CyCognito Automated Security Testing (AST) is a SaaS platform that performs automated security testing across external attack surfaces in cloud, hybrid, and privately hosted environments. The platform conducts outside-in testing to identify security weaknesses across exposed systems, including web applications and network services. The platform combines asset classification with active unauthenticated testing to discover vulnerabilities and exposures. It uses multi-layered testing with crafted payloads, combining passive scanning, active scanning, and active testing methodologies. The test catalog includes over 80,000 remote checks spanning 35 threat and issue types, incorporating CISA's Known Exploited Vulnerabilities (KEV) and other internally developed and third-party tests. CyCognito provides automated asset discovery and continuous testing capabilities that scale across billions of assets. The platform includes integrated Dynamic Application Security Testing (DAST) functionality that crawls over 500 pages per web application using a multi-pass and multi-engine test architecture. It performs API discovery and risk measurement as part of its application security testing capabilities. The platform validates real-world risks through active testing rather than relying solely on banner grabs and version lookups. It provides asset inventory management, attack path visualization, and risk prioritization based on business impact and attacker interest. Testing is designed to operate safely on production systems within unauthenticated testing limits.