Conventional Attack Surface
Continuous, non-destructive validation of what a commodity adversary could actually exploit on an asset.
Conventional Attack Surface is the capability that answers a blunt question about each asset: what could a run-of-the-mill attacker, armed only with generally-available tooling, actually exploit here right now. It runs continuously, it validates rather than assumes, and it is the deeper layer that turns on when an asset moves to Monitor Plus.
The point is to separate real exposure from noise. A long list of theoretical weaknesses is not the same as a short list of things a commodity adversary can turn into access. Aether AI validates the difference, so a security leader sees a defensible commodity baseline for the surface, a risk owner sees which assets are actually reachable, and an engineer gets a specific, evidenced item to fix.
Where it sits
Conventional Attack Surface is the Monitor Plus tier of attack surface monitoring. It sits on top of the passive Monitor work (Port Analysis and Technology Detection), and it uses those signals as inputs. Passive enrichment tells Aether AI what is open and what is running. Conventional Attack Surface then goes a step further and checks whether any of it is exploitable by a commodity attacker.
Because the deeper work meters cost per asset, it only runs on assets promoted to Monitor Plus. Downgrading an asset back to Monitor stops the Conventional Attack Surface validation for it.
For risk owners
Promotion to Monitor Plus is the deliberate choice to pay for exploitability validation on an asset that matters. Downgrading is the equally deliberate choice to stop that work. The tier is the control, and cost follows the tier.
It checks, it does not exploit
Conventional Attack Surface validates using generally-available tooling (nuclei), the same class of tooling a commodity adversary would reach for. It is non-destructive by design. It checks for the presence of an exploitable condition, it does not exploit it. That means no brute force, no state change, and no data exfiltration.
This boundary is deliberate. The value is an honest, safe read of what is exposed, produced continuously against production assets without putting them at risk. Actually chaining weaknesses, working through authentication, and finding novel or business-logic flaws is the job of the frontier engine, the Autonomous AI Pentest, which runs against explicitly authorised scope. Conventional Attack Surface is the commodity baseline, not the ceiling.
Two bands of findings
Findings split into two bands so the reader can tell "an attacker can use this today" apart from "an attacker's job is easier because of this":
- Directly exploitable: conditions a commodity adversary could turn into access or impact with generally-available tooling.
- Weaknesses that ease an attack: conditions that do not hand over access on their own but lower the bar for someone who is trying.
The Conventional Attack Surface verdict card leads with the directly-exploitable count, because that is the number that decides whether an asset needs attention now. The second band gives context without drowning out the signal.
Continuous re-validation and auto-resolve
Conventional Attack Surface is not a one-shot scan. It re-validates continuously. When re-validation no longer observes a finding, Aether AI auto-resolves it. A fix that removes the exploitable condition closes the finding without anyone having to chase it, and the asset's risk drops back accordingly. If the condition returns, the finding reopens.
That keeps the picture current on its own. The surface reflects what is exploitable today, not what was exploitable the last time someone looked.
What you see
Conventional Attack Surface findings flow into the shared Risk Inbox alongside everything else, labelled with the source "Plugin (Conventional Attack Surface)", so they can be filtered by severity, source, and update time next to ASM and pentest findings. Each finding points at the source with evidence and a fix, and confirmed live findings feed the asset's 0 to 100 risk score on the same source-agnostic basis as any other finding.
Related
Autonomous AI Pentest
The frontier engine that chains weaknesses, defeats authentication, and finds novel and business-logic flaws.
Monitoring
Passive Monitor-tier enrichment: Port Analysis and Technology Detection, and how tiers meter cost.
Risk Inbox
One queue of findings across ASM and pentest, with severity, source, and update filters.
Risk scoring
The 0 to 100 asset risk score computed over confirmed, live findings.
Shared intelligence, both sides
How Aether AI feeds the same threat intelligence into defence and offence, so validation reflects what an attacker already holds.
The autonomous AI pentest
The frontier engine, where autonomous offensive agents chain weaknesses, work through authentication, and find novel and business-logic flaws that commodity tooling cannot.