NeuralStack | MS — Article 3 of 3

Part 3 of the AI Security & Cybersecurity Series

Every asset an organization exposes to the internet is a potential entry point. Every untracked subdomain, every forgotten cloud instance, every third-party integration with misconfigured permissions, every API endpoint that outlived the feature it was built for – each represents an opportunity for an adversary who is, at this moment, enumerating your environment with the same tooling and methodology a professional penetration tester would use. The difference is that the penetration tester operates within a defined scope and a contracted timeframe. The adversary does not.

This asymmetry – between an organization's partial visibility into its own infrastructure and an attacker's comprehensive, continuous enumeration of it – is precisely the problem that Attack Surface Management (ASM) is designed to close.

Defining the Attack Surface

Before discussing how to manage an attack surface, it is worth defining precisely what it comprises. The attack surface is the complete set of points through which an unauthorized actor could attempt to enter, extract data from, or disrupt an environment. It spans three distinct categories:

External Attack Surface – everything internet-facing: domains, subdomains, IP ranges, exposed ports and services, web applications, APIs, cloud storage buckets, email infrastructure, and third-party assets that carry the organization's brand or data.

Internal Attack Surface – the exposure that exists within the network perimeter: unpatched internal systems, overprivileged service accounts, insecure inter-service communication, legacy protocols (NTLM, SMBv1, Telnet), and trust relationships between systems that have accumulated without governance.

Digital Supply Chain Surface – the inherited exposure from vendors, SaaS platforms, open-source dependencies, and third-party scripts executing in production environments. This category is frequently underestimated and increasingly weaponized; the attack vectors that produced the most consequential breaches of the past decade, from SolarWinds to the xz Utils backdoor, originate here.

ASM as a discipline is primarily concerned with the external attack surface, though mature programs extend visibility into the supply chain dimension as well.

The Core Problem: Organizations Do Not Know What They Own

This statement is not hyperbole – it is a consistent finding across security assessments in organizations of every size and maturity level. The problem compounds with scale: enterprises with decades of M&A activity, shadow IT proliferation, and distributed cloud provisioning accumulate external assets at a rate that manual tracking cannot match.

The consequences are direct and well-documented. The Verizon Data Breach Investigations Report consistently identifies unknown or unmanaged assets as a primary factor in successful breaches. Adversaries routinely gain initial access through assets the compromised organization did not know were exposed: a subdomain running an unpatched CMS instance, a development environment accidentally left internet-accessible, a forgotten VPN appliance running firmware from 2019.

Reconnaissance is continuous on the attacker's side. ASM makes it continuous on the defender's side.

The ASM Methodology

A mature ASM program operates across four continuous phases:

1. Discovery

The foundational phase establishes a complete inventory of external-facing assets. This is harder than it sounds. It requires going beyond the known asset register, which is invariably incomplete, and actively enumerating what the organization exposes from an adversary's vantage point.

Discovery techniques mirror those used in offensive reconnaissance: certificate transparency log analysis (crt.sh), DNS enumeration and brute-force with curated wordlists, ASN and IP range mapping, Shodan and Censys queries for internet-exposed services, web crawling for linked subdomains, and JavaScript file analysis for undocumented API endpoints. The output of this phase frequently surprises even well-resourced security teams; forgotten assets, shadow IT deployments, and acquired infrastructure that was never properly rationalized are endemic findings.

For cloud environments, discovery must account for the dynamic nature of cloud provisioning. Assets are spun up and torn down continuously, often outside the visibility of the central security function. Cloud-native ASM integrations – connecting directly to AWS, Azure, and GCP APIs – provide the real-time asset telemetry that static scanning cannot.

2. Inventory and Classification

Discovered assets are classified by type, ownership, business criticality, and exposure risk. This is where ASM intersects with Configuration Management Database (CMDB) hygiene; an accurate, continuously updated asset inventory is the prerequisite for every downstream security control, from vulnerability management to incident response.

Classification establishes which assets are sanctioned, which are shadow IT, which are orphaned, and which belong to third parties but carry the organization's data or identity. Ownership assignment, mapping each asset to a responsible team or individual, is operationally critical and politically difficult in large organizations. Without clear ownership, remediation requests disappear into organizational ambiguity.

3. Risk Assessment and Prioritization

Not all exposed assets carry equal risk. The risk assessment phase evaluates each discovered asset against a composite of factors: technology stack and associated CVE exposure, authentication requirements, sensitivity of data processed or stored, exploitability in the current threat landscape, and whether the asset appears in active threat intelligence feeds as a targeted technology.

This is where ASM platforms such as Censys ASM, RunZero, Cortex Xpanse, or Tenable Attack Surface Management add significant value, correlating discovered assets against vulnerability databases, threat intelligence, and known exploitation data to produce a risk-prioritized view of external exposure rather than an undifferentiated asset list.

The integration of EPSS (Exploit Prediction Scoring System) scores alongside CVSS ratings has meaningfully improved prioritization accuracy. EPSS models the probability of a vulnerability being exploited in the wild within 30 days – a far more operationally relevant signal than theoretical severity alone.

4. Continuous Monitoring and Remediation Tracking

ASM is not a point-in-time exercise. The external attack surface changes every time a developer deploys a new service, every time a certificate expires and is reissued, every time a new CVE is published against a technology in the stack. Continuous monitoring – with automated alerting on newly discovered assets, newly exposed services, and newly applicable vulnerabilities – is what separates an ASM program from a one-time external scan.

Remediation tracking closes the loop: findings must be triaged, assigned, resolved, and verified. Mean Time to Remediate (MTTR) by asset class and severity tier is the operational metric that determines whether the ASM program is producing real risk reduction or generating reports that accumulate unactioned.

Active vs. Passive ASM

ASM programs operate along a spectrum from purely passive to actively adversarial.

Passive ASM relies on data that can be collected without directly interacting with the target: certificate transparency logs, DNS records, WHOIS data, BGP routing tables, and data aggregated by search engines and internet scanners. It is low-risk, produces no observable footprint, and provides broad coverage.

Active ASM involves direct interaction with discovered assets: port scanning, service fingerprinting, web crawling, and authenticated vulnerability scanning. It provides higher fidelity data but requires coordination with asset owners to avoid disrupting production services and generating false - positive security alerts. In mature programs, active ASM is scoped and scheduled, with findings feeding directly into the vulnerability management workflow.

Adversarial ASM – sometimes called continuous automated red teaming (CART) or breach and attack simulation (BAS) – takes this further, actively attempting to exploit discovered vulnerabilities in a controlled fashion to validate exploitability rather than infer it. This closes the gap between theoretical exposure and confirmed risk, and is the closest approximation to a continuous penetration testing model that currently exists at scale.

ASM in the Context of AI Systems

For organizations building and operating AI infrastructure – LLM APIs, RAG pipelines, agent orchestration frameworks, vector databases – the attack surface extends into dimensions that traditional ASM tooling was not designed to enumerate.

Exposed model inference endpoints represent a class of attack surface unique to AI deployments: unauthenticated or weakly authenticated API endpoints accepting arbitrary inputs, prompt injection vulnerabilities accessible from the external surface, model extraction risks through repeated query analysis, and data exfiltration paths through retrieval-augmented generation pipelines that can be manipulated to surface training data or internal knowledge base content.

As AI systems become more deeply integrated into production infrastructure, with agents making autonomous API calls, browsing the web, executing code, and interacting with internal data stores, the attack surface they introduce is dynamic, poorly understood, and largely absent from conventional ASM frameworks. This is the frontier that the intersection of offensive security and AI engineering is only beginning to map systematically, and it will be the focus of a dedicated series on this blog in the coming months.

ASM and the Broader Security Program

ASM does not operate in isolation. It functions as the continuous intelligence layer that informs and prioritizes every other security function:

• It feeds the vulnerability management program with a real-time, externally-scoped asset inventory.

• It informs penetration test scoping by identifying high-risk assets and exposure patterns that warrant targeted adversarial validation.

• It contextualizes threat intelligence by mapping ingested indicators of compromise against assets that are actually present in the environment.

• It provides incident response with the asset context needed to scope a breach quickly and accurately.

• It satisfies compliance and regulatory requirements – DORA, NIS2, and the SEC's cybersecurity disclosure rules each carry explicit or implicit obligations around asset visibility and external exposure management.

The relationship between ASM and penetration testing, explored in Part 1 of this series, is particularly direct: ASM tells you what your attack surface is; penetration testing tells you what an adversary can do with it. Together, they constitute a continuous, evidence-based approach to external risk management that neither discipline achieves in isolation.

Building an ASM Program: Where to Start

For organizations approaching ASM for the first time, the practical starting point is establishing external asset visibility before attempting to build out tooling, process, or governance:

1. Enumerate what you think you own – compile every known domain, IP range, cloud account, and SaaS integration.

2. Enumerate what you actually expose – run passive discovery against your own infrastructure from an adversary's perspective and compare the delta.

3. Prioritize the delta – unknown, unmanaged, or forgotten assets carry disproportionate risk and should be addressed before optimizing the management of known assets.

4. Establish ownership – every asset must have an accountable owner. Without this, remediation is organizational theatre.

5. Automate monitoring – manual ASM does not scale. Tooling selection should be driven by environment complexity, cloud footprint, and integration requirements with existing vulnerability management and SIEM infrastructure.

Closing Thoughts

The organizations that suffer the most damaging breaches are rarely those with the weakest security controls; they are frequently those with the largest gap between what they believe they expose and what they actually expose. Attack Surface Management is the discipline that closes that gap, continuously and systematically, by ensuring that the defender's visibility into their own environment is at minimum as comprehensive as the attacker's.

In a threat landscape characterized by continuous reconnaissance, automated exploitation, and supply chain compromise at scale, periodic visibility is no longer sufficient. ASM is the operational commitment to match the adversary's tempo: knowing what you expose, knowing when it changes, and knowing what it means before someone else finds out first.

This concludes the three-part AI Security & Cybersecurity series on NeuralStack | MS. The next series will go deeper into the intersection of AI systems and offensive security – prompt injection at scale, RAG pipeline exploitation, and agent attack surfaces. Stay tuned.

I've recently partnered with a team that specializes in exactly this ⇾ Attack Surface Management and continuous external exposure monitoring. If you're facing blind spots in your external asset inventory, or you've never mapped your attack surface from an adversary's perspective, DM me for an introduction.

© NeuralStack | MS – Manuela S.