One attack away from a breach.
Stay protected automatically.
One platform for email security, vulnerability analysis, and brand protection. Always on. Always watching.
19 issues requiring attention
SPF record not configured for acme-corp.io
Live · checked 42s ago
Uptime
99.82%
30 day average
Avg Response
216ms
Last 24 hours
DNS Changes
2
Records modified
Open Incidents
3
Requires attention
Response Time
Latency across all endpoints
acme-corp.io
OperationalContent Integrity
HTML fingerprint monitoring
Current Hash
sha256:8f4b91a3c5e2d7f6b0c3a98e...
Last Checked
Apr 11, 2026, 13:01:42
Previous Hash
sha256:2d9e83f4a1b7c5e8d0f3b296...
Page content modified since last check
Timeline
30 daysApr 11, 2026
SecurityContent integrity change (2×)
Apr 11, 13:01Page structure integrity changed
PerformanceLatency anomaly (3×)
Apr 11, 17:54SecurityUnverified scripts detected
Apr 11, 12:0110 new scripts from unknown CDN
PerformanceLatency anomaly
Apr 11, 12:31Latency increased 3× above baseline — 658ms vs 216ms
SecurityScripts removed
Apr 11, 12:1510 scripts removed from acme-corp.io
Systemscript change (2×)
Apr 11, 13:01Active incidents
All →SPF record not configured for acme-corp.io
Requires investigation
acme-corp.io · 16 ago
New scripts detected on acme-corp.io
Potential supply-chain security risk
acme-corp.io · 16 ago
Script changes detected on acme-corp.io
Users may receive altered content
acme-corp.io · 16 ago
DMARC policy not configured
Requires investigation
acme-corp.io · 1h ago
DKIM signing not verified
Requires investigation
acme-corp.io · 1h ago
Response time 658ms (3× baseline)
Latency elevated above baseline
acme-corp.io · 2h ago
DNS Records
Track unauthorized DNS modifications
76.76.21.21
2606:4700:3033::ac43:b0c1
mail.acme-corp.io
+1 more
v=DMARC1; p=none
+3 more
ns1.vercel-dns.com
+1 more
cname.vercel-dns.com
Principles
The system for
continuous security.
Heurys is built on three ideas that don't bend — continuous coverage, adversarial thinking, and silence unless there's something real to hear.
FIG 0.1
Continuous by default
Domains, endpoints, certificates, mail — every surface is re-swept on its own cadence. No manual triggers. No windows where you're flying blind.
FIG 0.2
Adversarial AI
Autonomous red-team agents chain real attacker tradecraft — recon, phish, supply-chain, stolen credentials — then draft the fix as a pull request.
FIG 0.3
Signal over noise
Every finding is ranked against KEV, EPSS and blast-radius before it leaves the pipeline. You only see what would actually hurt if it shipped tomorrow.
Product
Find the flaw.
Then ask why it matters.
Every AI agent run produces a full replay — the exact requests, in the exact order a real attacker would chain them. Then Heurys AI walks you through what to fix, in what order, and why.
Exploit replays
Proof, not summaries
Every campaign is recorded as a Playwright trace and HAR file. Download them to step through the exact sequence an attacker would have used.
acme-corp.io
Composite campaign · 19.04.2026 13:16:20
Storyboard · 38 steps
recordingcrawl_and_discover
GET https://acme-corp.io/
{"total_links": 18, "total_forms": 0, "total_js_files": 18, "api_endpoints_found": 52, "page_title": "ACME — Internal tools online", "links_sample": ["https://acme-corp.io/terms", "https://acme-...
browser_navigate
GET https://acme-corp.io/
{"action": "navigate", "success": true, "url": "https://acme-corp.io/", "status_code": 200, "title": "ACME — Internal tools online"}
browser_execute_js
{"action": "execute_js", "success": true, "result": "{'cookies': '', 'localStorage': empty, 'sessionStorage': empty, 'currentURL': 'https://acme-corp.io/', 'userAgent': 'HeurysRedTeam/1.0 (Security Audit)', 'csr...
browser_navigate
GET https://acme-corp.io/login
{"action": "navigate", "success": true, "url": "https://acme-corp.io/login", "status_code": 200, "title": "ACME — Sign in"}
browser_execute_js
{"action": "execute_js", "success": true, "result": "{'forms': [{'action': 'https://acme-corp.io/login', 'method': 'get', 'fields': [{'name': '', 'type': 'email', 'value': '', 'required': True}, {'name': '', 'type': 'submit', 'value'...
run_scanner_module
{"module": "header_audit", "findings_count": 7, "findings": [{"id": "headers-hsts-no-subdomains", "title": "HSTS missing includeSubDomains", "severity": "low", "category": "headers", "description": "HST...
shop.acme-corp.io
Per-finding · JWT none-alg · 19.04.2026 11:02
api.acme-corp.io
Composite campaign · 18.04.2026 22:44
Heurys AI · Security advisor
Ask why it matters
The agent keeps getting 404s on /api/login. Is that safe or is it actually a finding? What should I look at next?
Not safe. The 404 body is 15,576 B and content-type is HTML — your SPA is swallowing unknown paths into the index. That hides real auth endpoints from your WAF.
Recommended next
Incidents
See what changed.
Before your users do.
Every silent deploy, third-party script swap, or unexpected bundle hash becomes a timelined incident — with a runbook, a postmortem, and one-click acknowledge or resolve. No more hearing it from support an hour later.
Incidents / 34faf0a6
New scripts detected on shop.acme-corp.io
shop.acme-corp.io · 6 events · started 19 Nis 2026 14:30
Duration
2h 16m
Events
6×
Last event
19 Nis 2026 16:30
Last notified
19 Nis 2026 16:30
Scripts removed from shop.acme-corp.io
Removed: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/O-fz855k_v53v.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/0-s13a3fre96-.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/13-vqe-hjp-rz.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/0n4z7yu76je-.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5
19 Nis 2026 16:30
New scripts detected on shop.acme-corp.io
New scripts added: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/0-s13a3fre96-.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/O0nvzl6qb_-fr.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/0ka051yepewro.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko, /_next/static/chunks/0-fz855k_v53v.js?dpl=dpl_7MqAAmbf3NaadUvUmtssieVnquko
19 Nis 2026 16:30
Scripts removed from shop.acme-corp.io
Removed: /_next/static/chunks/O0nvzl6qb_-fr.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0pqt-6bl3ukh4.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0ka051yepewro.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0ynp4-pk4roO-.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME, /_next/static/chunks/0n4z7yu76je-.js?dpl=dpl_9X4HSMCfDmZv5QUTK4nc9EzcsBME
19 Nis 2026 15:30
New scripts detected on shop.acme-corp.io
New scripts added: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/O-fz855k_v53v.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/0-s13a3fre96-.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5, /_next/static/chunks/13-vqe-hjp-rz.js?dpl=dpl_76dye5DafyNpcCUPJGg6WkzDFSS5
19 Nis 2026 15:30
Scripts removed from shop.acme-corp.io
Removed: /_next/static/chunks/O-4oo_oI06i0r.js?dpl=dpl_aB21xsPq8CmT4Lrzc8KxQh, /_next/static/chunks/0pqt-6bl3ukh4.js?dpl=dpl_aB21xsPq8CmT4Lrzc8KxQh, /_next/static/chunks/0ka051yepewro.js?dpl=dpl_aB21xsPq8CmT4Lrzc8KxQh
19 Nis 2026 14:30
FAQ
Common questions
Start protecting your
brand today.
No setup. No complexity. Full visibility in under 2 minutes.