Q1. How is Censys advancing its attack surface management platform to help organizations proactively identify and mitigate emerging risks such as those tied to shadow IoT devices, exposed ICS protocols, legacy systems, and cloud misconfigurations? How do you see AI/ML changing the game in this space?
From ransomware attacks to Volt Typhoon, Internet-facing assets are the #1 attack path into organizations today. Getting security fundamentals right is paramount and companies need real-time visibility into their Internet attack surface that they can trust. We believe the most important aspect of ASM is providing comprehensive, real-time, contextualized visibility into everything that might be used to gain an initial foothold into an organization. The real challenge for ASM solutions is the ability to comprehensively and accurately find everything that an organization owns in close to real-time without false positives, to contextualize that attack surface with business and risk data, and to surface the most pressing security problems that teams need to remediate. We help teams manage not just IT infrastructure but also IoT devices, OT systems, cloud infrastructure, and more.
For our customers, Censys ASM provides uniquely accurate and contextualized visibility for asking any question that they have about themselves and protecting against today’s threats, including those in unexpected places—from unsanctioned cloud networks to non-standard ports—that are otherwise missed by other security tools. While we have long used ML/AI to help us find and contextualize every Internet service, we’re incredibly excited about how agentic approaches can help reduce the time needed to respond to incidents and to fully automate routine aspects of vulnerability and incident management.
Finally, Censys ASM is part of the Censys Platform that delivers Internet Intelligence, Threat Hunting, and search in addition to attack surface management. This provides a complete solution that allows customers to preemptively detect malicious infrastructure and block them before they attack. This is a crucial element of risk mitigation no other ASM provider can deliver today. All of this can be accessed through our UI, API, and now our recently launched Model Context Protocol (MCP) service that allows customers and partners to leverage AI agents to simplify and automate security tasks and workflows that security teams can actually focus on high value risk mitigation rather than the tedious aspect of security.
Q2. How has your transition from academic research to co-founding and building Censys shaped your approach to product development, particularly when it comes to turning cutting-edge research into practical tools for defenders? What lessons have you carried over from your academic research days that have proven most valuable, or most challenging, in driving innovation at Censys?
Frustrated by stale, inaccurate, and incomplete Internet data hindering both security research and defense, we founded Censys to dramatically improve visibility into Internet infrastructure—from critical infrastructure to adversary infrastructure. Just as bad data leads to invalid research results, bad data also leads to security oversights and breaches. Grounded in our academic roots, we are constantly benchmarking ourselves, asking how we can improve our visibility, and experimenting with new solutions for better understanding how the Internet operates. We dig deeper, understanding how the Internet works and then translating that into how we can improve visibility for operators. While many companies consider finding 80% of Internet assets to be good enough, we strongly disagree. We obsess about data quality and will always be investing in improving it. We also continue to operate transparently, publish our learnings in peer-reviewed venues, and provide access to all of our data for free to academic and non-profit researchers.
Q3. What new technologies or research insights did Censys highlight at Black Hat USA 2025? What were your plans for engaging and collaborating with customers and others at the event?
We are excited about several new innovations launched at Black Hat USA! We just launched a Model Context Protocol (MCP) server that enables easily conducting in-depth investigations about Internet infrastructure. For our new Threat Hunting module, we’ve improved our Open Directory scanner that improves our ability to fingerprint and track files within suspicious open directories. We also added a really new graphical workbench that allows analysts to visualize relationships between Internet assets during hunts.
Finally on the research side, we publish an annual State of the Internet Report (SOTIR). For 2025, we focused on malicious infrastructure and observed on average 2,906 command-and-control (C2) servers across a range of malware families and infrastructure per snapshot every two weeks. We examine C2 lifespans, hosting providers (bulletproof vs major cloud platforms), the rising use of residential devices in proxy botnets, identifying commonly abused IoT vendors, and the impact of law enforcement actions like Operation MORPHEUS. You can check out SOTIR series for yourself at: censys.com/blog/2025-sotir-intro
Building on those priorities, our Black Hat USA presence showcased how we operationalize internet-wide visibility in our product, research, and hands-on collaboration with the community. Live booth demos featured MCP-enabled investigations and “how we hunt” walkthroughs using the new workbench. Senior Security Researcher Ariana Mirian reported how Censys ensures a high quality Internet-wide perspective, in the face of constant changes, to investigate suspicious and malicious entities in her theater presentation. Lastly, through industry-specific deep-dive briefings and 1:1 sessions, the Censys Team connected with customers and the broader community to share findings, collect feedback, and coordinate on emerging threats.
