Methodology
Bounded evidence collection
The controlled run recorded 22 DNS queries, 13 HTTP requests, three TLS checks, and one intelligence-feed refresh. Collection remained allowlisted, passive, and evidence-bound.
Controlled technical methodology and validation note
KMayer Exposure Lens AI is a unified cyber exposure platform. This note documents one controlled KMayer-owned validation run completed on July 2, 2026, with a validation date range of July 2, 2026 through July 2, 2026. It explains how bounded DNS, HTTP, TLS, certificate, and intelligence-feed evidence was normalized, connected to asset relationships and possible exposure paths, routed into decision records and remediation workflows, and preserved for verification and monitoring. The run demonstrates pipeline operation and evidence provenance inside an authorized scope. It does not establish internet-wide coverage, a market benchmark, customer outcomes, or guaranteed protection.
Executive summary
The source run, live-controlled-20260702-062928, used one KMayer-owned target inside a three-entry allowlist. It completed bounded public collection, evidence normalization, asset and relationship modeling, exposure-path analysis, decision-queue generation, remediation workflow creation, report export, and monitoring-delta production without widening into exploit behavior, login attempts, form submission, or unauthorized network destinations.
Methodology
The controlled run recorded 22 DNS queries, 13 HTTP requests, three TLS checks, and one intelligence-feed refresh. Collection remained allowlisted, passive, and evidence-bound.
Normalization
Evidence was normalized into stable records with source provenance, confidence context, asset association, relationship context, and limitations before it could influence a decision.
Graph method
Three controlled assets and 17 relationships were represented in an attack-surface graph containing 61 nodes and 74 edges. Eight possible exposure paths retained evidence context rather than being presented as verified compromise paths.
Evidence lifecycle
Decision model
The run generated 10 decision-queue records. Priority remained bounded by evidence confidence, path context, ownership, timing, and the distinction between observed and inferred conditions.
Closure model
Ten remediation workflows and 36 queue-worker transitions preserved accountable next steps, change state, recheck expectations, and closure evidence instead of treating ticket completion as proof of exposure reduction.
Monitoring model
The controlled pipeline produced a monitoring delta and 11 report exports, showing that normalized evidence can continue into change review and governed reporting without exposing raw private findings publicly.
Observed controlled results
What it proves: one authorized controlled run completed the evidence-to-closure pipeline, retained provenance and relationship context, generated decision and remediation records, and produced monitoring and report artifacts while the recorded safety boundary passed.
What it does not prove: statistical performance across customers, universal asset discovery, zero false positives, market superiority, internet-wide coverage, guaranteed protection, or the outcome of a penetration test.
Limitations
The publication covers one KMayer-owned controlled run. Target identities, raw findings, private addresses, secrets, tokens, and third-party confidential details are intentionally excluded.
Reproducibility
A reproducible review uses the same authorization gate, allowlist, evidence families, normalization rules, provenance fields, graph rules, decision criteria, remediation states, recheck expectations, and redaction boundary.
Safety boundary
Public collection stays passive. Private and authorized depth require verified ownership, approved scope, governed authorization, and eligible evidence. No exploit, brute-force, login, or form-submission behavior is part of this note.
Review and update policy
Last reviewed: July 13, 2026. Runtime version: live-controlled-20260702-062928. This note is updated only when a later validated runtime materially changes the evidence families, normalization, confidence, graph, decision, remediation, recheck, monitoring, redaction, or authorization method.
Continue with the KMayer Exposure Lens AI product page, How It Works, Capability Map, Remediation and CTEM Closure, and Tool Use Policy.