External attack surface in the AI era

Earlier, we discussed the problem of excessive digital exposure, but only within a specific area. Intruder has released a broader Attack Surface Management Index 2026 report based on data about the external network perimeters of 3,000 organizations. You can read the full version via this link.

The authors cite as on of the key factors driving the study's relevance the development of AI models capable of automatically discovering vulnerabilities on external network perimeters (we recently had a post on that too 😉). In such conditions, any excessive internet-facing service can potentially become an entry point for attackers. Most commonly exposed to the Internet are: 🔹 administrative web interfaces, such as WordPress Admin, phpMyAdmin, and others (60% of organizations). 🔹 excessive open ports and services, such as RDP, SNMP, UPnP, etc. (49% of organizations). 🔹 databases (42% of organizations). MySQL and PostgreSQL were accessible in 26% and 16% of organizations, respectively. 🔹 configuration files, including API documentation (30% of organizations).

Even among small and mid-sized businesses, 54% of organizations experienced external attack surface issues in the past year. For mid- to large-sized companies, this figure rises to 70%.

As companies grow, managing the attack surface becomes significantly more complex: 🔴 Companies with more than 5,000 employees typically manage nearly 1,700 external perimeter assets — more than twice the number handled by companies with 1,000–5,000 staff. 🔴 For organizations with 5,000–10,000 employees, resolving external attack surface issues takes up to 56 days. Smaller organizations need about 14–18 days.

✍ Meanwhile, organizations with over 10,000 employees showed the best remediation times at about 11–12 days.

By industry category: the slowest remediation of external attack surface issues occurs in the insurance sector — nearly 50 days on average. Next come pharmaceuticals & biotech, and the automotive industry, at about 43 days, while retail remains the fastest in resolving such issues.

Researchers emphasize that not every breach starts with finding and exploiting a vulnerability: an administration interface without known flaws but with a weak admin password can serve as an entry point. AI technologies not only search for new vulnerabilities but also help uncover long-standing weaknesses on external perimeters that remained unnoticed due to infrastructure scale.