PuReAIpureAi

See like an attacker.
Ask like an analyst.

Conversational threat intelligence for your third-party attack surface — one Risk Score, one chat, every known ransomware actor and CVE behind it.

/ built for

Four teams. One source of truth.

Security Analysts

pureAi/analyst

Monitor the external attack surface, track CVEs, and ask the threat graph about ransomware actors, MITRE ATT&CK TTPs and active campaigns — in plain language.

IT Operations

pureAi/itops

Find misconfigurations, exposed services and shadow IT, then prioritize what to fix using CISA KEV and actor-attributed CVEs.

Risk & Compliance

pureAi/risk

Continuous third-party / ICT supply-chain monitoring with vendor-CVE attribution — built to support DORA (financial) and NIS2 (cross-sector) obligations.

Management & Admins

pureAi/admin

Oversee clients, manage users, assign licenses, and track organizational coverage across surface and threat intelligence.

How a typical workflow looks

  1. 1

    Log in securely

    Authenticate with your credentials and complete the 2FA verification step.

  2. 2

    Select target domain

    Choose a registered domain associated with your company. 12 OSINT modules run against it — subdomains, CVEs, leaked credentials, lookalikes, supply chain and more.

  3. 3

    Analyze results

    Review findings on the Risk Dashboard, identify exposure points, and prioritize remediation by severity and CISA KEV status.

  4. 4

    Ask the threat graph

    Open the threat-intel chat and ask analytical questions in plain language: which actors target your sector, which vendor CVEs are actively exploited, recent incidents in a country.

  5. 5

    Act & monitor

    Apply fixes, update finding statuses, and let scans + daily threat-feed ingestion re-run to track improvements and surface emerging threats.

/ 12 modules

Every angle attackers try. Already covered.

Subdomains, CVEs, leaked creds, lookalikes, dark web, supply chain. Pick a module — see what it actually pulls and where it lands in the Risk Score.

pureAi · module

Risk Dashboard

Real-time summary of the organization's overall security posture in one place. Surfaces the Company Risk Score, open findings by severity, and updates immediately as statuses change across Vulnerability, Misconfiguration and Lookalike.

What it finds
Company Risk ScoreSingle 0–100 score from 4 weighted segments
Compromises (40%)Leaked accounts, Git leaks, Google Dorks
Issues (30%)Vulnerabilities + misconfigurations by severity
Supply Chain (20%)Third-party vendors and dependencies
Exposure Surface (10%)Domains, subdomains, IPs, services
pureAi/threat-intel

Talk to a threat graph.
Get sourced answers.

Ask in plain language — any language. Get answers grounded in a Neo4j graph of actors, TTPs, CVEs and incidents, with sources instead of hallucinations.

Neo4j graphMITRE ATT&CKCISA KEVVendor CVEsMultilingualRead-only & safe
/ DORA & NIS2

Supports the underlying capability both regulations require: continuous third-party and ICT supply-chain threat monitoring. DORA (financial sector, in force since Jan 2025) mandates ICT third-party risk management — covered by the vendor-CVE and actor-attribution graph. NIS2(cross-sector, critical infrastructure) explicitly requires supply-chain security and addressing supplier vulnerabilities — covered by the vendor + sector-targeting features.

pureAi · threat-intel chat
You

Which ransomware actors targeted EU banks in the last 90 days, and which CISA KEV CVEs did they exploit?

pureAi

Three actors with confirmed victims in EU banking (industry = Financial Services, country ∈ EU-27, last_seen ≥ now-90d): LockBit, BlackCat/ALPHV, Akira. Of their attributed CVEs, the following are in CISA KEV and actively exploited: CVE-2023-4966 (Citrix NetScaler), CVE-2024-1709 (ConnectWise ScreenConnect), CVE-2023-46805 (Ivanti Connect Secure).

Neo4j graphCISA KEVMITRE ATT&CK
/ try asking
actors · sectorWhich ransomware groups target the financial sector in the EU this quarter?
KEV · supply chainWhat CISA KEV vulnerabilities are actively exploited by ransomware in our vendor stack?
MITRE ATT&CKShow MITRE ATT&CK TTPs used by the actor behind the latest incident in Germany.
leaked data · vendorAre any of our vendors' domains in recent credential leak dumps?
incidents · trendList incidents in healthcare in the last 30 days, with victim and country.
— Company Risk Score

One score. Four weighted segments. 0 – 100.

Every segment produces its own 0–100 score, then they combine into a single Company Risk Score:

Score = (Compromises × 0.4) + (Issues × 0.3) + (Supply Chain × 0.2) + (Exposure Surface × 0.1)
90–100Critical
70–89High
50–69Medium
30–49Low
0–29Informational
/ findings management

Every Vulnerability, Misconfiguration and Lookalike finding has a status. The score moves as you actually close them — not just when something is detected.

OpenIn ProgressResolvedAccepted RiskMonitored
Worked example — sample organization
Compromises
×0.4

Leaked accounts, Git leaks and Google Dorks — the highest weight, because an active compromise is direct, immediate risk.

segment score: 95contribution: 38.0
Issues
×0.3

Vulnerabilities + misconfigurations across the attack surface, scored by highest confirmed severity and the overall distribution.

segment score: 75contribution: 22.5
Supply Chain
×0.2

Third-party vendors and dependencies — weighted average across all identified dependencies by criticality.

segment score: 80contribution: 16.0
Exposure Surface
×0.1

Total discoverable surface (domains, subdomains, IPs, services) factored by how well-controlled that exposure is.

segment score: 55contribution: 5.5
Company Risk Score
82 / 100

See your surface. Know the threats.
All in one platform.