See like an attacker.
Ask like an analyst.
Conversational threat intelligence for your third-party attack surface — one Risk Score, one chat, every known ransomware actor and CVE behind it.
Four teams. One source of truth.
Security Analysts
pureAi/analystMonitor the external attack surface, track CVEs, and ask the threat graph about ransomware actors, MITRE ATT&CK TTPs and active campaigns — in plain language.
IT Operations
pureAi/itopsFind misconfigurations, exposed services and shadow IT, then prioritize what to fix using CISA KEV and actor-attributed CVEs.
Risk & Compliance
pureAi/riskContinuous third-party / ICT supply-chain monitoring with vendor-CVE attribution — built to support DORA (financial) and NIS2 (cross-sector) obligations.
Management & Admins
pureAi/adminOversee clients, manage users, assign licenses, and track organizational coverage across surface and threat intelligence.
How a typical workflow looks
- 1
Log in securely
Authenticate with your credentials and complete the 2FA verification step.
- 2
Select target domain
Choose a registered domain associated with your company. 12 OSINT modules run against it — subdomains, CVEs, leaked credentials, lookalikes, supply chain and more.
- 3
Analyze results
Review findings on the Risk Dashboard, identify exposure points, and prioritize remediation by severity and CISA KEV status.
- 4
Ask the threat graph
Open the threat-intel chat and ask analytical questions in plain language: which actors target your sector, which vendor CVEs are actively exploited, recent incidents in a country.
- 5
Act & monitor
Apply fixes, update finding statuses, and let scans + daily threat-feed ingestion re-run to track improvements and surface emerging threats.
Every angle attackers try. Already covered.
Subdomains, CVEs, leaked creds, lookalikes, dark web, supply chain. Pick a module — see what it actually pulls and where it lands in the Risk Score.
Risk Dashboard
Real-time summary of the organization's overall security posture in one place. Surfaces the Company Risk Score, open findings by severity, and updates immediately as statuses change across Vulnerability, Misconfiguration and Lookalike.
Talk to a threat graph.
Get sourced answers.
Ask in plain language — any language. Get answers grounded in a Neo4j graph of actors, TTPs, CVEs and incidents, with sources instead of hallucinations.
Supports the underlying capability both regulations require: continuous third-party and ICT supply-chain threat monitoring. DORA (financial sector, in force since Jan 2025) mandates ICT third-party risk management — covered by the vendor-CVE and actor-attribution graph. NIS2(cross-sector, critical infrastructure) explicitly requires supply-chain security and addressing supplier vulnerabilities — covered by the vendor + sector-targeting features.
Which ransomware actors targeted EU banks in the last 90 days, and which CISA KEV CVEs did they exploit?
Three actors with confirmed victims in EU banking (industry = Financial Services, country ∈ EU-27, last_seen ≥ now-90d): LockBit, BlackCat/ALPHV, Akira. Of their attributed CVEs, the following are in CISA KEV and actively exploited: CVE-2023-4966 (Citrix NetScaler), CVE-2024-1709 (ConnectWise ScreenConnect), CVE-2023-46805 (Ivanti Connect Secure).
One score. Four weighted segments. 0 – 100.
Every segment produces its own 0–100 score, then they combine into a single Company Risk Score:
Every Vulnerability, Misconfiguration and Lookalike finding has a status. The score moves as you actually close them — not just when something is detected.
Leaked accounts, Git leaks and Google Dorks — the highest weight, because an active compromise is direct, immediate risk.
Vulnerabilities + misconfigurations across the attack surface, scored by highest confirmed severity and the overall distribution.
Third-party vendors and dependencies — weighted average across all identified dependencies by criticality.
Total discoverable surface (domains, subdomains, IPs, services) factored by how well-controlled that exposure is.
