An AI agent hacked McKinsey in two hours — and your APIs could be next.

Request a free, evidence-based API Attack Surface Assessment from Salt's research team. We'll show you the hidden vulnerabilities in your environment — before they become the next McKinsey-style incident.

01 You provide your domain

It's zero-touch, agentless and fast.

02 We uncover your API risks

Our active reconnaissance finds MCP servers, shadow APIs, posture gaps, and potential vulnerabilities.

03 You get an actionable Risk Assessment

Get a comprehensive AI and API security risk assessment and recommendations from our experienced security experts.

What you’ll get from your Attack Surface Assessment

Map of your externally accessible APIs

Get a complete map of your external attack surface, with no agents or traffic mirroring required. We discover the critical shadow, zombie, and unmanaged APIs that other tools miss.

Risk categorization
by domain and endpoint

Receive a prioritized list of your most critical risks and posture gaps. We pinpoint everything from accidentally exposed "api-dev" servers to unauthenticated APIs that could lead to data leaks.

Threat context from Salt Labs

Understand the real-world threat with an attacker's perspective on each finding. We provide context for every risk, including strong indicators of BOLA, the #1 API security risk.