Cloud Search: Search asset inventory

public s3 buckets

Public S3 buckets are frequently misconfigured and can lead to data exposure or leaks. There are also multiple ways to make a bucket public.

buckets outside eu

Helps enforce data residency compliance (e.g., GDPR), ensuring sensitive data doesn't leave allowed regions.

users without mfa

Accounts without Multi-Factor Authentication are vulnerable to account takeover via credential theft.

users with programmatic access

Identifies users who can interact with the cloud via API keys—these credentials are a common target for attackers.

databases without deletion protection

Prevents accidental or malicious deletion of critical databases.

EC2 instances with open management ports

Ports like SSH (22) and RDP (3389) open to the internet are major attack vectors for unauthorized access.

RDS databases allowing traffic from ec2 instances

Helps identify trust relationships and lateral movement paths that attackers could exploit.

Lambda functions not running in VPCs

Functions outside VPCs may lack network controls and expose sensitive traffic to the public internet.

ec2 instances that might host databases

Helps identify data stores that may need additional protection or monitoring, even if not explicitly labeled.

lambdas with access to VPC endpoints

Misused Lambda functions with VPC access can interact with sensitive internal services or databases.

ec2 instances with access to s3 buckets

Detects possible data exfiltration paths via overly-permissive IAM roles.

lambdas that can create users

Functions with privilege to create users can be abused for persistence or privilege escalation.

iam roles accessible from other accounts

Cross-account access increases your attack surface and may be unmonitored.

users with admin privileges

Overprivileged users are a primary cause of security misconfigurations and insider threats.

overprivileged IAM roles

Detects roles with excessive permissions that exceed least-privilege best practices.

ec2 instances vulnerable to CVE-2025-21613

Allows targeted remediation of known, high-risk vulnerabilities in your infrastructure.

ec2 instances running outdated OS

Legacy systems often lack critical security patches and support, increasing risk.

VMs with outdated python

Outdated runtimes can be vulnerable and incompatible with modern security libraries.

VM with critical vulnerabilities

Prioritizes the remediation of VMs with the highest likelihood of being exploited, based on vulnerability severity.

ec2 instances vulnerable to log4shell

Specific vulnerability targeting ensures you can patch critical zero-days quickly and thoroughly.

containers with high or critical vulnerabilities

There are multiple ways to run containers in the cloud, including ECS, Lambda, App Runner, and others. With this, you can identify and prioritize containers impacted by significant vulnerabilities.

containers with outdated python

Quickly identify containers across all services that use outdated packages (python in this case).

containers with eol distros

Containers can also run unmaintained operating systems, typically part of the base image. Updating these will significantly increase the security of your containers, likely addressing many vulnerabilities as well.

show me public ec2 instances vulnerable to CVE-2025-21613 with access to s3 buckets

Models an end-to-end attack chain: public exposure + vulnerability + access to sensitive data.

lambda functions created manually

Manual provisioning can bypass IaC guardrails or compliance checks.

functions exposed to the internet with admin permissions

Serverless resources with admin rights and internet exposure can be abused for privilege escalation and data exfiltration.

my riskiest datastores

Lets Aikido surface the highest-risk data assets based on exposure, vulnerability, and privilege — for prioritized protection.