The Modern Attack Surface
Over the last decade I’ve partnered with 100s of organizations during active cyber breaches and to simulate similar intrusions during Red Team exercises. The number one struggle I saw organizations facing was visibility and transparency into what they were protecting, i.e. their “Attack Surface”.
The Attack Surface is vastly more complicated and interconnected today than ever before. Most established organizations have complex hybrid-networks blurred further by years of mergers, acquisitions, and divestitures. The cybersecurity team is responsible for maintaining oversight over 1000s of constantly changing services and applications in real-time.
To maintain visibility many teams painfully stitch asset, vulnerability, and business context data from their SIEM, CMDB, and internal Wikis, but in practice these data sources are typically stale and incomplete. Aggregating this information manually is slow and arduous, and as a result, cybersecurity analysts may truncate this process, leading to inaccurate prioritization and incomplete remediation.
For larger organizations this visibility problem compounds over time. Mergers, acquisitions, divestitures, subsidiaries, and long-lived legacy applications - often built years ago by employees who are no longer with the organization - create an attack surface that grows faster than the organization’s ability to understand it.
How AI Agents Can Solve Stale Problems
At Specular we believe AI agents provide a new opportunity to create a unified view of an organization’s vulnerabilities, assets, and business context.
Specular started by building this unified view for the Internet-facing Attack Surface because it’s the most critical component of an organization’s security posture. Attackers are continuously probing Internet-facing services for vulnerability, and legacy Attack Surface platforms are littered with False Positives and False Negatives which waste valuable analyst time.
To see the difference, let’s take the React2Shell vulnerability (CVE-2025-55182) disclosed in December 2025 as an example. Specular automates traditional outside-in Attack Surface discovery with internal integrations to streamline hours of analysis into seconds. Specular allows analysts to easily:
- View which Internet-facing services are leveraging React Server Components across your organization’s onprem, cloud, and third party networks
- View which services are currently exploitable to prioritize remediation efforts. Specular shows evidence of successful exploitation using specialized AI agents infused with Threat Intelligence
- Streamline remediation by identifying the responsible owner through automated enrichment via Retrieval Augmented Generation. Specialized AI agents query your organization’s internal knowledge stores (CMDB, wiki, cloud providers, etc) to generate customized analysis and remediation guidance tailored to each specific service or asset.
We’ll dig into each of these components in depth in future blogs. For brevity, if your current solution is not accurately handling number one or number two we’d recommend searching for another partner. Number three is a relatively new concept and unique to Specular: specialized AI agents query ServiceNow, Confluence, JIRA, Azure, and any relevant data store to enrich discovered services and vulnerabilities with internal business context. Answers generated by Specular AI are cited using LLM Grounding which allows analysts to easilydrill down to the referenced data source for more information. Specular condenses hours of analysis into seconds.
The Mythos Catalyst
As the open source community and software vendors begin to leverage more powerful LLMs similar to Anthropic’s Mythos, the number of vulnerabilities security teams must quickly identify, prioritize, and remediate across their attack surface will skyrocket. Anthropic and Google have both shared that Threat Actors are beginning to leverage LLMs to expedite the time from vulnerability disclosure to exploitation. Cybersecurity teams must adopt similar technologies to respond to vulnerabilities in their attack surface at machine speed. Manually correlating threat intelligence and sifting through internal documentation to find the asset owner will not scale in this new age.
If you’re interested in seeing how Specular solves these challenges, reach out at contact@specular.ai.