Modern web applications are running everywhere- across cloud-native infrastructure, on-premises systems, SaaS platforms, and AI environments. Driven by the explosion of AI, the velocity of development has skyrocketed. More applications are being shipped today than ever before, ranging from core proprietary software to fast, "vibe-coded" applications.
As development accelerates and new applications are shipped, the attack surface expands rapidly, bringing a wave of “unknowns” into your environment-including both new, unknown shadow assets and unknown risks like logic flaws hidden inside your application code.
In this fast-moving landscape, maintaining continuous visibility into your exposures and uncovering these unknowns is critical to staying ahead. This is especially true as attackers increasingly leverage AI themselves to discover and exploit vulnerabilities faster than humanly possible. To help teams defend against AI threats, our goal with Wiz ASM is simple: Wiz ASM for any environment, any risk, everywhere. Wiz tackles this rapidly expanding modern attack surface through two core pillars: continuous discovery everywhere and full risk coverage.
Today, we are launching Wiz ASM’s automated reconnaissance capability, allowing you to automatically discover all subdomains belonging to your organization. With this launch, you can continuously uncover exposures across your entire environment, combining external reconnaissance with internal context to remove shadow exposures and remediate critical exploitable risks to stay ahead of AI-powered adversaries.
The modern attack surface
You cannot secure what you do not know exists. To effectively manage the modern attack surface, teams must maintain complete, up-to-date visibility. Attackers don't just look at what you know you own, but they actively hunt for the exposures you might have missed. This leaves organizations defending a perimeter that includes:
The Known Perimeter: This is your organization’s recognized, official domain space-such as acme.com and its subdomains. Because these assets are directly tied to your brand, they are highly visible and more easily detected. Attackers are constantly and systematically scanning these known domains, looking for an open port, an unpatched vulnerability, or a misconfiguration.
The Shadow Perimeter: In the cloud and AI era, unknown shadow exposures become common, for assets that live outside your standard domain registry. For example, common cloud resources like storage buckets often receive public-facing addresses assigned directly by the cloud provider (such as https://name.s3.us-east-2.amazonaws.com). Because these URLs are not part of your organization’s known domain space, traditional domain-based external scanners are unable to attribute them to you. This results in exposed assets that exist silently on the public internet-unmonitored, and open to attackers to find.
Continuous discovery, everywhere with Wiz ASM
To address both the known and unknown perimeters, Wiz ASM leverages multiple methods to continuously uncover exposures everywhere: from known assets via new auto-reconnaissance capabilities to the unknown by leveraging deep cloud and code context. This enables Wiz to combine the outside-in visibility that attackers have, with internal context to discover unknown cloud assets and eliminate shadow exposures.
This continuous discovery spans your entire footprint, whether your assets live in the cloud, on-premises, or in SaaS platforms. Wiz automatically detects new assets, scans them to validate actual exposure and risk, and delivers an up-to-date, dynamic view of your attack surface.
To uncover shadow exposures, Wiz ASM analyzes data from multiple sources across your environment including:
Cloud Network Configurations: Maps cloud network configurations to calculate the effective exposure of every cloud object.
Subdomain Reconnaissance: Automatically maps out subdomains using your owned root domains as seeds for automated reconnaissance.
API Endpoints: Discovers REST API endpoints using your cloud-native API management services and gateways, telemetry from the Wiz Runtime Sensor, and API specifications detected by the Attack Surface Scanner.
Runtime Sensors: Leverages telemetry from the Wiz Runtime Sensor to identify active endpoints and their exposure based on inbound network traffic.
UVM Imported Assets: Evaluates the exposure of network addresses imported by third-party vulnerability scanners and DAST scanners.
Custom Targets: Allows you to manually input IP addresses, domains, and IP ranges to analyze assets anywhere, ensuring coverage extends to legacy or isolated systems that fall outside automated discovery
Code Repositories: Validates code repositories for external exposure from repositories detected by Wiz Code.
The attack surface risk Landscape
Once we ensure we have full visibility coverage, the next step is covering the entire risk landscape. We can look at the modern attack surface risk landscape as a spectrum, moving from deterministic vulnerabilities to highly complex logic flaws:
Known CVEs & Misconfigurations: These are the easiest to detect because they follow deterministic rule sets-for example, searching for known CVE, misconfigured technology or common sensitive file exposures. The way to discover these types of risks is via external scanning, which can be done by a traditional ASM tool or with known public exploits. Discovery here can be automated as it relies mostly on known signatures.
Leaked Secrets & Sensitive Data: These are slightly harder to discover, as you need to maintain detections that allow you to classify what is considered sensitive data or have a list of signatures for known secrets, and you need to scan everything, not just specific known technologies. These can be found via external scanning like ASM or static signatures, looking for exposed credentials or sensitive data left out in the open in application responses.
Unknown Vulnerabilities & Logic Flaws: These are the unknown risks which have become increasingly common with AI-accelerated development. These are the most difficult to discover and take the longest because they require truly reasoning through an application's behavior to uncover logic flaws- for example, finding a multi-step attack chain that leads to an authentication bypass. Typically, this has required human experts via bug bounty programs manually testing the application to uncover these flaws. On this side of the spectrum, it has historically not been possible to automate since it is based entirely on application reasoning.
Complete risk coverage with Wiz ASM & Red Agent
This is where the second pillar comes in. Wiz ASM and the Red Agent give you complete coverage for the entire risk landscape-going all the way from known CVEs and misconfigurations to leaked secrets, and to uncovering unknown vulnerabilities and logic flaws.
By pairing these two capabilities, Wiz bridges the gap from deterministic checks to the unknown:
Covering known exploits: Wiz ASM
Starting with the deterministic types of risks, Wiz ASM is able to provide the best coverage for known exploits including CVEs, misconfigurations and weak or default credentials, with rules from both public exploits and created by Wiz Research team. It scans known technologies detected to be exposed looking for those types of signature-based risks. Then, for leaked secrets and sensitive data, Wiz ASM scans any exposed application and searches the response for secrets and sensitive data that are publicly exposed.Discovering unknown, logic-based risks: Wiz Red Agent
To discover those difficult unknown risks, the Red Agent uses AI to reason through an application behavior to adapt its scanning behavior in real-time and find multi-chain, complex exploitable risks. It is able to reason through custom-built, and vibe-coded applications, and uncover logic-driven risks such as OWASP API Top10 vulnerabilities, logic flaws, authorization bypass, ֿdata and secret exposure, and injection vulnerabilities. To see how it uncovers these risks in action, read our Red Agent POV series.
Find every risk on any asset
In an era where attackers use AI to scan your attack surface, Wiz ASM and the Red Agent help you stay ahead and ensure AI threat readiness. From complete visibility into shadow exposures, to detecting the unknown logic-vulnerabilities at AI-speed. Get started now with Wiz ASM and the Red Agent, learn more in our docs (login required) or set up a live demo with our team.