An attack vector is the path or method a threat uses to reach a target system, user, or workload.
An attack vector is the path or method a threat uses to reach a target system, user, or workload. In plain language, it is the route through which an attacker, malicious file, or unsafe action gets close enough to cause harm.
Attack vectors matter because defenders do not protect systems in the abstract. They protect the ways a threat could realistically arrive, spread, or gain influence.
They also matter because different attack vectors require different controls. Email filtering helps with one path, strong identity controls help with another, and segmentation helps with yet another.
Attack vectors appear in threat modeling, incident review, vulnerability management, phishing defense, and network or identity design. Teams connect them to Attack Surface, Threat, Vulnerability, Phishing, and Network Segmentation.
Security teams often use the term when explaining how a problem moved from possible to practical.
A company identifies email attachments, exposed remote-access portals, and overprivileged service accounts as three different attack vectors into its environment. Each one needs a different defensive response.
An attack vector is not the same as a Threat. A threat is the danger or adversarial force, while the attack vector is the route it uses.
It is also different from Vulnerability. A vulnerability is the weakness being abused, while the attack vector is how the threat reaches that weakness.