AeyeScan's "Web-ASM" Feature Expands Scan Scope and Items to Platform Diagnostics Area
Aeye Security Lab Inc. will enhance the "Web-ASM" feature of its AI-powered web application vulnerability assessment tool, AeyeScan, starting July 2026. This update adds port scanning, CVE database matching, and simple network diagnostics to the existing web asset discovery function, expanding the scan scope to the platform diagnostics area. This enables a two-tiered defense system combining deep scans for critical web assets and comprehensive scans for other externally exposed assets, strengthening the entire organization's security.
📋 Article Processing Timeline
- 📰 Published: June 2, 2026 at 17:00
- 🔍 Collected: June 2, 2026 at 08:20
- 🤖 AI Analyzed: June 2, 2026 at 08:25 (5 min after Collected)
Aeye Security Lab Inc. (https://www.aeyesec.jp/, Chiyoda-ku, Tokyo; President & CEO: Ayumu Aoki) announces that it will expand the scan scope and items of the 'Web-ASM' feature in its AI-powered web application vulnerability assessment tool, AeyeScan, to cover the platform diagnostics area, with the new service starting in July 2026.
[What is AeyeScan's 'Web-ASM' Feature?]
Until now, the Web-ASM feature has utilized generative AI to support the discovery, visualization, and risk assessment of unmanaged web assets (websites, web applications, APIs).
- Efficient and reliable discovery by generative AI: Generative AI comprehensively assesses multiple information sources to detect external assets related to the organization.
- Automatic visualization of information needed for triage: Automatically visualizes the importance (attributes) of web assets and the severity of risks (observed exploitable vulnerabilities).
Unlike vulnerability assessments by AeyeScan, it uses non-intrusive (non-destructive) methods to grasp the risk trends associated with web applications and domains.
[Details of the Update]
This feature enhancement will execute the following three steps on externally exposed assets (domains) to realize platform diagnostics for a broader range of assets and attack surfaces, in addition to vulnerabilities related to web applications and domains.
1. Identify 'entry points' with port scanning: Conducts port scans on detected organizational assets to identify externally exposed services.
2. Identify 'known vulnerabilities' by matching with CVE databases: Matches the product and version information of services with CVE databases to identify known vulnerabilities.
3. Identify 'security risks' with simple network diagnostics: Executes simple network diagnostics on services to identify security risks such as the exposure of unnecessary services and configuration errors.
[Optimizing Vulnerability Management with the AeyeScan Solution]
With this update to the Web-ASM feature, the entire AeyeScan solution can establish a two-tiered defense system for all assets exposed on the internet, tailored to their level of importance.
- 'Regular and continuous vulnerability assessment' for high-priority web assets (AeyeScan): Continuously performs deep vulnerability assessments that delve into the application layer for important websites and web applications, using proprietary crawling and scanning technology.
- 'Comprehensive scanning' for externally exposed assets missed by priority assessment (Web-ASM): Applies 'continuous scanning' using the newly enhanced features to assets that are often postponed due to budget or resource constraints, or could not be assessed for reasons like an unavailable environment. This automatically raises the overall security baseline of the organization and minimizes risks.
In conjunction with this update, we will be holding sessions to explain the latest defense strategies combining AI-powered ASM and vulnerability assessment as follows:
◆ 6/12 (Fri) 11:25-12:05 Interop 2026 Exhibition Hall G (7C32)
The 'Next-Generation Web Security' Concept Born from AI x ASM
—How to achieve continuous and integrated 'discovery, diagnosis, and monitoring'
◆ 7/28 (Tue) 16:00-16:30 Company-hosted Webinar
'All-in-One' Security Assessment Starting with AI
~Also supports web apps, APIs, and platforms~
■ Future Outlook
AeyeScan will continue to enhance its features based on the latest threat trends, consistently providing a 'product that can be continuously used in the field.'
Even in increasingly complex IT infrastructure environments, we will support a society where everyone can focus on creating new value by establishing a foundation that can speedily provide high-quality security without slowing down a company's growth.
■ About the Cloud-based Web Application Vulnerability Assessment Tool 'AeyeScan'
AeyeScan is a cloud-based web application vulnerability assessment tool that automates security assessments, which previously required manual work, by leveraging cutting-edge technologies like generative AI, enabling anyone to perform easy and highly accurate assessments at any time.
About Aeye Security Lab Inc.
Founded in April 2019 with the philosophy of 'solving the shortage of cybersecurity talent with technology.' We continue to provide 'new answers' in security through products and services that incorporate cutting-edge technologies like generative AI.
Representative: Ayumu Aoki, President & CEO
Location: KANDA SQUARE WeWork, 2-2-1 Kanda-Nishikicho, Chiyoda-ku, Tokyo
Established: April 2019
Business: Information security-related business (research, consulting), Provision of the cloud-based web assessment service 'AeyeScan'
[What is AeyeScan's 'Web-ASM' Feature?]
Until now, the Web-ASM feature has utilized generative AI to support the discovery, visualization, and risk assessment of unmanaged web assets (websites, web applications, APIs).
- Efficient and reliable discovery by generative AI: Generative AI comprehensively assesses multiple information sources to detect external assets related to the organization.
- Automatic visualization of information needed for triage: Automatically visualizes the importance (attributes) of web assets and the severity of risks (observed exploitable vulnerabilities).
Unlike vulnerability assessments by AeyeScan, it uses non-intrusive (non-destructive) methods to grasp the risk trends associated with web applications and domains.
[Details of the Update]
This feature enhancement will execute the following three steps on externally exposed assets (domains) to realize platform diagnostics for a broader range of assets and attack surfaces, in addition to vulnerabilities related to web applications and domains.
1. Identify 'entry points' with port scanning: Conducts port scans on detected organizational assets to identify externally exposed services.
2. Identify 'known vulnerabilities' by matching with CVE databases: Matches the product and version information of services with CVE databases to identify known vulnerabilities.
3. Identify 'security risks' with simple network diagnostics: Executes simple network diagnostics on services to identify security risks such as the exposure of unnecessary services and configuration errors.
[Optimizing Vulnerability Management with the AeyeScan Solution]
With this update to the Web-ASM feature, the entire AeyeScan solution can establish a two-tiered defense system for all assets exposed on the internet, tailored to their level of importance.
- 'Regular and continuous vulnerability assessment' for high-priority web assets (AeyeScan): Continuously performs deep vulnerability assessments that delve into the application layer for important websites and web applications, using proprietary crawling and scanning technology.
- 'Comprehensive scanning' for externally exposed assets missed by priority assessment (Web-ASM): Applies 'continuous scanning' using the newly enhanced features to assets that are often postponed due to budget or resource constraints, or could not be assessed for reasons like an unavailable environment. This automatically raises the overall security baseline of the organization and minimizes risks.
In conjunction with this update, we will be holding sessions to explain the latest defense strategies combining AI-powered ASM and vulnerability assessment as follows:
◆ 6/12 (Fri) 11:25-12:05 Interop 2026 Exhibition Hall G (7C32)
The 'Next-Generation Web Security' Concept Born from AI x ASM
—How to achieve continuous and integrated 'discovery, diagnosis, and monitoring'
◆ 7/28 (Tue) 16:00-16:30 Company-hosted Webinar
'All-in-One' Security Assessment Starting with AI
~Also supports web apps, APIs, and platforms~
■ Future Outlook
AeyeScan will continue to enhance its features based on the latest threat trends, consistently providing a 'product that can be continuously used in the field.'
Even in increasingly complex IT infrastructure environments, we will support a society where everyone can focus on creating new value by establishing a foundation that can speedily provide high-quality security without slowing down a company's growth.
■ About the Cloud-based Web Application Vulnerability Assessment Tool 'AeyeScan'
AeyeScan is a cloud-based web application vulnerability assessment tool that automates security assessments, which previously required manual work, by leveraging cutting-edge technologies like generative AI, enabling anyone to perform easy and highly accurate assessments at any time.
About Aeye Security Lab Inc.
Founded in April 2019 with the philosophy of 'solving the shortage of cybersecurity talent with technology.' We continue to provide 'new answers' in security through products and services that incorporate cutting-edge technologies like generative AI.
Representative: Ayumu Aoki, President & CEO
Location: KANDA SQUARE WeWork, 2-2-1 Kanda-Nishikicho, Chiyoda-ku, Tokyo
Established: April 2019
Business: Information security-related business (research, consulting), Provision of the cloud-based web assessment service 'AeyeScan'
FAQ
Is Aeye Security Lab a Japanese company?
Yes, it is a Japanese cybersecurity company headquartered in Chiyoda-ku, Tokyo.
What is the significance of AeyeScan's feature enhancement in the Japanese security market?
It means that a domestic company is providing features that align with the global trend of Attack Surface Management (ASM), increasing the options for Japanese companies to adopt the latest security measures without relying on foreign products.
What kind of companies is this tool primarily targeting?
It targets all companies that have public websites or web applications, but it is particularly valuable for large and medium-sized enterprises with numerous and complex IT assets to manage.
Why is it necessary to expand the scan scope to platform diagnostics?
Because attackers target not only application vulnerabilities but also weaknesses in the platform layer, such as server misconfigurations and open, unnecessary ports. Therefore, it is necessary to comprehensively protect the entire attack surface.
Will there be seminars related to this update held in Tokyo?
The article announces a presentation at 'Interop 2026' on June 12th (venue: Makuhari Messe) and an online webinar on July 28th, providing information for customers in Japan.