AS-301f · Module 1

Automated Surface Discovery

3 min read

Manual attack surface discovery does not scale. An AI ecosystem with twenty agents, each connected to five services, with three models in rotation, updated weekly, produces a surface that changes faster than manual inventory can track. Automated discovery tools continuously scan the environment, detect new components, flag configuration changes, and update the surface map in real time.

Do This

  • Run automated infrastructure discovery continuously, not on a schedule — new deployments create new surfaces immediately
  • Integrate model registry monitoring that tracks version changes, prompt updates, and capability modifications
  • Auto-discover API integrations through traffic analysis — the integrations that exist in practice may differ from those documented

Avoid This

  • Rely on documentation as the surface inventory — documentation drifts from reality within weeks
  • Scan quarterly and call it current — the surface changes daily in an active AI ecosystem
  • Discover infrastructure only — the model layer and integration layer are where AI-specific attacks target