IAM Access Analyzer is a useful starting point for any team trying to enforce least privilege. It surfaces unused permissions, unused roles, unused access keys, and unused passwords across your AWS environment. For a feature that costs nothing to enable, it’s a no brainer approach to answering where there is ... Read More

Let’s say the typical enterprise has a 5-to-10 person security team responsible for over 11,000 identities in a single AWS organization. The majority of those identities aren’t humans. Instead they’re machine identities created by pipelines, vendors, test environments, and integrations that nobody reviews after the first sprint. Sonrai’s analysis of ... Read More

The cloud moves fast. Accounts multiply, roles get spun up for every new service, and somewhere along the way, the permissions inventory balloons into the thousands. Most enterprise AWS environments are sitting on a permissions sprawl problem they can’t fully see and the tools meant to contain it weren’t all ... Read More

Most Bedrock agents in production are running on the same IAM role they were built with. That role is now a standing identity with access to whatever services got attached during testing, invoking those permissions automatically on every execution, with no human in the loop. The potential risk should be ... Read More

Every AI agent deployed in AWS, GCP or Azure becomes a cloud identity the moment it goes live. It gets an IAM role. That role carries permissions, sometimes very privileged ones. And unless there is an automated and scalable enforcement process in place, those permissions are almost certainly broader than ... Read More

AI agents are cloud identities. They don’t get a badge or a login. They get a service account, an IAM role, or an API key, just like any other non-human identity running in your environment. Mechanically, there’s nothing new. What’s new is how many of them are being deployed, how ... Read More

AI agents are cloud identities. They receive IAM roles at deployment, hold credentials, and access cloud resources to execute tasks. But unlike human users, they do this without session-based checkpoints, without manual approval steps, and sometimes with minimal human involvement. Traditional PAM was built around the assumption that a person ... Read More

Mythos finds the vulnerability. Your permissions posture determines the damage. At sufficient scale, Mythos-style breaches are inevitable. Patching matters, but no pipeline keeps pace with thousands of simultaneous zero-days. The relevant question isn’t how an attacker got in — it’s what they can reach once they’re inside. That answer depends ... Read More

As AWS continues to evolve, new services and permissions are frequently introduced to enhance functionality and security. This blog provides a comprehensive recap of new sensitive permissions and services added in June. Our intention in sharing this is to flag the most important releases to keep your eye on and ... Read More

As AI continues to grow in importance, ensuring the security of AI services is crucial. Our team at Sonrai attended the AWS Los Angeles Summit on May 22nd, where we noted how big of a role AI is going to play in 2024. In fact, according to summit presentations, 70% ... Read More