Security Teams

See your client-side supply chain. Every third-party script in your users' browsers.

Reconix maps the full attack surface of any website. TMS container contents, third-party script inventory, fingerprinting techniques, vendor breach history, and security infrastructure gaps.

Scan any domain → See sample security profile

The evidence

60%

of acquired codebases had inadequate security controls (avg 19 critical findings)

SIG, 531 M&A deals, 2025

2.74x

more vulnerabilities in AI-generated code than human-written

Veracode 2025 (security vendor: flagged), 2025

35

CVEs directly caused by AI-generated code in March 2026 alone

Georgia Tech Vibe Security Radar, Mar 2026

62.4%

of GTM community template tags have inject_scripts permission

TMS module, 2026

3-layer

browser surveillance embedded by LinkedIn across 1B+ accounts (BrowserGate)

BrowserGate investigation, Apr 2026

29%

trust in AI coding tools (down from 43% in 2024)

Stack Overflow Developer Survey 2025, 2025

What Reconix reveals

Client-side supply chain map

Every TMS tag is third-party JS with potential DOM access. We parse the container, identify every vendor, and flag those with inject_scripts permission.

Fingerprinting and surveillance detection

Canvas fingerprinting, extension enumeration, DOM spectroscopy, encrypted telemetry. Techniques that may violate criminal law in Germany (§202a StGB) and the UK (Computer Misuse Act).

Vendor breach cross-reference

2 of your 47 vendors had breaches in the last 12 months. Here's which ones, when, and what was exposed.

Shadow admin detection

Personal Gmail with PUBLISH permission on your GTM container. Paused tags with live API keys. Zombie vendor credentials.

Magecart risk assessment

GTM tags on checkout pages. Community templates with inject_scripts. The payment skimmer attack surface, mapped.

Sample risk profile

reconix: example.com
Security & Breach Exposure HIGH
Missing headers CSP, HSTS preload, Permissions-Policy
Vendors with recent breaches 2 in last 12 months
Shadow GTM admin personal Gmail with PUBLISH permission
Supply Chain & Vendor ELEVATED
Vendors detected 47 (18 from TMS container)
Paused tags with live API keys 3 zombie credentials
inject_scripts permission 11 community templates
Privacy & Surveillance HIGH
Canvas fingerprinting active
Extension enumeration detected (Article 9 risk)
Visitor de-anonymization Clearbit Reveal active

60%

of codebases: inadequate controls

2.74x

more vulns in AI-generated code

35

CVEs from AI code, March 2026

62.4%

of GTM templates inject_scripts

Before and after

No visibility into TMS container contents

Full GTM/Tealium parse: every tag, every permission, every admin

Manual third-party script audit

Automated client-side supply chain map

Vendor breach monitoring via separate feeds

Breach history cross-referenced against detected vendors

No fingerprinting detection capability

Canvas, extension enumeration, DOM spectroscopy detected

Point-in-time security assessment

Continuous monitoring with drift alerts

How Reconix compares

vs. Manual AppSec review

Days of analysis vs. 60-second automated supply chain map.

vs. SecurityScorecard / BitSight

They score organizations broadly. We go deep on individual sites with vendor-level, tag-level, permission-level granularity.

vs. Client-side protection tools (Jscrambler, Akamai Page Integrity)

They protect. We detect and map. Complementary.

Evidence briefs

Factual research from independent sources. No vendor data.

Security & Breach Exposure Brief

PDF Request

Supply Chain & Vendor Risk Brief

PDF Request

Map any domain's attack surface.

Free trial, no credit card required.

Scan any domain →