An
attack vector is the specific path or method an attacker uses to gain access — email phishing, unpatched web app, physical USB drop, network exploitation.
Different from attack surface (the total). Attack vector is the specific route chosen. Common vectors: phishing (most common), web app vulnerabilities, stolen credentials, insider threats, supply chain.