Aether AI
Your surface

Ports and technology

Passive enrichment that keeps an open-ports inventory and a technology fingerprint current for every monitored asset, and gates which validation checks are relevant.

Once an asset is set to Monitor, Aether AI keeps a live picture of two things that matter most to an attacker sizing up a target: what is listening, and what it is running. Port Analysis tracks the open ports, Technology Detection tracks the software and versions behind them. Both are passive, both alert when something changes, and both feed the validation layer so that deeper checks only run where they make sense.

Why it matters

An attacker starts by looking at exactly this. Open ports tell them where they can reach you, and technology and version fingerprints tell them what is likely to be weak. Keeping that inventory current, and noticing the moment it changes, is the difference between spotting a newly exposed service before an adversary does and finding out afterwards.

Passive enrichment gives risk owners and application security a factual, always-current baseline of the surface without touching it aggressively. Nothing here brute forces, changes state, or exfiltrates data. It observes and records, and it tells you when the picture moves.

Port Analysis

Port Analysis maintains an open-ports inventory for each monitored asset. A port sweep records which ports are open, and Aether AI keeps that inventory current so it reflects the asset as it is now, not as it was at discovery.

When the set of open ports changes, whether a new service appears or a previously open port closes, Aether AI raises a change alert. A newly opened port is often the first visible sign of a new deployment, a misconfiguration, or a service that was never meant to face the internet, so surfacing that change quickly is the point.

Technology Detection

Technology Detection produces a technology and version fingerprint per asset: the software stack running on it and, where it can be determined, the versions. Like Port Analysis, it is kept current and it alerts on change.

Version-level detail matters because it is what an attacker maps against known weaknesses. When a fingerprint changes, for example a component is upgraded, replaced, or newly introduced, Aether AI raises a change alert so the shift is visible rather than silent.

For application security

The version fingerprint is not just a report line. It is the input that decides which validation checks are worth running against an asset, so keeping it accurate directly sharpens what the deeper layers look at.

Passive enrichment that feeds validation

Port Analysis and Technology Detection are the Monitor tier's passive enrichment. Beyond keeping the surface current and alerting on change, they gate the validation layer: the open ports and the technology fingerprint decide which checks are relevant for a given asset.

That gating is why enrichment sits underneath validation rather than beside it. When an asset is promoted to Monitor Plus, the Conventional Attack Surface validation uses what enrichment already knows to run only the checks that fit what is actually exposed and running, instead of testing blindly. Downgrading an asset back to Monitor stops that deeper work while keeping the passive enrichment in place.

What you see

For each monitored asset you get a current open-ports inventory and a current technology and version fingerprint, plus change alerts when either moves. Those alerts reach you through the in-app notification bell, the notifications page, and email, so a change on the surface does not depend on someone happening to look.

On this page