Aether AI
Defence

Exposure and risk

How Aether AI turns confirmed, live findings across ASM and pentest into a single explainable asset risk score.

Every asset Aether AI tracks carries a single risk score from 0 to 100. The score answers one blunt question: given what has actually been confirmed about this asset right now, how exposed is it. It is not a guess about how bad an attacker might find things, and it is not a theoretical rating. It reflects the findings Aether AI has confirmed to be live against that specific asset, and nothing else.

Why a single honest score

Security leaders drown in numbers that all claim to be "the" priority. Aether AI keeps the model deliberately narrow so the number stays trustworthy. The score only ever moves on confirmed, live findings, so it is defensible when a risk owner asks why an asset is where it is, and it is honest about what Aether AI does and does not know.

Two things are missing on purpose. There is no confidence term, because Aether AI does not down-weight a finding it has already confirmed. And there is no blast-radius weighting: Aether AI does not try to guess which assets are your crown jewels or inflate a score based on assumed business importance. Guessing importance produces confident-looking numbers that are quietly wrong. Instead the score describes the exposure it can prove, and leaves the business-context judgement to the people who actually hold it.

How the score is computed

The asset risk score is a noisy-OR combination of the per-finding severity probability across an asset's confirmed, live findings.

In plain terms: each confirmed live finding contributes a probability derived from its severity. Aether AI combines those contributions the way independent chances of failure combine, so more findings, and more severe findings, push the score higher, but no single finding can push it beyond 100. One critical finding already puts an asset in a serious place; several lower findings accumulate toward the same territory without ever overflowing. The maths is bounded, monotonic, and easy to reason about.

Only findings that are both confirmed and live count. A finding that has been resolved, or one that is not currently observed, contributes nothing. Because of this, the score is not sticky. When the findings on an asset resolve, the score drops back toward nothing. It tracks the present state of the asset, not its history.

For risk owners

The score is a measure of proven exposure, not of business impact. Aether AI deliberately leaves crown-jewel judgement to you. Pair the risk score with your own asset criticality when you decide what to fix first, rather than expecting the number to encode importance it cannot know.

Source-agnostic across ASM and pentest

The same scoring model runs over every finding, regardless of where it came from. A weakness surfaced by attack surface monitoring, an exploitability result from the Conventional Attack Surface validation layer, a compromised credential from a Threat Radar plugin, and a novel business-logic flaw from the Autonomous AI Pentest all feed the same asset risk score in the same way.

This matters because an attacker does not care which of your tools noticed a weakness. A leaked credential and a chained authentication bypass are both live exposure. Keeping the score source-agnostic means an asset's number reflects its real state across the full picture, not just the slice one scanner happened to see.

Explainability

Because the score is built from a fixed, transparent rule over a known set of findings, Aether AI can always show its working. For any asset you can see which confirmed, live findings drive the number and how each contributes. There is no opaque model tuning the result behind the scenes and no hidden weighting to argue with. When the score changes, it changes because a finding was confirmed, resolved, or reopened, and Aether AI can point at exactly that.

That transparency is what lets the score sit under the rest of the platform. The Risk Inbox queues the individual findings behind these scores across ASM and pentest, and the reporting layer rolls the same numbers up for board-ready and technical audiences.

What you see

Each asset shows its current 0 to 100 score, and the score reprioritises the moment findings change state through the remediation lifecycle. Fix a finding and re-validation confirms it, and the asset's contribution falls away. Let a fix regress, and the reopened finding pushes the score back up. The number stays a live reflection of proven exposure rather than a snapshot that goes stale.

On this page