External exposure monitoring made simple with AI agents. View pricing →
Surface Drift
Get started

Know when your
public exposure
changes.

Connect your domains and keep a clean watch on what the internet can see. Surface Drift turns new hosts, weak posture, exposed config, and risky app changes into clear fixes, helping you catch exposed risk before attackers can turn it into an incident.

Start monitoring See monitor checks
LIVE Exposure change graph
NYC · US-EAST · 02:41:08 UTC
DRIFTNODE · STAGING
New admin path appeared on staging
asset · 847ms↑ 42s
NEW HOSTCLUSTER · SUBSIDIARY
Newly resolved subdomain · monitor queued
auto-scoped↑ 11:06
SUPABASECONFIG · PUBLIC
Anon key exposes public tables on app
validate access↑ 03:17
SESSION
SD-X4-2291
ENGINE
v4.2 ● OK
Δ / 24H
+184   −42
NODE CLASSES
DNS · IP · HOST · SVC
WatchedChangedRootDiffing latest snapshot
/ CAPABILITIES

Watch the changes
that matter.

Surface Drift watches your approved domains for meaningful exposure changes: new hosts, weak posture, JavaScript secrets, and backend services that should not be public. Scale adds a monthly human-reviewed summary for teams that want a second set of eyes.

01 / EXPOSURE MONITORING

A weekly view of the exposure changes that need action.

Track DNS, live hosts, TLS expiry, headers, JavaScript bundle signals, and managed backend exposure in one recurring workflow. Each run highlights what changed and what needs owner review.

CADENCEWeekly
FOCUSChanges
OUTPUTOwner review
02 / DOMAIN WATCHLIST

Keep approved domains and subdomains under watch.

Start with root domains, enrich with passive subdomain discovery, then monitor which hosts are alive and which surfaces changed since last run.

api.example.com
new service · owner review
2 high
staging.example.com
new login path detected
watch
cdn.example.com
posture unchanged
clean
03 / POSTURE DRIFT

Catch risky config drift before it becomes a project.

Watch DMARC/SPF/DKIM, TLS expiry, missing security headers, dangling DNS hints, and newly reachable admin surfaces.

DMARCpolicy.WEAK
TLSexpiry.REVIEW
HDRheaders.WATCH
DNScname.DRIFT
04 / CHANGE ALERTS

Alert on new risk, not yesterday's noise.

Every run compares against the previous snapshot. New hosts, removed protections, new risky paths, and severity changes become alerts.

New subdomains discovered
+12
New exposure hints
+3
Resolved drifts
−7
FIX LIST8/ this week
05 / HUMAN REVIEW

Human review for priority exposure changes.

When monitoring finds risky drift, Scale packages the evidence into a monthly human-reviewed summary with owner-ready next actions.

ScaleHuman reviewPriority driftFix listEvidenceOwner report
06 / REPORTS & REVIEWS

Weekly reports by default. Advanced reviews when paid.

Send concise weekly emails and fix lists by default. Scale adds a monthly human-reviewed summary, while deeper manual reviews stay scoped and paid separately.

Weekly emailPDFReview scopeFix list
/ HOW IT WORKS

A monitoring workflow that turns drift into weekly action.

Monitor runs lightweight checks first. Pro adds faster cadence, while Scale adds a monthly human review for priority drift.

ACTIVE WORKFLOW STEP

Monitor

COLLECTING

Collects DNS, live-host checks, TLS, headers, JavaScript bundle signals, and managed backend exposure so teams can review meaningful changes first.

NEW DRIFTadmin.staging.example.com

A new admin path is reachable on staging and should be reviewed by the owner.

RECOMMENDED ACTIONConfirm intent, restrict access if needed, then recheck to prove the fix.
collected signalsdiffed snapshotranked fix
/ PRICING

Plans for continuous exposure monitoring.

Monitor stays lightweight and recurring. Pro adds faster cadence and more domains. Scale adds higher limits and monthly human review. Enterprise is custom.

Monitor
$99/mo
For founders and small teams that want a clear weekly view of internet-facing risk.
  • 5 monitored root domains
  • Weekly external exposure check
  • JavaScript secrets with Supabase and Firebase exposure checks
  • TLS, DNS, security headers, and live-host checks
  • Change diff and weekly fix-list email
  • Finding states and PDF export
  • 20 one-click rechecks per month
Start monitoring
Pro
$199/mo
For teams that want daily exposure checks, more domains, and priority email reporting.
  • Everything in Monitor
  • 15 monitored root domains
  • Daily external exposure checks
  • Priority email alerts for risky drift
  • Historical diff and fix proof
  • Team seats and owner assignment
  • PDF exports and fix-list summaries
Start Pro
Scale
$499/mo
For operators that need more monitored domains, higher check limits, and a human-reviewed monthly summary.
  • Everything in Pro
  • 40 monitored root domains
  • Higher daily check quota
  • Monthly human-reviewed exposure summary
  • Priority email report workflow
  • Team access controls
  • Workspace administration
  • Priority onboarding and support
Contact sales
Enterprise
Contact us
For larger teams that need custom limits, deployment support, procurement, and a managed rollout.
  • Custom domain volume and cadence
  • Custom check cadence
  • Custom reporting workflow
  • Custom report templates and workflows
  • Dedicated onboarding and migration help
  • Self-hosting or private deployment support
  • Custom support and SLAs
  • Invoice and procurement support
Contact us

Your attack surface is moving.
Watch it on purpose.

Add a domain, pick a cadence, and start receiving change-driven emails and weekly fix lists. Recheck fixes from the same workflow, and move to Pro or Scale when a surface needs faster cadence, more domains, or priority support.

Start monitoring See pricing