Submit domain
The review starts from a bounded passive request and business context, not an open-ended security brief.
How the platform works
Every Exposure Lens AI assessment begins with a bounded public evidence lane. Verification protects the private workspace, where evidence becomes exposure intelligence, asset relationships, risk priorities, owner context, and next actions. When ownership and scope are approved, the authorized enterprise lane can add connector-backed evidence, deeper validation, remediation workflows, CTEM closure, and continuous monitoring.
Executive journey view
The review starts from a bounded passive request and business context, not an open-ended security brief.
The first customer-facing email protects the private route before any completed result is delivered.
Public evidence is collected first so the opening lane stays safe, non-invasive, and explainable.
The verified recipient sees either the verified-running state or the completed private results page.
If ownership and engagement qualify, the authorized enterprise lane can unlock a more decision-ready evidence set.
Read-only connector evidence and approved trusted exports can deepen confidence only when explicitly eligible.
The output moves into validation, prioritization, and deeper remediation planning rather than stopping at findings.
Review journey
Every request starts with domain validation, normalization, and guarded input handling before any public fetch begins. Invalid, private-address, localhost, and suspicious targets are rejected up front.
Bounded request capture before any review starts.
The public evidence lane, internally identified as passive_public, treats public DNS, mail-trust posture, HTTPS reachability, TLS basics, visible headers, trust files, indexing signals, and capped same-host pages as evidence inputs.
Public evidence first, no intrusive widening.
The first customer-facing message is the verification email. It protects the private results route before any completed-results delivery is allowed.
Verification comes before private delivery.
The one-time verification link confirms that the intended recipient is the person unlocking the private route, even if the opaque URL is forwarded or discovered out of context.
Private access stays tied to the intended recipient.
After verification, the private route can show a verified-running state instead of exposing incomplete results. This makes it clear that access is valid while preparation is still underway.
No partial result exposure while the review is still being prepared.
When the passive review has finished, the private page opens the completed results immediately for the verified recipient.
Completed results appear only on the verified route.
If the review finishes before verification, the ready state is preserved but the results-ready email waits until verification occurs. No verified click means no results-ready email to that recipient.
Results-ready delivery remains gated behind verification and completion.
The unlocked page explains the executive summary, technical highlights, risk themes, evidence-source context, priorities, business or trust cues, and practical next-step guidance.
Business framing and technical context stay together.
The deeper lane is governed. It applies only when verified ownership, active engagement, and the right approvals exist for the reviewed domain or account.
The authorized enterprise lane, internally identified as authorized_deep, is explicit, not anonymous or automatic.
read-only connector evidence, trusted export intelligence, monitoring, history, and deeper explainability can extend the review only inside that governed lane and only when the workflow allows them.
Connector and export context deepen the result only when the engagement qualifies.
Decision matrix
Private results are intended for the verified recipient. Verification closes the trust gap between the public submission flow and the non-indexed private results route, and it keeps completed-results email delivery aligned to the right recipient.
Public mode remains passive-only. It does not perform login attempts, brute force, credential spraying, exploit behavior, intrusive testing, hidden-path probing, or active internet-wide scanning.
KMayer can validate the findings, prioritize the highest-impact fixes, determine whether authorized deeper review is justified, interpret connector-backed or trusted-export evidence, and move the work into assisted remediation planning.
KMayer provides KMayer Exposure Lens AI. KMayer is the company and provider, while KMayer Exposure Lens AI is the tool and service family used for this review workflow.
Where deeper evidence comes from
The first review stays passive. When ownership and engagement are verified, KMayer can extend the review with approved read-only connector context, trusted export intelligence, monitoring, history, and remediation sequencing.
Passive evidence first
The first review is passive and bounded: DNS, mail posture, HTTPS, TLS, trust files, indexing signals, and capped same-host public evidence become signal layers before any deeper lane is considered.
Governed deeper context
The deeper lane is not anonymous. It requires verified ownership, active engagement, approved scope, and explicit approval for read-only connector evidence or trusted export intelligence.
Decision-ready follow-through
When eligible, connector and trusted-export context can strengthen provenance, vendor ecosystem interpretation, passive asset inventory, monitoring, history, and the sequence of practical remediation work.
Use these guides to understand the boundary between safe public evidence, governed deeper review, and practical next steps.