Why ARQAI Capabilities How it works Pricing Sign in Start trial
EXTERNAL ATTACK SURFACE MANAGEMENT

Attackers see your whole perimeter. Now you do too.

ARQAI continuously discovers every asset, fingerprints your services, correlates CVEs with real-world exploit data, and surfaces leaks, phishing and changes — before someone else finds them first.

No agents to install Continuous discovery EPSS + KEV scoring
app.arqai.io/dashboard LIVE
ARQAI dashboard — security score, risk indicators and change timeline
Asset Discovery Service Fingerprinting CVE Intelligence EPSS & KEV Scoring Leak Detection Phishing Monitoring Change Tracking Attack Path Mapping
Why now

Breaches start with what's visible from the outside.

A forgotten service, an open port, a leaked password. Most incidents trace back to assets nobody was watching — and that's exactly the zone ARQAI closes.

$0
Estimated global cybercrime losses since January 1.
Updating estimate
241
Days, on average, to identify and contain a breach.
69%
Of organizations were attacked via an unknown or unmanaged internet-facing asset.
<25%
Of organizations have adopted external attack-surface assessment.

Sources: FBI IC3 2025 · IBM Cost of a Data Breach 2025 · ESG Research · ARQAI estimation model

The approach

Visibility. Prioritization. Automation.

ARQAI scans the internet the way an attacker does — then turns thousands of signals into the few that actually matter.

/01

Full visibility

Assets, services, technologies and certificates across your entire external perimeter — including the shadow IT you didn't know you owned.

/02

Risk prioritization

CVSS, EPSS and the CISA KEV catalog instead of thousands of identical alerts. Fix what's genuinely being exploited, first.

/03

Automation

Schedules, scan profiles, integrations, reports and real-time alerts out of the box. Set it once, stay covered 24/7.

Capabilities

One platform for the whole external surface.

Every module feeds the same graph — so a new subdomain instantly inherits scans, CVE correlation, leak checks and change alerts.

01

Asset Discovery

Continuously enumerate and enrich the subdomains across your external footprint — including the shadow IT you forgot you owned. Passive discovery never touches production.

SubdomainsActive & discoveredPassive recon
02

Service Fingerprinting

Every open port profiled: protocol, banner, status code, TLS state and tech stack. Search like a pro — port:443 title:"admin".

Ports & bannersTLS stateTech stack
03

Vulnerability Scanning

Active security checks run against your live services and rank findings by severity — Critical to Info — with the exact host and evidence.

Exposure checksSeverityEvidence
04

CVE Intelligence

CVEs mapped to the exact hosts they affect, enriched with CVSS, EPSS exploit-probability and the CISA KEV catalog so you fix what's actually being exploited.

CVSSEPSSKEVCWE
05

Leak Detection

Catch credentials, keys and secrets exposed across GitHub and client-side JavaScript — grouped by affected domain and subdomain, with severity and trend.

GitHubJS IntelExternal
06

Brand & Phishing

Detect lookalike and typosquatting domains targeting your brand, scored and triaged with verdicts — confirmed, suspicious or benign — before a campaign lands.

TyposquatLookalikesVerdicts
07

Change Tracking

A live timeline of everything that moved — new assets, opened ports, DNS changes, growing leaks. Acknowledge what's expected, alert on what's not.

TimelineDNS & portsAlerts
08

Reports & API

Board-ready attack-surface and per-asset PDF reports on demand, plus an API and Slack, Discord & Telegram alerts to push findings wherever your team works.

PDF / CSV / JSONREST APIWebhooks
09

Automation

Schedule recurring scans, build custom scan profiles (port lists, HTTP, Vuln, Recon, JS Intel) and set blackout windows. Set it once, stay covered.

SchedulesScan profilesBlackout
Asset intelligence

Every asset, mapped as an attack graph.

Drill into any domain and ARQAI lays out its entire footprint around it — hosts, subdomains, open services, certificates, leaks and findings — then scores the whole thing.

  • Attack Surface ScoreA single 0-100 number that tells you how exposed each asset really is.
  • Attack Path viewSee how an attacker could chain exposures from edge to critical asset.
  • Everything connectedSubdomains, JS-intel findings, certs and CVEs linked to one record.
Asset
acme-corp.com
CRITICAL
Subdomains
61
Services
6
Certificates
1
Findings
49
JS Intel
28
Leaks
1
How it works

Discover. Scan. Prioritize. Monitor.

Point ARQAI at a domain and the pipeline runs itself — then keeps running, on schedule, 24/7.

/01

Discover

Enumerate subdomains and build a live inventory across your external footprint.

/02

Scan

Fingerprint services and run active vulnerability checks against what's live.

/03

Correlate

Match CVEs to hosts, enrich with EPSS & KEV, sweep for leaks and phishing.

/04

Prioritize

Score each asset and rank findings so the riskiest exposure rises to the top.

/05

Monitor

Watch for change 24/7 and push alerts to Slack, Discord, Telegram or your API.

Integrations

Findings land where your team already works.

Slack
Real-time alerts to any channel.
Discord
Push events to your server.
Telegram
Instant bot notifications.
REST API
Build on your own automation.
Reporting

A report for every audience.

From a board-level summary to a SOC-ready breakdown — generated on demand and exported in the format you need.

PDFHTMLCSVJSON
/01
Executive

Score, key risks and recommendations for leadership.

/02
Security Ops

Infrastructure, services, leaks and detection points.

/03
Vulnerability

CVEs, EPSS exploit likelihood and a remediation plan.

/04
Compliance

PASS/FAIL controls scored and mapped to frameworks.

/05
Attack Surface

Shadow assets, new findings and risk over time.

Why ARQAI

The whole external surface, without the tool sprawl.

Most teams stitch together five tools to do what ARQAI does in one — and still miss what's between them.

01

All in one platform

Assets, CVEs, leaks, phishing, changes and attack-path maps in a single product — no zoo of disconnected tools to correlate by hand.

02

Prioritized by real risk

CVSS + EPSS + KEV means you fix what's actually exploited in the wild, not whichever scanner shouted loudest.

03

Built for partners & MSSPs

Multi-tenancy and role-based access (Org Admin, Member, Viewer) out of the box. Manage isolated client tenants from one account.

04

Data residency & support

Choose where your data lives, with a local team in your time zone and an accessible price point versus global enterprise EASM.

Where ARQAI fits

An honest comparison, by category.

Global platforms are stronger at internet-scale discovery. ARQAI's edge is completeness, locality and price.

What buyers care about ARQAI Global EASM Regional vendors
Internet-scale asset discovery
All external security in one platform
Risk-based prioritization (EPSS / KEV)
Flexible data residency & hosting
Local team & on-site support
Accessible entry price

● strong   ◐ partial   ○ no / weak  ·  generalized category profiles, no specific vendors named.

Pricing

Try it free for 14 days. Scale to enterprise.

From a single domain to a thousand assets across multiple organizations — pick the tier that fits, talk to us for the rest.

Standard
For growing teams.
Custom14-day free trial
  • 50 active assets
  • 100 scans / month
  • 5 users · 2 orgs
  • 90-day data retention
Start trial
Popular
Professional
Advanced features for pros.
Custom14-day free trial
  • 200 active assets
  • 500 scans / month
  • 20 users · 5 orgs
  • 180-day data retention
Start trial
Enterprise
For large organizations.
Custom30-day free trial
  • 1000+ active assets
  • Unlimited scans & users
  • 10 organizations
  • 365-day data retention
Talk to sales

Pricing scales with monitored assets. Ask for a quote — you'll get a number, not a sales funnel.

FAQ

Questions security teams ask first.

Is active scanning safe for production?

Checks are non-destructive and rate-limited. You control scan profiles and blackout windows — and passive discovery never touches your infrastructure at all.

Do I need to install agents or appliances?

No. ARQAI works from the outside, the way an attacker does. Point it at a domain and the first inventory starts building in minutes.

Can I scan any domain I want?

No — only assets you own or are explicitly authorized to assess. Ownership is verified during onboarding.

Where is my scan data stored?

You choose the data residency region. Scan data is encrypted in transit and at rest, and retention follows your plan — from 90 to 365 days.

How is ARQAI different from a vulnerability scanner?

A scanner checks the targets you already know about. ARQAI first discovers what you don't — shadow IT, forgotten subdomains — then correlates CVEs with EPSS & KEV, sweeps for leaks and phishing, and watches for change 24/7.

Find it before they do.

Spin up ARQAI, point it at your domain, and see your external attack surface in minutes — not after the breach.