Salt Security Salt Surface is an external attack surface management tool focused on API discovery and exposure mapping. The product uses agentless, domain-based discovery to identify publicly accessible APIs from an outside-in perspective, similar to how an attacker would conduct reconnaissance. The tool continuously maps API exposure across an organization's internet-facing infrastructure without requiring agent deployment. It is designed to address the challenge of shadow, rogue, and forgotten APIs that traditional security tools may not detect because they lack API-specific capabilities. Salt Surface provides a complete inventory of externally accessible APIs and automatically detects shadow and rogue APIs. Unlike Cloud-Native Application Protection Platforms (CNAPPs) or traditional attack surface management tools that focus on IP addresses and DNS records, this product is purpose-built specifically for API discovery and mapping. The solution supports use cases including merger and acquisition exposure assessments, shadow API detection, and audit readiness with posture tracking. It operates through external reconnaissance techniques to identify API endpoints that may be unknown to the organization but visible to potential attackers.