An attack graph is a model that maps how different weaknesses, permissions, trust relationships, or exposures could connect to create possible paths to a target.
An attack graph is a model that maps how different weaknesses, permissions, trust relationships, or exposures could connect to create possible paths to a target. In plain language, it is a structured way to visualize how an attacker might move through the environment by combining multiple issues.
Attack graphs matter because security risk often comes from combinations rather than from one isolated problem. A single overprivileged service account, a reachable management system, and a weak network boundary may together create a much more serious path than any one of those issues suggests alone.
They also matter because defenders need ways to prioritize. Attack graphs help teams focus on combinations that could realistically lead to crown-jewel assets, major privilege escalation, or broad lateral movement.
Attack graphs appear in Attack Surface Management, cloud exposure analysis, identity review, segmentation design, and Threat Hunting. Teams connect them to Attack Path, Attack Surface, Crown Jewels, Dwell Time, and Network Segmentation.
Security teams use attack-graph thinking to decide which weaknesses to address first when the real danger comes from how multiple conditions combine.
A security team maps how a reachable administrative interface, permissive internal trust, and an overprivileged cloud role could connect to critical workloads. The resulting graph helps the team prioritize which control changes will break the highest-risk chains first.
An attack graph is not the same as one Attack Path. A path is one possible route. A graph is the broader model showing multiple possible routes and relationships.
It is also different from a flat vulnerability list. Vulnerability lists name issues individually. Attack graphs help defenders understand how those issues may combine into meaningful operational risk.