HumanSurface method

Public exposure analysis without invasive access

HumanSurface helps organizations understand which externally visible information can increase phishing, impersonation, and social engineering risk. The assessment starts from public sources and turns them into practical remediation priorities.

Request preliminary review View example report

How the analysis works

We review public and externally visible signals, then connect them to realistic abuse scenarios. The objective is to reduce operational risk before exposure is exploited.

Public data and OSINT signals

We analyze public web pages, indexed documents, visible contact paths, role context, technology signals, and relevant open-source exposure indicators.

Business-context interpretation

We evaluate how public details about people, processes, suppliers, communications, and roles could make a fraudulent request feel credible.

Reviewed report and priorities

Findings are reviewed and organized into scores, likely scenarios, operational priorities, and immediate remediation actions.

Trust boundaries

The methodology is designed to be useful before any deeper technical activity is required.

No invasive scanning without authorization

The preliminary assessment does not perform intrusive tests or unauthorized probing.

No internal system access required

No credentials, agents, inbox access, VPN access, or internal system access are needed to confirm fit and prepare scope.

No sensitive data published

Reports are scoped for the customer. Demo materials use synthetic data and do not expose real sensitive information.

No guaranteed dark web coverage claim

Leak-related signals are treated as indicators to verify, not as a promise of complete dark web visibility or guaranteed results.

Dark Web signals

How we treat dark web signals

Leak and dark web indicators are handled as signals to interpret, not as guaranteed proof. We work with available sources, classify confidence, and turn relevant indicators into operational priorities.

Signal handling

We work on available signals and indicators linked to domains, emails, and company references.

We distinguish evidence, suspicion, and likely false positives before making recommendations.

We do not use invasive access or internal system credentials.

We do not promise total dark web coverage.

We convert relevant signals into remediation and verification priorities.

AI-assisted impersonation

Reducing AI-assisted impersonation and social engineering risk

With generative AI, seemingly harmless public information can be transformed into credible messages, targeted phishing, or impersonation attempts against key company figures. HumanSurface helps clarify which information is visible from the outside and which signals can increase operational risk.

Risk reduction

Public role descriptions can support convincing authority and urgency.

Supplier, payment, and process references can make requests feel legitimate.

Emails and communication channels can become targeting paths.

The right response is not disappearing from the web, but distinguishing business-useful visibility from risk-increasing exposure.

The goal

Start with scope, then assess

HumanSurface is built to reduce risk before it is exploited. The output is meant to help teams decide what to keep public, what to reduce, and what needs verification controls.

Identify the externally visible information that matters most.

Prioritize exposure by operational abuse scenario.

Turn findings into practical remediation work.

Support a safer public presence without blocking legitimate business visibility.

The call confirms the domain, business context, fit, and expected deliverable before assessment activation.

Request preliminary review