What is Attack Surface?

The attack surface of a system is the sum of all the points — endpoints, inputs, interfaces, dependencies, and data flows — where an unauthorized user could try to interact with or extract data from it. The larger the attack surface, the more opportunities an attacker has.

Every new feature, integration, or service can expand the attack surface, which is why security teams care about how it changes over time. Reducing the attack surface (for example, by removing unused endpoints) is a core defensive strategy.

Because the attack surface changes with every release, keeping track of it manually is hard. Continuous, automated threat modeling re-evaluates the attack surface whenever the system changes.