Aether AI
Defence

Defence

The continuous loop that turns validated exposure into shrinking risk: know what matters, fix it, then confirm it stays fixed.

Attack emulation tells you what a real adversary could reach. Defence is what you do about it. Aether AI runs a continuous loop that shrinks exposure over time: it works out what actually matters, helps you fix it, and then confirms the fix held. The offensive engines and threat intelligence feed straight into that loop, so defence is grounded in validated exposure rather than a backlog of theoretical warnings.

The whole point is to close the distance between finding a problem and being sure it is gone. A finding that is discovered but never confirmed resolved is not defence, it is a to-do list. Aether AI keeps score of that closure, so the direction of travel is always visible.

Why a loop, not a list

Most security tooling stops at discovery. It hands you a long list of issues, sorts them by a static severity label, and leaves the rest to you. The problem is that a list does not know which findings still matter, whether anything was actually fixed, or whether a fix quietly regressed a month later.

Aether AI treats defence as a loop instead. Every finding, wherever it came from, moves through the same lifecycle: it is prioritised by real exploitability, worked to a fix, and then re-validated. Re-validation is the part that makes it a loop rather than a list. When Aether AI can no longer observe the problem, the finding resolves and the asset's risk drops. If it comes back, the finding reopens on regression. Nothing is closed on trust alone.

For risk owners

A risk score that only ever goes up is a scoreboard for anxiety. The value of the loop is that risk falls back to nothing when findings are genuinely resolved, so the number tracks your current, real exposure and gives you a defensible measure of whether the programme is working.

Know what matters

Defence starts with prioritisation, because you cannot fix everything at once and not everything is worth fixing first. Aether AI expresses this as a single asset risk score from 0 to 100, computed over an asset's confirmed, live findings and shared across ASM and pentest. It is a noisy-OR of per-finding severity probability, which means one severe, exploitable finding drives the score up on its own while a pile of low-severity noise does not.

The score deliberately leaves out things Aether AI cannot know honestly. There is no confidence term and no blast-radius weighting, because Aether AI does not guess which of your assets are crown jewels. The score is explainable: you can see the findings behind it, and it drops back to nothing once those findings are resolved. It reflects exploitability, not a static tally that never moves.

Fix it

Findings converge in the Risk Inbox, a single queue across ASM and pentest. A directly exploitable conventional finding, a frontier pentest result, and a compromised-credential hit from a threat intelligence plugin all sit in the same place, filterable by severity, source, and when they were updated. Source labels make the origin plain, including "Aether ASM", "Plugin (Conventional Attack Surface)", and "Plugin (Infostealer)", so you can tell at a glance what kind of adversary a finding represents.

From there, remediation is about actually closing the finding. Each one points back at its source with evidence and a fix, so an engineer is not left guessing what to change or why it matters. @Aether is an in-finding assistant that walks a user through remediation step by step. Findings then move through a resolve, retest, and regression lifecycle, and re-validation is what confirms a fix rather than an assertion that it is done.

Roadmap

Automated remediation is on the roadmap. Today, @Aether guides a person through the fix and Aether AI confirms it by re-validation. The direction is that cloud connectors, which enrich the surface today, are designed to become action channels so Aether AI's agents can auto-remediate directly and drive end-to-end defensive workflows, both natively and through existing tooling such as SOAR and SIEM.

Confirm it

The last step is the one that makes the loop worth running. When a finding is marked resolved, Aether AI re-validates against the live surface. If the problem is genuinely gone, the finding resolves for good and the asset's risk score reflects that. If it reappears, the finding reopens on regression and comes back into the inbox. This is the same auto-resolve behaviour the Conventional Attack Surface engine uses when re-validation no longer observes an issue, applied across the defensive lifecycle.

Confirmation is also what makes reporting trustworthy. Aether AI produces board-ready and technical reports following the Dvuln reporting standard, and because those reports are built on validated, re-checked findings, the story they tell is what is actually exploitable now, not what was flagged at some point in the past.

How the pieces fit together

The defence section breaks into four connected topics that follow the loop. Exposure and risk is how Aether AI decides what matters. The Risk Inbox is where findings from every source converge for action. Remediation is how a finding is worked to a fix and confirmed. Reporting is how the outcome is communicated to the people who need it, from engineers to the board.

On this page