Remediation and @Aether
How Aether AI turns a validated finding into a fix, with an in-finding assistant and a resolve, retest, regression lifecycle.
Every finding Aether AI raises points straight at its source, carries the evidence, and states the fix. Remediation becomes a task you can act on rather than an investigation you have to run first.
Why this matters
Most of the effort in fixing a security issue is not the fix itself. It is working out where the problem lives, whether it is real, and what the actual change should be. When a finding lands without that context, a team spends its time reconstructing the attacker's path before it can do anything useful.
Aether AI closes that gap at the point of discovery. Because a finding only reaches you once it has been confirmed and validated, the work in front of you is the remediation, not the triage. That keeps the queue moving and keeps a real exposure from sitting open while people debate whether it counts.
A finding you can act on
Each finding is written so the person who owns the fix has what they need in one place:
- The source it points at, so there is no hunting for which asset or service is affected.
- The evidence that Aether AI observed, so the finding stands on its own without a reproduction step.
- The fix, so the required change is stated rather than inferred.
This is the same shape whether the finding came from ASM enrichment, Conventional Attack Surface validation, the Autonomous AI Pentest, or a Threat Radar plugin. A finding is a finding, and it arrives ready to work.
What lands with the finding
Whoever picks up the fix is handed the affected source, the observed evidence, and a stated fix. There is no need to reproduce an attack or chase down which system is in scope before starting, and @Aether is on hand for the next step at any point in the thread.
@Aether, the in-finding assistant
@Aether is an assistant that lives inside the finding. Mention it in the finding thread and it walks you through the fix in context, using the evidence attached to that finding. Instead of leaving the finding to search for guidance, you get the remediation steps where the work already is.
Because the assistant is scoped to the finding it sits in, its guidance reflects the specific source, the specific evidence, and the band the finding falls into, rather than generic advice about a class of issue.
Automated remediation (on the roadmap)
Aether AI is designed to move beyond guiding a fix to performing one. Automated remediation is a coming-soon affordance in the product, and the direction is for Aether AI's agents to act on a validated finding directly through connected channels. Today, @Aether guides the fix and you apply it.
Resolve, retest, regression
A fix is only real once it is confirmed, so findings move through a lifecycle rather than being closed on assertion.
- Resolve. You apply the fix and mark the finding resolved.
- Retest. Aether AI re-validates the source. When re-validation no longer observes the issue, the fix is confirmed and the finding stays closed.
- Regression. If a later re-validation observes the issue again, the finding reopens. A change that quietly undoes the fix does not slip past unnoticed.
This is the same continuous validation that runs across the surface, turned toward what you have already remediated. It is also why a finding that has genuinely been fixed drops out of your risk picture: resolved, live-clear findings stop contributing to an asset's risk score, and the score falls back accordingly.
Related
Risk Inbox
The single queue where findings from ASM, pentest, and plugins land for remediation.
Conventional Attack Surface
The commodity-baseline validation that produces many of the findings you resolve here.
Autonomous AI Pentest
The frontier engine that finds the chained and business-logic flaws commodity tooling misses.
Risk scoring
How resolved findings drop out of an asset's 0 to 100 risk score.
The Risk Inbox
One prioritised queue of findings across ASM and pentest, so every validated exposure lands in a single place to triage and act on.
Reporting
Board-ready and technical reports drawn from the same validated findings, following the Dvuln reporting standard and kept honest by continuous re-validation.