Threat Radar
Continuous intelligence plugins correlated to a customer's attack surface, each producing a verdict card that both alerts defence and enriches the offensive side.
Threat Radar is a set of continuous intelligence plugins that watch external threat sources and correlate what they find against a customer's own attack surface. Each plugin produces a verdict card, a plain reading of whether the organisation is exposed to that specific class of threat and what the exposure looks like right now.
The premise is simple. Attackers rarely start from scratch. They succeed by reusing and sharing information that already exists: leaked credentials, breach dumps, infostealer logs, and vulnerabilities that are already being exploited in the wild. Threat Radar treats that same shared intelligence as a first-class input, so validation reflects what an attacker already holds, not only the technical weaknesses on the box.
Why it matters
A weakness that no attacker knows about behaves very differently from a weakness that is already circulating with a working exploit, or a credential that is already sitting in a stealer log. Threat Radar closes that gap. It brings the attacker's own resources into view and lines them up against the assets Aether AI has discovered, so a risk owner can see not just what is technically possible but what is realistically in play.
Because the intelligence is correlated to the surface rather than delivered as a raw feed, the output stays specific to the organisation. A verdict card speaks to the customer's domains, identities, and technologies, not to the threat landscape in the abstract.
How it works
Each plugin monitors a particular source, matches it against the discovered attack surface, and renders a verdict card. When a plugin has something to report, it raises findings that land in the Risk Inbox alongside everything else, labelled by source (for example "Plugin (Infostealer)"), so intelligence-driven exposure sits in the same queue as ASM and pentest findings.
For risk owners
A verdict card is designed to be readable without triage. It states whether the organisation is exposed to that class of threat and points at the affected assets, so the question "is the organisation exposed to this" has a direct answer rather than a feed to sift through.
The plugins
- Infostealer Monitor correlates compromised credentials from infostealer and stealer-log feeds against the surface, surfacing credentials that are already exposed.
- CISA KEV Watch tracks known-exploited vulnerabilities (the CISA Known Exploited Vulnerabilities catalogue) and flags where the surface intersects vulnerabilities that adversaries are actively exploiting.
- Breach, ransomware, dark-web and supply-chain monitors apply the same pattern to breach data, ransomware activity, dark-web mentions, and supply-chain exposure. These extend the Threat Radar family as Aether AI builds it out, rather than describing a fixed, complete catalogue.
Continuous plugins run continuously against their sources. They do not advertise a fixed run frequency in the interface, because the value is in the standing verdict rather than in a schedule.
Two-way intelligence
Threat Radar feeds work in both directions. On the defensive side, a plugin surfaces exposure as findings and alerts, so the organisation learns about a leaked credential or an actively exploited vulnerability as soon as the correlation is made. On the offensive side, the same intelligence enriches Aether AI's validation, so an attack reflects what an adversary would already have in hand rather than starting cold.
Roadmap
Deeper enrichment of the autonomous offensive agents with Threat Radar intelligence is a direction Aether AI is building toward, so the frontier engine reasons over the same shared attacker resources. Treat the offensive-agent enrichment as evolving rather than a fixed guarantee of specific behaviour.
What you see and do
Threat Radar lives as verdict cards, one per plugin, correlated to the current surface. When a card reports exposure, the underlying findings flow into the Risk Inbox with a plugin source label, feed the asset risk score, and are available to remediate like any other finding. Because the plugins are continuous, the cards stay current as sources change; there is no run to schedule and no report to request.
Related
Conventional Attack Surface
Continuous, non-destructive validation of what a commodity adversary could exploit.
Autonomous AI Pentest
The frontier engine that chains weaknesses and finds novel, business-logic flaws.
Risk Inbox
A single queue of findings across ASM, pentest, and Threat Radar plugins.
Risk scoring
How confirmed, live findings roll up into a 0 to 100 asset risk score.
The autonomous AI pentest
The frontier engine, where autonomous offensive agents chain weaknesses, work through authentication, and find novel and business-logic flaws that commodity tooling cannot.
Safety, scope and authorisation
How Aether AI keeps offensive work bounded to a customer's own assets, within defined scope, and safe to run against a live surface.