Capability architecture
ExposureGraph: context, validation and evidence.
This capability contributes to the same platform outcome: understanding realistic attacker exposure and proving what matters.
01Why it matters
- External exposure is only meaningful when teams can see what it connects to.
- A single exposed service may matter because of the API, identity or data path behind it.
- Attack-path validation requires graph context, not isolated observations.
02ThreatCanary approach
- Create relationships between domains, services, APIs, cloud resources, identities, data tags and findings.
- Propagate risk through relationships and surface the paths that matter most.
- Use the graph as grounded context for AI advisors and offensive reasoning.
03What it validates or reveals
- Exposure chains.
- Blast radius from exposed systems.
- Relationships that turn low-severity findings into high-priority paths.
04Evidence and outputs
- A clear explanation of the exposure, affected assets and likely attack path.
- Reproducible evidence suitable for analysts, developers and risk owners.
- Prioritisation based on exploitability, business impact, sensitive data and chainability.
- Owner, remediation and workflow context that can move into Jira, Slack, SIEM or reporting.
