Why Firecracker microVMs instead of Docker?

Each scan runs in a dedicated Firecracker microVM — the same isolation technology AWS Lambda uses. Unlike Docker containers, microVMs provide hardware-level isolation, preventing any cross-scan data leakage. Boot time is ~125ms, so there's no performance penalty.

Why a queue-based architecture?

Scans are CPU and network intensive. A Redis-backed queue (BullMQ) ensures fair scheduling, automatic retries on failure, and the ability to scale scan workers horizontally without touching the API layer. It also enables priority lanes for paid tiers.

Why Claude API for report generation?

Raw vulnerability data from tools like Nuclei and OWASP ZAP is technical noise for SMB decision-makers. Claude API reasons about findings in context — correlating vulnerabilities, mapping to DPDP sections, and generating plain-language remediation that a non-technical founder can act on.

How is scan data retained and secured?

Scan artifacts are encrypted at rest (AES-256) and purged after 90 days by default. Reports are stored in the customer's account with end-to-end encryption. We never share scan data with third parties. SOC 2 Type II certification is on our 2026 roadmap.

Attack Surface Management — Continuous Asset Discovery | Bachao.AI

You can't protect what you can't see

73% of breaches exploit assets the security team didn't know existed.

Continuous attack surface discovery. Every subdomain, every port, every exposed service — found and risk-scored by AI.

24/7monitoring

1000+asset types

₹0first discovery

<5 minnew exposure alert

Discover Your Attack Surface Free →How It Works

Free discoveryNo agent installVAPT integratedDPDP mapped

What ASM discovers — before attackers do

Six discovery capabilities that map your entire internet-facing attack surface.

Subdomain Discovery

Recursive enumeration, DNS brute-forcing, certificate transparency log mining, passive DNS — finds every subdomain attackers could target.

Port & Service Scanning

Full port range scanning, service fingerprinting, version detection, banner grabbing — maps every exposed service across your infrastructure.

Technology Fingerprinting

Web framework, CMS, WAF, CDN detection, JavaScript library enumeration, API gateway identification — knows your stack before attackers do.

Certificate Monitoring

Expiry alerts, weak cipher detection, CT log monitoring for unauthorized certificates — prevents certificate-based outages and MITM attacks.

Cloud Asset Discovery

S3 buckets, Azure blobs, GCP storage, exposed databases, unprotected APIs across all cloud providers — finds shadow cloud infrastructure.

AI Risk Scoring

Every asset scored by exposure severity, business criticality, and exploitability — prioritized for testing so your team fixes what matters first.

Manual asset inventory vs Bachao.AI ASM

Spreadsheets miss shadow IT. Continuous ASM finds everything.

	Traditional	Bachao.AI ASM
Discovery method	Manual inventory	Automated continuous
Coverage	Known assets only	Known + unknown + shadow IT
Frequency	Quarterly/annual	Daily/real-time
Risk scoring	Manual prioritization	AI-powered risk ranking
PT integration	Separate engagement	Auto-triggers VAPT on findings
RASP integration	None	Auto-generates protection rules
Cost	₹2,00,000–₹15,00,000/yr (Indian vendors)	From ₹14,999/mo

How ASM works

Four stages — from discovery to integrated protection.

1DISCOVER

Automated enumeration finds every subdomain, IP, port, cloud asset, and API endpoint across your entire internet-facing infrastructure.

2FINGERPRINT

Technology detection identifies frameworks, CMS platforms, server versions, TLS configurations, and third-party services running on each asset.

3SCORE

AI risk scoring ranks every asset by exposure severity, business criticality, and exploitability — so your team knows exactly what to fix first.

4INTEGRATE

High-risk findings auto-trigger VAPT scans. Confirmed vulnerabilities auto-generate RASP protection rules. Discover → Test → Protect in one workflow.

Discover → Test → Protect: ASM finds your exposed assets. VAPT tests them for vulnerabilities. RASP blocks exploitation in real-time. One platform, zero manual handoffs.

First discovery is free. Continuous monitoring is worth every rupee.

Start with a free scan to see your attack surface. Upgrade for daily monitoring and auto-triggered testing.

Free Discovery

₹0

One-time attack surface scan
Full asset inventory report
Top 10 critical exposures
Technology fingerprinting
PDF report delivered via email

Upgrade for continuous monitoring

Starter + Pro

₹14,999/mo

Daily / continuous discovery scans
Real-time new exposure alerts
AI-powered risk scoring
Auto-triggered VAPT on high-risk assets
RASP rule generation (Pro)
DPDP compliance mapping (Pro)

Simple pricing

Free Discovery

₹0

One-time surface scan, asset inventory, top 10 exposures — see your attack surface before you commit

Starter

₹14,999

/mo

Daily scans, real-time alerts, risk scoring, 1 VAPT/month included, email support

Pro

₹29,999

/mo

Continuous monitoring, auto-VAPT triggers, RASP rule generation, DPDP mapping, API access, dedicated support

All prices exclusive of 18% GST. GST-compliant invoices provided.

Enterprise plans from ₹1,00,000/month for unlimited domains. See full pricing

What others charge for ASM

Indian ASM platforms cost ₹2,00,000–₹15,00,000/year. Bachao.AI starts with a free discovery scan.

Vendor	Price	Billing	Source
CloudSEK (ASM module)	₹5,00,000 – ₹15,00,000/yr	annual	cloudsek.com ↗
CyberNX (threat surface)	₹2,00,000 – ₹8,00,000/yr	annual	cybernx.com ↗
TAC Security (ESOF VMDR)	₹3,00,000 – ₹10,00,000/yr	annual	tacsecurity.com ↗
→ Bachao.AI	₹0 free discovery · ₹14,999/mo continuous	monthly

Prices verified as of March 2026. All Bachao.AI prices exclusive of 18% GST. Built on Nuclei + Subfinder + httpx (MIT-licensed open-source tools).

Technical FAQ

The questions your security team will ask about ASM.

What types of assets does ASM discover?

Subdomains, IP addresses, open ports, web applications, APIs, cloud storage (S3, Azure Blobs, GCP), SSL/TLS certificates, DNS records, email servers, CDN endpoints, and third-party integrations. If it's internet-facing, we find it.

How is this different from a vulnerability scanner?

Vulnerability scanners test known assets for known vulnerabilities. ASM discovers assets you don't even know you have — shadow IT, forgotten staging servers, dangling DNS records, unauthorized cloud resources. ASM answers 'what do I need to protect?' before the scanner answers 'what's vulnerable?'

Can it find cloud assets across multiple providers?

Yes. ASM discovers assets across AWS, Azure, GCP, and DigitalOcean — including S3 buckets, blob storage, exposed databases, serverless functions, and container registries. No cloud credentials required; discovery is external, just like an attacker would see it.

How does the VAPT integration work?

When ASM discovers a high-risk asset — say, an exposed admin panel or an API with no authentication — it automatically queues a VAPT scan targeting that asset. Confirmed vulnerabilities then auto-generate RASP protection rules. The full Discover → Test → Protect lifecycle runs without manual intervention.

Does ASM require any access to my infrastructure?

No. ASM performs external discovery only — the same perspective an attacker has. No agents, no credentials, no firewall changes. You provide your root domains, and we discover everything internet-facing from the outside in.

How quickly are new exposures detected?

Starter plans run daily discovery scans — new assets are typically detected within 24 hours. Pro plans run continuous monitoring with real-time alerts — new exposures are flagged in under 5 minutes via webhook, email, or Slack notification.

Explore more products

Bachao.AI covers your entire security surface — from code to cloud to compliance.

AI VAPT Scanner

Automated penetration testing for web apps and APIs. Results in 45 minutes.

Learn more →

API Security Testing

OWASP API Top 10 coverage for REST and GraphQL endpoints.

Learn more →

Cloud Security Audit

AWS, Azure & GCP misconfiguration detection with DPDP mapping.

Learn more →

See your full attack surface — free

One scan reveals every subdomain, exposed service, and shadow IT asset across your infrastructure. No agents, no credentials, no commitment.

Discover Your Attack Surface Free Talk to Us

You can't protect what you can't see

73% of breaches exploit assets the security team didn't know existed.

Continuous attack surface discovery. Every subdomain, every port, every exposed service — found and risk-scored by AI.

24/7monitoring

1000+asset types

₹0first discovery

<5 minnew exposure alert

Discover Your Attack Surface Free →How It Works

Free discoveryNo agent installVAPT integratedDPDP mapped

What ASM discovers — before attackers do

Six discovery capabilities that map your entire internet-facing attack surface.

Subdomain Discovery

Recursive enumeration, DNS brute-forcing, certificate transparency log mining, passive DNS — finds every subdomain attackers could target.

Port & Service Scanning

Full port range scanning, service fingerprinting, version detection, banner grabbing — maps every exposed service across your infrastructure.

Technology Fingerprinting

Web framework, CMS, WAF, CDN detection, JavaScript library enumeration, API gateway identification — knows your stack before attackers do.

Certificate Monitoring

Expiry alerts, weak cipher detection, CT log monitoring for unauthorized certificates — prevents certificate-based outages and MITM attacks.

Cloud Asset Discovery

S3 buckets, Azure blobs, GCP storage, exposed databases, unprotected APIs across all cloud providers — finds shadow cloud infrastructure.

AI Risk Scoring

Every asset scored by exposure severity, business criticality, and exploitability — prioritized for testing so your team fixes what matters first.

Manual asset inventory vs Bachao.AI ASM

Spreadsheets miss shadow IT. Continuous ASM finds everything.

	Traditional	Bachao.AI ASM
Discovery method	Manual inventory	Automated continuous
Coverage	Known assets only	Known + unknown + shadow IT
Frequency	Quarterly/annual	Daily/real-time
Risk scoring	Manual prioritization	AI-powered risk ranking
PT integration	Separate engagement	Auto-triggers VAPT on findings
RASP integration	None	Auto-generates protection rules
Cost	₹2,00,000–₹15,00,000/yr (Indian vendors)	From ₹14,999/mo

How ASM works

Four stages — from discovery to integrated protection.

1DISCOVER

Automated enumeration finds every subdomain, IP, port, cloud asset, and API endpoint across your entire internet-facing infrastructure.

2FINGERPRINT

Technology detection identifies frameworks, CMS platforms, server versions, TLS configurations, and third-party services running on each asset.

3SCORE

AI risk scoring ranks every asset by exposure severity, business criticality, and exploitability — so your team knows exactly what to fix first.

4INTEGRATE

High-risk findings auto-trigger VAPT scans. Confirmed vulnerabilities auto-generate RASP protection rules. Discover → Test → Protect in one workflow.

Discover → Test → Protect: ASM finds your exposed assets. VAPT tests them for vulnerabilities. RASP blocks exploitation in real-time. One platform, zero manual handoffs.

First discovery is free. Continuous monitoring is worth every rupee.

Start with a free scan to see your attack surface. Upgrade for daily monitoring and auto-triggered testing.

Free Discovery

₹0

One-time attack surface scan
Full asset inventory report
Top 10 critical exposures
Technology fingerprinting
PDF report delivered via email

Upgrade for continuous monitoring

Starter + Pro

₹14,999/mo

Daily / continuous discovery scans
Real-time new exposure alerts
AI-powered risk scoring
Auto-triggered VAPT on high-risk assets
RASP rule generation (Pro)
DPDP compliance mapping (Pro)

Simple pricing

Free Discovery

₹0

One-time surface scan, asset inventory, top 10 exposures — see your attack surface before you commit

Starter

₹14,999

/mo

Daily scans, real-time alerts, risk scoring, 1 VAPT/month included, email support

Pro

₹29,999

/mo

Continuous monitoring, auto-VAPT triggers, RASP rule generation, DPDP mapping, API access, dedicated support

All prices exclusive of 18% GST. GST-compliant invoices provided.

Enterprise plans from ₹1,00,000/month for unlimited domains. See full pricing

What others charge for ASM

Indian ASM platforms cost ₹2,00,000–₹15,00,000/year. Bachao.AI starts with a free discovery scan.

Vendor	Price	Billing	Source
CloudSEK (ASM module)	₹5,00,000 – ₹15,00,000/yr	annual	cloudsek.com ↗
CyberNX (threat surface)	₹2,00,000 – ₹8,00,000/yr	annual	cybernx.com ↗
TAC Security (ESOF VMDR)	₹3,00,000 – ₹10,00,000/yr	annual	tacsecurity.com ↗
→ Bachao.AI	₹0 free discovery · ₹14,999/mo continuous	monthly

Prices verified as of March 2026. All Bachao.AI prices exclusive of 18% GST. Built on Nuclei + Subfinder + httpx (MIT-licensed open-source tools).

Technical FAQ

The questions your security team will ask about ASM.

What types of assets does ASM discover?

How is this different from a vulnerability scanner?

Can it find cloud assets across multiple providers?

How does the VAPT integration work?

Does ASM require any access to my infrastructure?

How quickly are new exposures detected?

Explore more products

Bachao.AI covers your entire security surface — from code to cloud to compliance.

See your full attack surface — free

One scan reveals every subdomain, exposed service, and shadow IT asset across your infrastructure. No agents, no credentials, no commitment.

Discover Your Attack Surface Free Talk to Us

Attack Surface Management — Continuous Asset Discovery for Indian Businesses

What ASM discovers — before attackers do

Subdomain Discovery

Port & Service Scanning

Technology Fingerprinting

Certificate Monitoring

Cloud Asset Discovery

AI Risk Scoring

Manual asset inventory vs Bachao.AI ASM

How ASM works

First discovery is free. Continuous monitoring is worth every rupee.

Simple pricing

What others charge for ASM

Technical FAQ

What types of assets does ASM discover?

How is this different from a vulnerability scanner?

Can it find cloud assets across multiple providers?

How does the VAPT integration work?

Does ASM require any access to my infrastructure?

How quickly are new exposures detected?

Explore more products

AI VAPT Scanner

API Security Testing

Cloud Security Audit

See your full attack surface — free

Attack Surface Management — Continuous Asset Discovery for Indian Businesses

What ASM discovers — before attackers do

Subdomain Discovery

Port & Service Scanning

Technology Fingerprinting

Certificate Monitoring

Cloud Asset Discovery

AI Risk Scoring

Manual asset inventory vs Bachao.AI ASM

How ASM works

First discovery is free. Continuous monitoring is worth every rupee.

Simple pricing

What others charge for ASM

Technical FAQ

What types of assets does ASM discover?

How is this different from a vulnerability scanner?

Can it find cloud assets across multiple providers?

How does the VAPT integration work?

Does ASM require any access to my infrastructure?

How quickly are new exposures detected?

Explore more products

AI VAPT Scanner

API Security Testing

Cloud Security Audit

See your full attack surface — free