video1.0<iframe src="https://www.loom.com/embed/7ec52e8c0bf84b7b97f6e916042b6e25" frameborder="0" width="1316" height="987" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>9871316Loomhttps://www.loom.com9871316https://cdn.loom.com/sessions/thumbnails/7ec52e8c0bf84b7b97f6e916042b6e25-59a515d21596de14.gif476.216This Loom reviews 55 Dependabot security alerts using a risk scoring rubric that accounts for exploitability and reachability, including KEV and EPSS data and whether issues are actually reachable in the codebase. The scorer found all 55 alerts score as defer, with none marked as currently exploited and none reaching the Recommended Top 1 percent Threat Threshold for Exploitability. Although the rubric flagged a CVSS 10 issue in FastMCP, the team does not use that code and instead uses an AWS MCP proxy that supports an open API. The Loom concludes that there are clear recommendations to avoid emergency tickets and handle dependency updates on the normal security update cadence, noting the same pattern in other repos like K9 Frontend and K9 Backend.