "exploits",
    "security_advisories",
    "incident_response"
  ],
  "tags": [
    "cve",
    "exploits",
    "security_advisories",
    "incident_response"
  ],
  "cscope_tags": [
    "cve",
    "exploits",
    "security_advisories",
    "incident_response"
  ],
  "why_now_display": [
    "Exploitation of these vulnerabilities has already started in the wild.",
    "Patches have been released and should be applied immediately.",
    "Some systems may be more vulnerable due to disabled ASLR, especially lightweight distributions."
  ],
  "why_it_matters_display": [
    "NGINX is widely used for web serving and proxying, so vulnerabilities impact many systems.",
    "Remote code execution can lead to full system compromise if exploited.",
    "Early exploitation attempts highlight the urgency of patching."
  ],
  "show_why": true,
  "sources_display": [
    {
      "label": "cisecurity.org: CIS Security Advisories"
    },
    {
      "label": "advisories.ncsc.nl: NCSC NL Security Advisories"
    },
    {
      "label": "securityweek.com: SecurityWeek"
    },
    {
      "label": "ccb.belgium.be: CERT.BE Advisories"
    }
  ],
  "trend_status": "flat",
  "trend_sparkline": "▁█",
  "trend_points_n": 0,
  "trend_window": {
    "lookback_days": 14,
    "max_points": 36,
    "value_key": null
  },
  "llm_status": "accepted",
  "llm_meta": {
    "model": "gpt-4.1-mini-2025-04-14",
    "prompt_version": "enrich_v3",
    "input_hash": "18dce53f06c5c6c2c5216f9cca00ce025c15469f7e8d076ccaca5102f73b4d9a",
    "updated_at": "2026-05-19T05:16:42.012103+00:00",
    "llm_metadata": {
      "env": "prod",
      "host": "b3f741394dce",
      "stage": "signals.enrich",
      "run_id": "b2848f6d-bcb8-4d35-8aa3-a7a453fef8e8",
      "tenant": "cybersecurity",
      "service": "api",
      "pipeline": "pipeline_run",
      "correlation_id": "ab79b769-cedd-4e67-85c4-5d003426ba32"
    }
  },
  "story_id": "6db97371-e36f-4025-b211-f1889dab91f4",
  "public_surface": {
    "eligible_for_flagship_sample": true,
    "eligible_for_top_public_brief": true,
    "eligible_for_public_index": false,
    "eligible_only_for_lower_or_internal_surfaces": false,
    "public_rank_score": 11,
    "structural_priority": true,
    "mostly_social": false,
    "community_chatter": false,
    "reader_label": null,
    "excluded_reasons": [],
    "source_signals": {
      "post_count": 4,
      "unique_origins": 4,
      "source_types_count": 1,
      "independent_non_social_count": 4,
      "social_source_count": 0,
      "non_social_source_count": 0,
      "why_now_count": 3,
      "why_it_matters_count": 3
    }
  },
  "current_cycle_open": false
}
Capabilities
  • Signals and storylines feed endpoints with filtering and rate limits
  • Briefing delivery endpoints for integrations
  • Evidence link payloads for auditability
Integrate in your workflow
  • Route top stories into Slack or Teams for morning and evening desk updates.
  • Sync storyline evidence into Notion, Airtable, or internal research trackers.
  • Feed metrics into BI dashboards for momentum, concentration, and source mix monitoring.

Quick start endpoints: /v1/feed/stories, /v1/signals, /v1/storylines/search, /v1/briefings/latest.

For product access, see Pricing.