For Immediate Release
DENVER, Colo., May 5, 2026. The 2024 IBM Cost of a Data Breach Report found that organizations now take an average of 258 days to identify and contain a breach, and the global average cost has reached $4.88 million. The single biggest variable in those numbers is how quickly a defender finds an exposed asset before an attacker does.
HailBytes, LLC, a Delaware-registered cloud security company headquartered in Denver, Colorado, today announced the general availability of HailBytes Attack Surface Management Platform (HailBytes ASM) on the Amazon Web Services (AWS) Marketplace and the Microsoft Azure Marketplace. The platform is engineered for security teams that need to discover unknown internet-facing assets, triage vulnerabilities with AI, and prove their work to auditors, without shipping any of that data to a third-party SaaS vendor. New customers can deploy HailBytes ASM in their own cloud account with a 30-day free trial, hourly pricing, and no per-asset or per-seat fees.
Unlike SaaS attack-surface-management products that store reconnaissance data on vendor infrastructure, HailBytes ASM runs entirely inside the customer's own AWS or Azure account. Scan history, discovered assets, and vulnerability findings remain inside the customer's VPC, governed by their own IAM policies, retention rules, and data-residency requirements. The platform is distributed under the Elastic License 2.0 (ELv2), giving customers full source availability so they can inspect, modify, and self-host the platform on infrastructure they control.
Key Capabilities
- Continuous, scheduled discovery across subdomains, exposed services, and web applications, with change detection between scans so security teams see new assets the moment they appear.
- An integrated reconnaissance pipeline built on industry-standard open-source tools including subfinder, nuclei, httpx, and naabu, with hardened scheduling, clearer scan diagnostics, and AI-powered triage of findings.
- AI-powered vulnerability analysis via OpenAI API or self-hosted Ollama, with GPU instance support for organizations that require local LLM inference and full data sovereignty.
- An updated dashboard with asset inventory, vulnerability trending, and exportable reports formatted for SOC 2, ISO 27001, and PCI DSS compliance workflows.
- Direct integration with Jira, Slack, and SIEM platforms so newly discovered findings flow into the tools security teams already use (read the integration walkthrough).
- Modernized container infrastructure with updated LTS base images, automated health checks, and faster scan-engine initialization.
“Pen testers spend the first three days of every engagement re-running recon they ran six weeks ago for the same client. That’s not a tooling problem, it’s a continuity problem, and it’s why we built ASM as a between-engagement layer instead of another scanner. The open-source community already solved scanning. What was missing was the hosted infrastructure, the alerting, and the audit-ready reports a client procurement team will actually accept. The 30-day free trial on AWS and Azure lets a team prove that on a single client domain in 10 minutes.”
By the Numbers
- 3,000+ HailBytes deployments worldwide
- 258 days: average time to identify and contain a breach in 2024 (IBM Cost of a Data Breach Report)
- $4.88M: average global cost of a data breach in 2024 (IBM)
- $0.24/vCPU/hour: HailBytes ASM starting price, with no per-asset, per-target, or per-seat fees
- 30 days: free trial length on both AWS Marketplace and Azure Marketplace
Multimedia Available for Press
Journalists and editors covering this announcement may use the following images with credit to HailBytes. Higher-resolution assets are available on request from the media contact below.
Availability and Pricing
HailBytes ASM is available immediately on the AWS Marketplace and the Azure Marketplace. Pricing starts at $0.24 per vCPU per hour. Customers pay only for the cloud infrastructure they use; there are no per-asset, per-target, or per-seat license fees. Community support is included; priority support and managed-service options are available through the HailBytes Cloud Support Hub.
Story Angles for Reporters
Working an industry beat? Below are five distinct framings of this announcement that pair well with different beats. Each is supported by HailBytes data and an on-the-record spokesperson; email david@hailbytes.com for an interview, embargoed briefing, or written quotes.
- Cybersecurity / cloud beat: "The self-hosted counter-trend in attack-surface management." A growing cohort of regulated and mid-market security teams is moving off SaaS ASM tools to keep reconnaissance data inside their own VPC. HailBytes has 3,000+ deployments and a founder available to walk through the buyer-side rationale.
- AI & security beat: "AI-triaged vulnerabilities, but inside the customer's VPC." HailBytes ASM lets customers run vulnerability triage with OpenAI or self-hosted Ollama on a customer-owned GPU instance, a concrete example of the broader story of regulated industries wanting LLM benefits without LLM data exfiltration.
- Compliance / audit beat: "What auditors actually accept as ASM evidence." HailBytes ASM produces exportable asset inventories and vulnerability reports formatted for SOC 2, ISO 27001, and PCI DSS reviewers, a useful angle for compliance and audit-trade outlets.
- Cloud-economics beat: "Hourly per-vCPU pricing vs. per-asset SaaS." HailBytes ASM is billed at $0.24 / vCPU / hour through AWS and Azure Marketplace, directly challenging the per-asset pricing of incumbent SaaS ASM vendors.
- MSSP / channel beat: "Continuous ASM as a between-pentest deliverable." Managed-service partners are productizing HailBytes ASM as recurring revenue between annual penetration tests; sample multi-tenant architectures and channel margin notes available on request.
Frequently Asked Questions
How is HailBytes ASM different from Tenable, Qualys, or other SaaS attack-surface tools?
HailBytes ASM runs entirely inside the customer's own AWS or Azure account. Reconnaissance data, asset inventories, and vulnerability findings never leave the customer's VPC. SaaS competitors store this data on vendor infrastructure and typically charge per discovered asset; HailBytes ASM charges hourly per vCPU with no per-asset fees. See the detailed comparison.
Is HailBytes ASM open source?
HailBytes ASM is distributed under the Elastic License 2.0 (ELv2). The full source is available, and customers can inspect, modify, and self-host the platform on infrastructure they control.
How much does HailBytes ASM cost?
Pricing starts at $0.24 per vCPU per hour, billed through the customer's existing AWS or Azure account. There are no per-asset, per-target, or per-seat license fees, and new customers receive a 30-day free trial.
What reconnaissance tools does HailBytes ASM use?
HailBytes ASM integrates industry-standard open-source reconnaissance tools (subfinder, nuclei, httpx, and naabu) into a hardened, scheduled pipeline with change detection between scans and AI-powered triage of findings.
Does HailBytes ASM support compliance frameworks like SOC 2 or PCI DSS?
Yes. HailBytes ASM produces exportable asset inventory and vulnerability reports formatted for SOC 2, ISO 27001, and PCI DSS workflows, and runs inside the customer's own cloud account so reconnaissance data inherits their existing IAM, retention, and residency controls.
Related Reading
- Introducing HailBytes Attack Surface Management Platform
- Attack surface mapping with HailBytes ASM
- HailBytes ASM vs. manual reconnaissance
- Reselling continuous ASM as a deliverable between pentests
- The reconnaissance setup tax
About HailBytes
HailBytes provides cloud-deployed security testing tools for modern security teams. With 3,000+ deployments worldwide, HailBytes makes enterprise-grade reconnaissance automation and phishing simulation accessible to organizations of all sizes. Flagship products HailBytes ASM and HailBytes SAT are distributed under the Elastic License 2.0 and deploy on customer-controlled AWS and Azure infrastructure, ensuring data sovereignty and supporting SOC 2, ISO 27001, and GDPR compliance workflows. Learn more at hailbytes.com.
Media Contact
David McHale, Founder
HailBytes
david@hailbytes.com
hailbytes.com/press
Notes to Editors
- Brand style: "HailBytes" (one word, capital H, capital B). Legal entity is "HailBytes, LLC". Product is "HailBytes ASM" (Attack Surface Management) or "HailBytes Attack Surface Management Platform" on first reference.
- License characterization: HailBytes ASM is "source-available" under the Elastic License 2.0 (ELv2). Please avoid the term "open source" so the licence description stays accurate.
- Deployment model: HailBytes ASM is "self-hosted" because it runs inside the customer's own AWS or Azure account. It is not a SaaS product.
- Statistics sourcing: "258 days" and "$4.88M" are from the 2024 IBM Cost of a Data Breach Report. "3,000+ deployments worldwide" is a HailBytes-internal figure derived from cloud-marketplace fleet telemetry.
- Companion release: HailBytes also announced general availability of HailBytes SAT (Security Awareness Training Platform) on the same day; reporters covering this story may find pairing the two releases useful for a broader self-hosted-cybersecurity narrative.
- Spokesperson: David McHale, Founder, is available for interviews on attack surface management, AI-assisted vulnerability triage, cloud-marketplace economics, and the self-hosted-vs-SaaS debate. Bookings via david@hailbytes.com; we typically confirm a 30-minute briefing within 24 hours.
- Embargo policy: HailBytes will honor agreed-upon embargoes through david@hailbytes.com. Quotes attributed to a HailBytes spokesperson should be confirmed with the named media contact before publication.
- Customer references: Anonymized customer references are available on request to qualified media (please allow 24-48 hours for customer-side approval).
- Press kit: Logos, screenshots, executive bios, and the full set of story angles are available at hailbytes.com/press.
###
Try HailBytes ASM
Deploy in your own AWS or Azure account with a 30-day free trial.