Research

Attack Surface Graph Modeling

March 9, 2026

Representing infrastructure and services as graphs to analyze likely attack paths and hidden dependency chains.

Many infrastructure questions become easier to answer once the environment is modeled as a graph.

Instead of asking only which assets exist, we can ask:

• which assets are reachable
• which identities bridge otherwise separate environments
• which dependencies widen blast radius
• which shortest paths connect external exposure to critical systems

This model becomes particularly useful for:

1. attack path analysis
2. vulnerability prioritization
3. dependency-aware remediation
4. segmentation validation

export type Edge = {
  from: string;
  to: string;
  relationship: 'network' | 'identity' | 'dependency' | 'trust';
};

A graph-native approach does not replace conventional inventory. It makes that inventory operationally useful.