One attack away from a breach.
Stay protected automatically.
One platform for email security, vulnerability analysis, and brand protection. Always on. Always watching.
19 issues requiring attention
SPF record not configured for acme-corp.io
Live · checked 42s ago
Uptime
99.82%
30 day average
Avg Response
216ms
Last 24 hours
DNS Changes
2
Records modified
Open Incidents
3
Requires attention
Response Time
Latency across all endpoints
acme-corp.io
OperationalContent Integrity
HTML fingerprint monitoring
Current Hash
sha256:8f4b91a3c5e2d7f6b0c3a98e...
Last Checked
Apr 11, 2026, 13:01:42
Previous Hash
sha256:2d9e83f4a1b7c5e8d0f3b296...
Page content modified since last check
Timeline
30 daysApr 11, 2026
SecurityContent integrity change (2×)
Apr 11, 13:01Page structure integrity changed
PerformanceLatency anomaly (3×)
Apr 11, 17:54SecurityUnverified scripts detected
Apr 11, 12:0110 new scripts from unknown CDN
PerformanceLatency anomaly
Apr 11, 12:31Latency increased 3× above baseline — 658ms vs 216ms
SecurityScripts removed
Apr 11, 12:1510 scripts removed from acme-corp.io
Systemscript change (2×)
Apr 11, 13:01Active incidents
All →SPF record not configured for acme-corp.io
Requires investigation
acme-corp.io · 16 ago
New scripts detected on acme-corp.io
Potential supply-chain security risk
acme-corp.io · 16 ago
Script changes detected on acme-corp.io
Users may receive altered content
acme-corp.io · 16 ago
DMARC policy not configured
Requires investigation
acme-corp.io · 1h ago
DKIM signing not verified
Requires investigation
acme-corp.io · 1h ago
Response time 658ms (3× baseline)
Latency elevated above baseline
acme-corp.io · 2h ago
DNS Records
Track unauthorized DNS modifications
76.76.21.21
2606:4700:3033::ac43:b0c1
mail.acme-corp.io
+1 more
v=DMARC1; p=none
+3 more
ns1.vercel-dns.com
+1 more
cname.vercel-dns.com
Principles
The system for
continuous security.
Heurys is built on three ideas that don't bend — continuous coverage, adversarial thinking, and silence unless there's something real to hear.
FIG 0.1
Continuous by default
Domains, endpoints, certificates, mail — every surface is re-swept on its own cadence. No manual triggers. No windows where you're flying blind.
FIG 0.2
Adversarial AI
Autonomous red-team agents chain real attacker tradecraft — recon, phish, supply-chain, stolen credentials — then draft the fix as a pull request.
FIG 0.3
Signal over noise
Every finding is ranked against KEV, EPSS and blast-radius before it leaves the pipeline. You only see what would actually hurt if it shipped tomorrow.
Product
Find the flaw.
Then ship the fix.
Every AI agent run produces a full replay — the exact requests, in the exact order a real attacker would chain them. Then the agent writes the patch, commits it to a new branch on your repo, and opens a draft pull request for your team to review.
Exploit replays
Proof, not summaries
Every campaign is recorded as a Playwright trace and HAR file. Download them to step through the exact sequence an attacker would have used.
acme-corp.io
Composite campaign · 19.04.2026 13:16:20
Storyboard · 38 steps
recordingcrawl_and_discover
GET https://acme-corp.io/
{"total_links": 18, "total_forms": 0, "total_js_files": 18, "api_endpoints_found": 52, "page_title": "ACME — Internal tools online", "links_sample": ["https://acme-corp.io/terms", "https://acme-...
browser_navigate
GET https://acme-corp.io/
{"action": "navigate", "success": true, "url": "https://acme-corp.io/", "status_code": 200, "title": "ACME — Internal tools online"}
browser_execute_js
{"action": "execute_js", "success": true, "result": "{'cookies': '', 'localStorage': empty, 'sessionStorage': empty, 'currentURL': 'https://acme-corp.io/', 'userAgent': 'HeurysRedTeam/1.0 (Security Audit)', 'csr...
browser_navigate
GET https://acme-corp.io/login
{"action": "navigate", "success": true, "url": "https://acme-corp.io/login", "status_code": 200, "title": "ACME — Sign in"}
browser_execute_js
{"action": "execute_js", "success": true, "result": "{'forms': [{'action': 'https://acme-corp.io/login', 'method': 'get', 'fields': [{'name': '', 'type': 'email', 'value': '', 'required': True}, {'name': '', 'type': 'submit', 'value'...
run_scanner_module
{"module": "header_audit", "findings_count": 7, "findings": [{"id": "headers-hsts-no-subdomains", "title": "HSTS missing includeSubDomains", "severity": "low", "category": "headers", "description": "HST...
shop.acme-corp.io
Per-finding · JWT none-alg · 19.04.2026 11:02
api.acme-corp.io
Composite campaign · 18.04.2026 22:44
Heurys AI - Auto-Fix-PRs
Ship the fix, not just the finding
security: fix SSRF in imports/webhook.py
#482 · opened just now
Files changed 2
app/imports/webhook.py
+3 -1
app/utils/url_safety.pynew
+8
Incidents
See what changed.
Before your users do.
Every silent deploy, third-party script swap, or unexpected bundle hash becomes a timelined incident — with a runbook, a postmortem, and one-click acknowledge or resolve. No more hearing it from support an hour later.
Incidents / 34faf0a6
New scripts detected on shop.acme-corp.io
shop.acme-corp.io · 6 events · started 19 Nis 2026 14:30
Duration
2h 16m
Events
6×
Last event
19 Nis 2026 16:30
Last notified
19 Nis 2026 16:30
Scripts removed from shop.acme-corp.io
Removed: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/O-fz855k_v53v.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/0-s13a3fre96-.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/13-vqe-hjp-rz.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/0n4z7yu76je-.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5
19 Nis 2026 16:30
New scripts detected on shop.acme-corp.io
New scripts added: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/0-s13a3fre96-.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/O0nvzl6qb_-fr.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/0ka051yepewro.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/0-fz855k_v53v.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko
19 Nis 2026 16:30
Scripts removed from shop.acme-corp.io
Removed: /_next/static/chunks/O0nvzl6qb_-fr.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0pqt-6bl3ukh4.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0ka051yepewro.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0ynp4-pk4roO-.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0n4z7yu76je-.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME
19 Nis 2026 15:30
New scripts detected on shop.acme-corp.io
New scripts added: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/O-fz855k_v53v.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/0-s13a3fre96-.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/13-vqe-hjp-rz.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5
19 Nis 2026 15:30
Scripts removed from shop.acme-corp.io
Removed: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_aB21xsPq8CmT4Lrzc8KxQh, /_next/static/chunks/0pqt-6bl3ukh4.js?dpl=dpl_aB21xsPq8CmT4Lrzc8KxQh, /_next/static/chunks/0ka051yepewro.js?dpl=dpl_aB21xsPq8CmT4Lrzc8KxQh
19 Nis 2026 14:30
FAQ
Common questions
Start protecting your
brand today.
No setup. No complexity. Full visibility in under 2 minutes.