Preserves the guided TinyFish-style flow while keeping SurfaceIQ product-specific.
Security analysis that feels like a guided operation, not a cold scan form.
SurfaceIQ turns a simple prompt into a live browser run, captures evidence as it moves, and delivers a report grounded in what the agent actually reached across public and authenticated routes.
Built entirely with Codex, designed for teams that want a more credible, evidence-first way to review web surfaces.
The browser trail remains visible from launch through the final report.
Actual runs that produced a finished report.
Runs that moved beyond public pages.
Evidence-backed findings recorded in this workspace.
No active runs right now.
Made for security teams that want credibility in the motion, not just in the report.
The product combines private workspaces, authenticated reviews, live browser evidence, and structured outputs without collapsing into a generic scanner UI.
Every scan, artifact, and report stays account-scoped.
User isolation is built in, so each operator sees only their own evidence, findings, and authenticated sessions.
Move through real login flows.
SurfaceIQ can fill forms or import session cookies to reach protected content before running the analysis pass.
Reports stay tied to the browser trail.
The final result links findings back to run steps, captured pages, screenshots, and artifacts instead of generic summaries.
Built for non-destructive scanning.
The current product focuses on browser-visible risk signals, reflection probes, weak forms, headers, and client exposure without aggressive exploit payloads.
The main page now tells a product story before the user ever reaches the scanner.
Instead of forcing configuration first, the landing flow introduces the interaction model, then moves the user into the live review experience at the moment they are ready.
Start with a live objective
Launch from a prompt-driven entry point instead of a raw settings form. SurfaceIQ translates intent into an executable browser run.
Authenticate only when needed
Move from public review to credentialed or session-based inspection without breaking the run flow or exposing one workspace to another.
Watch the browser capture evidence
Each run records steps, screenshots, and page-level artifacts so the final report is grounded in what the worker actually observed.