FAQ
These answers explain the passive external posture review, the governed authorized_deep lane, private verified results, read-only connector evidence, trusted export intelligence, vendor ecosystem mapping, passive asset inventory, and monitoring behavior in language that stays useful for technical buyers and executive readers.
The passive_public lane starts with public DNS, MX, SPF, DMARC, HTTPS, TLS, visible headers, trust files, indexing signals, and a capped set of same-host public pages. Where the evidence supports it, the wider product family can also surface vendor ecosystem mapping and passive asset inventory context.
The public entry lane is passive. It does not perform login attempts, brute force, exploit behavior, intrusive testing, or active internet-wide scanning. Public evidence comes first, and deeper authorized evidence remains governed by ownership, engagement, and approvals.
KMayer Exposure Lens AI validates the domain, queues the passive_public review, and sends the verification email first. The review runs asynchronously so the public form stays fast while the private results journey remains protected.
Verification protects the private results route and confirms that the intended recipient is the person unlocking it. It closes the trust gap between the public submission flow and the non-indexed private results page.
The results-ready email is sent only after both verification and review completion. If the scan completes first, the ready state is preserved but the results-ready email waits until the recipient verifies. If the recipient never verifies, the results-ready email is not sent to that address.
The private verified results page can include the executive summary, technical highlights, risk themes, evidence-source context, vendor ecosystem mapping, passive asset inventory cues, business or trust context, recommended next steps, and KMayer follow-up options when the review qualifies for them.
passive_public is the default entry lane and uses public evidence first. authorized_deep is a governed deeper review for verified ownership and active engagement, and it can add approved read-only connector evidence, trusted export intelligence, monitoring, history, and deeper explainability without turning the product into offensive testing.
authorized_deep improves decision quality when the engagement is eligible. It can strengthen ownership confidence, provider alignment, provenance, vendor and asset visibility, and remediation sequencing so the organization does not overreact to weak signals or underreact to stronger governed evidence.
When the reviewed tenant or domain is eligible, read-only connector evidence can confirm provider alignment, enrich inventory, improve trust and business context, and add deeper evidence around edge, identity, mail, or infrastructure posture without mutating the environment.
Connector-backed context helps confirm whether the public picture matches governed tenant, provider, or service evidence. That lowers the risk of misattributing ownership, dependencies, or remediation priority before a deeper follow-up begins.
Trusted exports and approved customer-provided files can deepen the review only inside the governed lane. They enter quarantine first, then move through review and approved-for-parse controls before structured trusted export intelligence is allowed to influence the results. Unsupported, unsafe, or out-of-scope files may be rejected.
Vendor ecosystem mapping is the evidence-backed identification of external providers around the domain, such as DNS, CDN, mail, identity, analytics, privacy, support, status, docs, code-hosting, public asset, and reporting vendors when the available evidence supports those relationships.
It is a passive asset picture built from root and www hosts, same-host pages, linked asset hosts, CSP and reporting hosts, mail policy endpoints, certificate hints, passive subdomain clues, and eligible connector or export confirmations. It is not based on intrusive subdomain brute force or active internet-wide probing.
No. The product is designed to show what matters, why it matters, and what to fix first. Environment-specific implementation sequencing, control validation, and deeper remediation detail are part of a guided KMayer follow-up instead of an open self-serve blueprint.
The result is intentionally packaged as a decision-ready review rather than a raw implementation workbook. It should help the right stakeholders understand what matters, why it matters, and what to fix first, while KMayer handles deeper control validation and environment-specific sequencing through guided follow-up.
Yes. KMayer can help validate the findings, prioritize the highest-impact fixes, assess whether authorized_deep is justified, interpret approved connector or export evidence, and move the work into assisted remediation planning and ongoing monitoring when appropriate.
Yes, when that workflow is enabled. The platform can compare scans, track drift, preserve history, explain meaningful changes over time, and keep ongoing alerts readable with governed operational context.
The private results remain locked behind the verification requirement, and the results-ready email is not sent to that recipient. Verification is the gate that turns a public request into private result delivery.
No. KMayer Exposure Lens AI is not a penetration-testing platform, exploit workflow, credential-spraying system, or brute-force tool. The public lane stays passive, and the governed deeper lane still remains read-only, approval-based, and non-offensive.
KMayer provides KMayer Exposure Lens AI. KMayer is the company and provider. KMayer Exposure Lens AI is the tool and service family used for passive external posture review, private verified results, and governed deeper review when eligible.
KMayer owns the tool interface, report layout, scoring logic, summaries, and visual presentation. Requesters remain responsible for the domains, accounts, exports, and materials they submit or authorize.
Private results are intended for the verified recipient and the requesting organization’s internal review unless KMayer gives written permission for broader use. Do not republish, resell, reverse engineer, or reuse the report format or outputs to create a competing service without written permission from KMayer.
Submit only domains and assets you own, administer, or are authorized to assess, or use the tool for legitimate passive informational review where that use is appropriate. Do not use it to target private or local hosts, or to investigate assets you are not authorized to review.
Do not use the tool for harassment, competitor surveillance, phishing, impersonation, unlawful monitoring, unauthorized investigation, credential collection, or any attempt to widen the workflow into intrusive testing. Do not upload files or exports you are not authorized to share.
authorized_deep applies only when verified ownership, active engagement, approved scope, and the right approvals are in place for the reviewed domain, account, connector, or evidence source. It is not anonymous and it is not implied by every public request.
Yes. Connector-backed evidence is read-only and approval-based. It is used only when the reviewed tenant or domain is eligible and the connector can stay attributable, bounded, and non-mutating.
No. The tool provides an evidence-backed external posture review, not a guarantee that every issue, dependency, or control gap has been discovered. Coverage depends on the evidence available, the governed workflow in use, and any approved sources that were actually eligible for that review.
No. The output is informational and prioritization-oriented. It is not a legal opinion, a formal compliance attestation, a penetration test, or incident-response advice. KMayer can help route or support those deeper services when the engagement requires them.
Use the private result to align the right business and technical stakeholders on what matters first, why it matters, and what should be validated next. Treat it as an internal decision and prioritization artifact, not as a public marketing asset or unrestricted implementation blueprint.
KMayer Exposure Lens AI is built for business leaders, IT managers, infrastructure owners, cybersecurity teams, audit preparation, MSP or partner evaluations, and organizations that need a passive external posture review now plus a governed route into deeper evidence later.
The private results page is designed to show what matters first, why it matters, and where to focus next. KMayer can then help validate the findings, prioritize the highest-impact fixes, review authorized_deep eligibility, and move the work into assisted remediation planning when appropriate.
Business decision view
Leadership decision lens
The passive result helps leadership decide whether public posture needs immediate validation, whether external trust signals are strong enough for buyers and partners, and whether deeper authorized evidence is justified.
Decision cueUse this lens when buyers, partners, procurement, or leadership need a concise posture confidence readout.
IT and security validation lens
Internal teams should confirm DNS and mail-trust findings, TLS and header posture, vendor or dependency context, and any item that needs environment-specific confirmation before remediation starts.
Decision cueEscalate findings to the system owner who can validate configuration, ownership, and operational impact.
Quick-win lens
The first practical wins are often mail authentication gaps, trust files, security header posture, public metadata hygiene, or documentation and policy exposure gaps that can be corrected without a broad project.
Decision cuePrioritize fixes that are externally visible, owner-clear, and unlikely to require a major architecture change.
Governance and trust lens
Spoofing resistance, public trust files, provider alignment, indexing posture, and consistency between public evidence and approved private context are the signals most likely to affect external confidence.
Decision cueUse this lens when the concern is reputation, partner assurance, audit-readiness, or buyer trust.
authorized_deep eligibility lens
A deeper review is appropriate when verified ownership exists, active engagement is in place, read-only connector context or trusted exports are approved, and the business needs stronger confidence before remediation.
Decision cueUse authorized_deep only when the business has approval, scope, and a reason to add private evidence.
KMayer remediation lens
KMayer can help validate findings, prioritize by business impact, sequence remediation, confirm fixes, and prepare a governed authorized_deep review when the engagement supports it.
Decision cueEngage KMayer when the next step needs evidence validation, prioritization, or coordinated remediation planning.
Buyer education resources
These supporting resources help connect Exposure Lens AI outputs to infrastructure, ransomware readiness, and provider decisions.
Have questions or need expert IT support? We’re here to help! Whether you’re looking for managed services, cybersecurity solutions, or cloud infrastructure, our team of professionals is ready to assist. Let’s work together to elevate your business with customized IT solutions.
KMayer Ltd | European Trade Centre, 7th Kilometer Business District, 1784 Sofia, Bulgaria | +31 10 8998556
© 2026 KMayer Technology Solution. All rights reserved.
