Frequently Asked Questions

Hadrian gestisce l'ampiezza e la frequenza che i tester umani non possono sostenere: copertura continua su tutta la superficie di attacco, su richiesta, con qualità costante a ogni engagement. Per lavori specializzati come esercizi red team o test approfonditi della logica applicativa, l'expertise umana ha ancora un ruolo. Molti clienti utilizzano Hadrian come baseline continua e riservano i tester manuali per analisi mirate e approfondite dove aggiungono il maggior valore.

I pentest tradizionali sono puntuali, limitati nel perimetro e variabili in qualità a seconda di chi viene assegnato. Richiedono settimane di pianificazione, giorni di esecuzione e producono un report già obsoleto prima di essere consegnato. Hadrian funziona secondo il tuo calendario, copre l'intero perimetro esterno e fornisce finding validati in poche ore. Nessun ciclo di approvvigionamento, nessun SOW, nessuna attesa. E i risultati sono coerenti ogni volta, senza dipendere dalle competenze o dalla disponibilità di un singolo tester.

Il penetration testing agentivo utilizza agenti IA autonomi, addestrati da professionisti esperti di sicurezza offensiva, per trovare e sfruttare le vulnerabilità su tutta la tua superficie di attacco esterna. A differenza del pentesting tradizionale, che si affida a un singolo tester che lavora su un perimetro fisso per alcune settimane, il pentesting agentivo distribuisce centinaia di agenti specializzati che lavorano in parallelo, adattano il loro approccio in base a ciò che trovano e concentrano la profondità dove esistono veri percorsi di exploitation.

Hadrian deploys extremely quickly. Because the platform is fully agentless and cloud-based (SaaS), it requires no software installation, no on-premise hardware, and no complex system integration.

Hadrian maintains a focus on the hacker's perspective, meaning it places more weight on scanning external-facing assets, as opposed to internal assets. However, with the introduction of Infostealers Infection Detection and the in-development Authenticated Scanning, Hadrian is creating tools that can help unify internal and external network security.

No. Hadrian is fully agentless. There are no agents installed on endpoints, servers, or internal infrastructure. The platform operates externally as a cloud-based SaaS solution. While Hadrian uses AI-driven automation within the platform, this does not involve installing agents on devices or networks.

Exposure Management (often referred to in the context of Continuous Threat Exposure Management or CTEM) is a proactive cybersecurity strategy that goes beyond simple vulnerability scanning. It focuses on continuously identifying, assessing, validating, and remediating threats to an organization’s digital assets from an attacker's perspective. Unlike traditional methods that rely on periodic checks, Exposure Management is a continuous cycle designed to close the gap between what an organization thinks is secure and what is actually exposed to the internet.

Hadrian finds assets using a continuous, agentless, and multi-layered approach that combines broad internet scanning, AI-driven prediction, and visual fingerprinting. The process begins simply by providing a domain or brand name, after which the platform automatically maps the organization's external attack surface.

Yes, Hadrian is an Attack Surface Management (ASM) tool, though it is more specifically categorized as an Offensive Security Platform that focuses on External Attack Surface Management (EASM) and Adversarial Exposure Validation (AEV). While it performs the core functions of an ASM tool—mapping, inventorying, and monitoring digital assets—it distinguishes itself by integrating these capabilities with automated penetration testing and continuous threat exposure management (CTEM)

Yes. Hadrian facilitates M&A due diligence by rapidly discovering and assessing the security posture of acquired assets, ensuring you understand the risks inherited during a transaction.

Yes, Hadrian offers a comprehensive REST API that allows for custom integrations, data retrieval, and workflow automation.

Hadrian identifies a wide range of internet-facing assets, including domains, subdomains, IP addresses, certificates, cloud instances, and IoT devices. It also detects over 10,000 SaaS applications and thousands of software packages/versions.

Hadrian uses a contextual risk scoring algorithm that considers business relevance, asset attractiveness, discoverability, and ease of exploitation. It assigns severity scores (Critical, High, Medium, Low) aligned with SLAs—for example, critical risks should be addressed within 24 hours.

Deployment is rapid and can be completed in minutes. Because it is agentless, it starts mapping your attack surface automatically once a domain is provided.

Event-based scanning is a dynamic security testing approach where active vulnerability assessments are triggered by specific changes or "events" within an organization's environment, rather than relying solely on static, pre-scheduled batch scans.

Hadrian can be used across many industries including (but not limited to) Finance, Manufacturing, Retail, Education, Healthcare, Private Equity, and more. All industries can derive value from a proactive approach to security operations.

Hadrian utilizes both passive and active scanning techniques.The platform employs a hybrid approach where passive methods are used for broad discovery and mapping, while active methods are used for targeted validation and exploitation simulation.

External Attack Surface Management (EASM) is a cybersecurity practice that combines automated discovery, asset tracking, and vulnerability scanning to deliver an automated, continuous analysis of an organization's attack surface. Unlike internal security tools, EASM adopts an "outside-in" perspective (often called the "hacker's perspective"). It focuses exclusively on digital assets that are exposed to the internet, aiming to identify what a threat actor can see, reach, and potentially exploit.

Hadrian is an agentic AI offensive security platform that helps modern security teams prevent breaches by continuously assessing the external attack surface, validating real-world threats, and prioritizing exploitable exposures. Agentic AI powers 10x visibility into your critical risks, cuts through false positives, and provides step-by-step remediation guidance. Organizations reduce time to resolution by 80%, reclaim 10+ hours weekly, and act before attackers can. With Hadrian, you don’t just keep up, you leave your adversaries in the dust.

Hadrian's Partner Program focuses on three primary collaborations: Managed Security Service Providers (MSSPs), Resellers, and Technology Partners. MSSPs utilize Hadrian’s multi-tenant platform to augment their red teaming capabilities and streamline service delivery, while resellers facilitate global market expansion—particularly in the US and APAC—by adapting sales motions to local needs. These commercial partnerships are underpinned by Technology Partnerships that ensure seamless integration with existing security stacks (such as SIEM and SOAR) and enhance capabilities through data collaborations, all supported by dedicated customer success teams and guided onboarding.

The Hadrian Partner Program strategically expands its market reach and technical capabilities by collaborating with Managed Security Service Providers (MSSPs) and resellers, utilizing a multi-tenant platform to augment red teams and automate reconnaissance for efficient client management. While MSSPs serve as a core sales channel and service enhancer, reseller partnerships facilitate international growth—particularly in the US and APAC—by adapting to local market needs. This ecosystem is underpinned by robust technology partnerships that provide seamless, cost-inclusive integrations with over 200 third-party tools (such as SIEM and SOAR), all supported by dedicated customer success managers and guided onboarding to ensure operational excellence.

Hadrian empowers Security Operations Center (SOC) teams by shifting from passive vulnerability scanning to active adversarial validation, a process that drastically reduces alert fatigue by filtering thousands of theoretical alerts down to confirmed, exploitable threats. By automating the manual investigation workflow through AI-driven validation and generating undeniable Proof of Concepts (PoC), the platform allows analysts to bypass tedious triage and focus immediately on verified risks. This real-time, event-driven capability integrates seamlessly with existing SIEM and SOAR ecosystems to streamline response times , while simultaneously enriching security posture with proactive threat intelligence—ensuring continuous, high-fidelity visibility across the entire attack surface.

Unlike traditional tools that run periodic scans and produce high volumes of false positives, Hadrian operates continuously and autonomously. It uses an event-based agentic AI to mimic human hacker behavior, validating risks to ensure they are actually exploitable. This reduces noise and allows teams to focus only on verified threats.

Security Operations teams and CISOs of medium and large enterprises who struggle with asset inventory, alert validation, and threat prioritization in their work processes.

Adversarial exposure validation transforms vulnerability management by using context-aware AI agents to actively mimic real-world attackers, safely executing complex, multidimensional exploit chains to test an organization's defenses. Rather than relying on theoretical alerts, this process autonomously validates risks by attempting actual exploitation—filtering out thousands of false positives and delivering undeniable Proof of Concept (PoC) evidence for the few genuine threats that matter. By continuously simulating these attacks and automatically re-testing remediations, the system ensures security teams focus only on confirmed, exploitable vulnerabilities without disrupting production environments.

Hadrian can completely or partially replace traditional penetration testing, depending on the organization's needs. It is designed to act as an automated, continuous alternative to the periodic manual testing model.

Hadrian minimizes false positives by distinguishing between "Potential Risks" and "Verified Risks." For verified risks, the AI Orchestrator safely simulates an attack to prove the vulnerability is exploitable, providing a proof-of-concept for the finding. This reduces tens of thousands of potential alerts to the specific few that matter.

Hadrian’s agentic AI validates exposures through an "AI Orchestrator" that autonomously mimics human ethical hackers , moving beyond static scripts to context-aware, active exploitation. Instead of indiscriminately testing assets, the agents analyze the specific technology stack and configuration to decide which "agentic risk-finding mechanisms" to deploy, safely executing complex, multidimensional attack chains to confirm actual exploitability. This continuous, event-driven process triggers immediately upon detecting infrastructure changes and produces detailed Proof of Concept (PoC) evidence, ensuring security teams receive undeniable, reproducible proof of verified risks rather than theoretical alerts.

Hadrian’s "Verified Risks" eliminate the need for manual proof of work by leveraging an AI Orchestrator that autonomously validates vulnerabilities through safe, real-world attack simulations, effectively filtering out the false positives that plague traditional management. This process replaces time-consuming manual investigation with automated evidence generation, providing developers with detailed Proof of Concept (PoC) logs, attack chain descriptions, and specific remediation instructions. By further automating the lifecycle through instant regression testing to confirm successful fixes, Hadrian ensures that security teams can bypass the tedious validation phase and focus entirely on remediating genuine, confirmed threats.

Hadrian refines its AI risk scoring model through a continuous feedback loop where user-driven adjustments to risk severity directly train the machine learning algorithms. When users manually re-categorize a risk based on internal context, the model learns to tailor future assessments, while Hadrian’s in-house hacker team simultaneously reviews these changes to validate algorithmic accuracy. Although analysis indicates that only a fraction of a percent of risks are typically re-categorized—suggesting high initial precision—this combination of automated learning and human oversight ensures the platform constantly evolves to match the specific security reality of each organization.

Hadrian distinguishes between "Potential" and "Verified" risks by leveraging its AI Orchestrator to actively validate theoretical vulnerabilities rather than relying solely on passive detection. While Potential risks are identified through non-intrusive methods like version fingerprinting and represent hygiene issues or theoretical susceptibilities, Verified risks are confirmed threats where the AI has successfully simulated an ethical hack to prove exploitability. This validation process eliminates false positives by providing concrete Proof of Concept (PoC) evidence for every confirmed flaw, allowing security teams to filter out noise and prioritize immediate remediation for genuine, actionable threats over theoretical exposures.

Hadrian prioritizes risks using a proprietary, context-aware machine learning algorithm that goes beyond standard vulnerability scores (like CVSS). Instead of treating every vulnerability equally, the platform assesses the actual danger an asset faces based on "the hacker's perspective."

Hadrian’s Subwiz AI transcends standard dictionary attacks by employing machine learning to generate intelligent permutation alterations of wordlists based on analyzed naming patterns. This predictive approach identifies hidden subdomains absent from public records, which are then instantly validated through SanicDNS—a high-speed resolution tool operating 200 times faster than traditional alternatives. By combining AI-driven prediction with rapid validation, Subwiz uncovers over 10% more subdomains than conventional methods, effectively revealing Shadow IT and assets that evade standard detection.

Hadrian uncovers Shadow IT and hidden infrastructure by combining broad internet scanning, cloud integrations, and proprietary AI to map the complete external attack surface. The platform moves beyond standard technical scanning by utilizing visual fingerprinting to link disparate assets to an organization, while predictive AI models identify unlisted subdomains and dynamic IP addresses. This continuous, event-driven process triggers immediate assessments upon detecting changes , ensuring that even forgotten environments, third-party SaaS applications, and misconfigured cloud resources are detected and validated in real-time.

Hadrian performs asset inventory through a continuous, automated, and agentless process. Unlike traditional methods that rely on manual spreadsheets or periodic checks, Hadrian dynamically maps an organization’s entire digital footprint starting with a single domain or brand name.

Event-based scanning is a dynamic security testing approach where active vulnerability assessments are triggered by specific changes or "events" within an organization's environment, rather than relying solely on static, pre-scheduled batch scans.

Hadrian’s AI agents operate primarily through a central engine or data layer. This system is designed to autonomously mimic the decision-making processes and behaviors of human ethical hackers to discover, validate, and prioritize risks without manual intervention.

Hadrian's Offensive Security Platform is built around the Continuous Threat Exposure Management (CTEM) framework, automating all five phases: Scoping (defining the internet-facing attack surface with asset groups and business context), Discovery (continuous hourly scanning that identifies shadow IT, supply chain risks, and unknown assets using AI), Prioritization (context-aware risk scoring that incorporates asset criticality, threat intelligence, CISA KEV data, and dark web monitoring to rank genuine threats), Validation (the key differentiator—using an agentic AI to actively simulate attacks and prove exploitability within 15 minutes, eliminating false positives), and Mobilization (providing actionable remediation guidance with automatic regression testing and integration into ticketing/communication tools). By automating this continuous loop, Hadrian enables organizations to identify and harden their defenses from the attacker's perspective, aligning with Gartner's forecast that CTEM adoption makes organizations three times less likely to suffer a breach.

CTEM stands for Continuous Threat Exposure Management. It is a proactive cybersecurity framework designed to move organizations beyond static, periodic security testing (like annual penetration tests) toward a continuous, automated cycle of identifying and mitigating risks. Organizations that prioritize security based on a CTEM program are forecast to be "three times less likely to suffer a breach"

Sì. Una delle nostre capacità principali è la scoperta autonoma degli asset. Scansioniamo continuamente Internet per identificare sottodomini dimenticati, istanze cloud e server legacy appartenenti alla tua organizzazione ma non presenti nell’inventario ufficiale. Non puoi proteggere ciò che non puoi vedere, e Hadrian garantisce una visibilità completa sul tuo perimetro esterno.

Riduciamo l’alert fatigue attraverso la validazione. La maggior parte degli strumenti di sicurezza inonda i team di avvisi basati sulla gravità teorica (punteggi CVSS). Hadrian filtra questo rumore tentando di sfruttare la vulnerabilità rilevata. Se non è sfruttabile a causa di un firewall o di una configurazione specifica, la declassiamo in priorità. Segnaliamo solo rischi verificati (veri positivi) con un percorso di compromissione confermato, permettendo al tuo team di concentrarsi su ciò che deve essere realmente risolto.

Gli scanner tradizionali si basano su elenchi statici di vulnerabilità note (CVE) e spesso generano numerosi falsi positivi. Hadrian va oltre il semplice rilevamento eseguendo una validazione dell’esposizione in chiave avversariale. La nostra piattaforma simula in modo sicuro tecniche di attacco reali per verificare se una vulnerabilità sia effettivamente sfruttabile nel tuo ambiente specifico. Non ci limitiamo a segnalare un potenziale problema: dimostriamo se è realmente rilevante.

Hadrian è una piattaforma di sicurezza offensiva basata su IA agentica che aiuta i team di sicurezza moderni a prevenire le violazioni prima che si verifichino. L’IA agentica scopre continuamente gli asset esposti su Internet, emula il comportamento degli attaccanti e valida quali esposizioni siano realmente sfruttabili, eliminando il rumore e dando priorità a ciò che conta di più. Hadrian offre una visibilità 10 volte superiore sui rischi critici, elimina il 99,4% del rumore degli alert grazie a una validazione affidabile e riduce dell’80% il tempo di remediation con indicazioni chiare e facilmente riproducibili.