NEW AI & agent attack-surface fingerprinting is live

From the Team

Research and notes on external attack surface, brand impersonation, and email security.

July 8, 2026 · Product

Exploitable, fix, or hygiene: one word of triage on every finding

Severity says how bad a flaw could be in a lab. It does not say what to do this morning. Every Resensor finding now carries a one-word triage class computed from exploit evidence, CISA KEV, EPSS, public exploit code, and proven access, and it is the same word in the app, the API, and the PDF report.

Read the post

July 8, 2026 · Guide

How to actually reduce your attack surface

Attack surfaces grow by default, and nothing subtracts by itself. A practical, in-order playbook: count what you own, retire what should not exist, gate what should not be public, fix the rest in exploit order, then watch the diff.

Read the post

July 1, 2026 · Perspective

What an attacker sees when they look at your company

You see a homepage. An attacker sees everything around it: forgotten subdomains, a spoofable mail domain, exposed edges, and leaked secrets. A walkthrough of the outside-in recon that starts every intrusion.

Read the post

June 14, 2026 · Product

Your attack surface is a database. Now you can query it like one.

Every attack surface tool eventually hands you a list of findings and a CSV export button. Explore treats your external surface as structured data, with one query language to search it, chart it on dashboards, and alert on new matches.

Read the post

June 10, 2026 · Product

Where are we using AI? Answer it from the outside.

The board's real AI question is not whether yours is secure but where you use it at all. Resensor now inventories your AI usage from the outside, passively: SaaS providers in your DNS, AI-named hosts, embedded assistants, and your AI-crawler policy.

Read the post

June 7, 2026 · Product

Your shadow AI is showing

Teams ship LLM proxies, chatbots, vector databases, and agent tooling faster than anyone inventories them. Resensor now passively fingerprints the AI infrastructure exposed on your external surface, so the model server you forgot is on your asset list before it is on an attacker's.

Read the post

June 4, 2026 · Product

We built a free typosquat checker. The hard part was deciding what to leave out.

Most lookalike tools drown you in noise. Ours generates the lookalike domains an attacker would register, checks which are live, and separates the ones actually impersonating you from the coincidental and parked registrations.

Read the post