One agent per risk class — orchestrated in a single flow.
Isolated tools deliver noise. Defender360 orchestrates specialized agents, each responsible for one risk class, with adaptive escalation and proof at every step. The result isn't a list — it's the story of the attack, from start to impact.
Surface agent
Discovers hosts, ports, subdomains, endpoints, and parameters — the attack surface treated as a queryable entity, not a blob of text. When something new goes up, it triggers reassessment.
Authenticated exploitation agent
Testing with access credentials: unauthorized access to another user's data proven by session, leaked credentials tested at login, and business-value manipulation with observed effect.
Validation agent (the judge)
Separates what is confirmed by exploitation from correlational hypothesis and publishes the false-positive reduction. Nothing becomes "confirmed" without direct proof.
Attack-chain agent
Chains findings into precondition → action → result, mapped to MITRE ATT&CK — the attacker's real progression, not a spreadsheet.
AI security agent
Covers the new risk classes of AI/agent applications: prompt injection (direct and indirect), unsafe tool use, knowledge-base poisoning, and cost exhaustion.
Remediation agent
Revalidates the vector after the fix and measures risk reduction — the loop, not the snapshot.
The attacker's progression in one path: code → cloud → runtime.
Surface and code
Where the vector begins.
Exposure and identity
Cloud posture, authenticated access, validated leaked credentials.
Business impact
Value manipulation, exfiltration, proof of concept.
Each node carries the structured evidence that proves it — not a chain dumped as text.