Mod 06 · Attack Surface Map

Ten surfaces. Identity is the hub.

Every defender protects some combination of these ten surfaces. The center of gravity has shifted: where the perimeter used to be the organizing frame, today it's identity — almost every other surface routes through it. Read this as a map of where threats land, not a vendor roster.

Surface 01 Hub

Identity

Accounts, credentials, privilege, machine and non-human identities — the control plane the rest of the surfaces increasingly route through.

7 defensive categories Open
Surface 02

Endpoint

Workstations, servers, mobile devices — the historical center of detection-and-response.

5 defensive categories Open
Surface 03

Cloud

IaaS/PaaS workloads, configurations, containers, Kubernetes clusters, serverless functions.

5 defensive categories Open
Surface 04

SaaS

Business apps (Workday, Salesforce, Google Workspace), OAuth grants between them, shadow SaaS the company doesn't know it has.

4 defensive categories Open
Surface 05

Application & API

Custom-built applications, public and internal APIs, source code repositories, build pipelines.

5 defensive categories Open
Surface 06

Data

Sensitive structured and unstructured data across cloud, SaaS, endpoints — and increasingly, data being ingested by AI/agent systems.

4 defensive categories Open
Surface 07

Network

Perimeter, internal segments, remote-access paths.

6 defensive categories Open
Surface 08

Third-party / Supply chain

Vendor relationships, software dependencies, SBOM contents, build artifacts from upstream.

4 defensive categories Open
Surface 09

OT / IoT

Industrial control systems, connected devices, building automation, medical devices.

4 defensive categories Open
Surface 10

AI / Agents

Deployed models, agent permissions, prompts, training and inference data, integrations between LLMs and enterprise systems.

3 defensive categories Open