Introducing HailBytes Attack Surface Management Platform - Continuous Reconnaissance, Rebuilt

Today we're introducing HailBytes Attack Surface Management Platform - our continuous reconnaissance and vulnerability-assessment platform, built for security teams that want full control of their attack-surface data without outsourcing it to a SaaS vendor.

HailBytes ASM is a purpose-built, proprietary platform. The container orchestration, scan-engine pipeline, reporting layer, and AI integration are engineered and maintained by HailBytes, and distributed under the Elastic License 2.0 so you can self-host on your own AWS or Azure account with full source availability.

What Makes It Different

Most attack-surface-management products are SaaS: your reconnaissance data lives on the vendor's infrastructure, and your pricing scales with every new asset. HailBytes ASM runs in your own cloud account. Your scan history, discovered assets, and vulnerability findings stay inside your VPC, under your IAM policies, under your retention rules. You get a managed-product experience on infrastructure you control.

The platform is designed around continuous operation, not one-shot scans. Scheduled discovery runs at the cadence you choose, change detection flags what's new between scans, and AI-powered analysis surfaces the findings that are most likely to be exploitable.

Modernized Container Infrastructure

Rebuilt Docker deployment with updated base images, improved health checks, and faster scan engine initialization. The containerized architecture is more resilient, recovers from failures automatically, and initializes significantly faster than the previous generation. Every base image has been updated to current LTS releases with the latest security patches applied.

AI-Powered Analysis

Integrated with OpenAI, Anthropic, Google Gemini, or self-hosted Ollama for intelligent finding analysis and prioritization. GPU instance support enables local LLM inference for organizations that require full data sovereignty - your reconnaissance data never leaves your infrastructure. The AI layer analyzes findings in context, correlates related discoveries across scan types, and surfaces the findings most likely to represent actionable risk.

Every completed scan now produces an AI-Generated Scan Summary - a concise executive narrative that reports the severity breakdown, the top critical and high findings, and what changed since the previous scan, including the subdomain delta. The summary is generated once and cached with the scan record, so re-opening a report never re-hits the model. It appears in two places: as a collapsible card at the top of the scan detail view, and as a dedicated section in the PDF report between the executive summary and the quick summary. It is the difference between handing management "412 findings" and handing them a paragraph that explains what the scan actually means. When no LLM provider is configured the step skips silently, so the capability is purely additive.

Improved Scan Engine Pipeline

Updated tooling across subfinder, nuclei, httpx, naabu, and the full reconnaissance stack. More reliable scheduling, better error handling, and clearer scan status reporting. When a scan engine encounters an issue, the platform provides clear diagnostics rather than silent failures. Scheduled scans run more predictably, and the pipeline recovers gracefully from transient infrastructure issues.

The pipeline has also grown new phases that widen what counts as attack surface. CI/CD attack-surface scanning (Gato + zizmor) brings GitHub Actions workflows into scope, and real-time public-commit monitoring watches the GitHub events firehose for leaked secrets and raises them as Critical findings. Both are off by default and opt-in per Organization. See why we scan CI/CD pipelines and how commit-stream secret monitoring works.

Enhanced Reporting

Improved dashboard with clearer asset inventory, vulnerability trending, and exportable reports for compliance documentation. The reporting layer now tracks asset changes over time, so you can see not just what your attack surface looks like today, but how it has evolved. Exportable reports are formatted for compliance workflows - hand them directly to auditors during SOC 2 or PCI DSS reviews.

Deployment Model

HailBytes ASM deploys in your own AWS or Azure account from the marketplace. Full data sovereignty, hourly pricing, no per-seat fees. Support is available through the HailBytes Cloud Support Hub.

Procurement and International Invoicing

AWS Marketplace and Azure Marketplace are also the primary commercial path. Marketplace charges count toward existing AWS Marketplace Annual Spend or Azure MACC commitments, and private offers carry multi-year terms, negotiated pricing, and customer-specific terms.

For international customers, the hyperscaler is the reseller of record. For Brazilian customers, AWS Brasil or Microsoft do Brasil invoices in BRL and issues the Brazilian Nota Fiscal Eletrônica; ICMS, ISS, PIS/COFINS, import-of-services tax, and FX conversion route through the hyperscaler's existing Brasil compliance infrastructure, not through HailBytes. Professional services bundle into the ASM private offer, or can be purchased separately via the HailBytes Support Hub SaaS listing (Azure Marketplace today; AWS Marketplace listing in flight). Direct (non-marketplace) HailBytes LLC contracts remain available where customer procurement prefers a non-marketplace path. Full procurement detail: how to buy HailBytes →