Target repository
user@sec-workstation:~/sre-copilot$
From zero to attack graph
in under three minutes.
No agents to deploy. No SaaS data upload. Runs entirely local — your cloud credentials never leave your machine.
Discover
Point AgentSentry at your AWS account. It enumerates every IAM role, access key, service account, OAuth token, and AI agent in minutes — including ones you forgot existed.
Score
Each identity gets a P×R×E×A risk score: Privilege × Reachability × Exposure × AI-Amplification. Critical identities surface immediately. CISA KEV enrichment flags active CVEs.
Visualize
An interactive attack graph shows every identity and the access paths between them. See exactly what an attacker could reach if any given identity is compromised.
Not just AWS.
Everywhere you deploy.
Six independent providers — install only what you need. Each one checks its own permissions before touching a single API. Start with local — it needs nothing and finds more than you expect.
- ▸IAM Roles & Access Keys
- ▸Lambda execution roles
- ▸S3, RDS, Secrets Manager
- ▸Managed Identities
- ▸Service Principals
- ▸Role assignments (Owner/Contributor)
- ▸Service Accounts
- ▸User-managed SA keys
- ▸Project IAM bindings
- ▸Personal Access Tokens
- ▸Deploy Keys & SSH Keys
- ▸Actions Secrets
- ▸ServiceAccounts & RBAC
- ▸ClusterRoleBindings
- ▸Automount token exposure
- ▸Env vars & .env files
- ▸SSH keys & credential files
- ▸Docker socket & git tokens
$ agentsentry blast nhi://agent/prod-sre-copilot
select a node
{ "source": "nhi://agent/prod-sre-copilot", "compromise_assumed": true, "hops": [ { "via": "iam_role", "id": "sre-copilot-exec", "edge": "sts:AssumeRole" }, { "via": "policy", "id": "AmazonS3FullAccess", "edge": "s3:GetObject" } ], "terminal_asset": "arn:aws:s3:::customer-data-prod", "assets_reachable": 14, "data_classes": [ "PII", "billing" ], "prea": { "P": 5, "R": 2.5, "E": 3, "A": 50, "score": 1875, "severity": "CRITICAL" }}
14 assets reachable from one compromised agent · PREA 1875 [CRITICAL]
Every attack surface.
One scanner.
The only open-source tool that audits machine identities across every cloud and environment — with the same risk model, in the same scan.
Multi-Cloud NHI Discovery
Finds every IAM role, API key, service account, Managed Identity, and OAuth token — across AWS, Azure, GCP, GitHub, Kubernetes, and your local machine. One command. Every environment.
AI Agent Scanner
Statically analyzes LangChain, CrewAI, and AutoGen codebases. Extracts tool permissions. Computes the AI-Amplification Factor.
CISA KEV Enrichment
Correlates every finding against 1,610+ actively exploited CVEs. Flags ransomware-linked vulnerabilities in real time.
Attack Graph
Cross-provider attack graph. Computes blast radius: if this identity is compromised, what does the attacker reach — regardless of which cloud it lives in?
MITRE ATT&CK Mapping
Every finding maps to ATT&CK techniques. T1078.004, T1528, T1552, T1611 — the language your SOC already speaks.
Risk Scoring: P×R×E×A
Privilege × Reachability × Exposure × AI-Amplification. Consistent across all providers — the same score model whether the identity lives in AWS, K8s, or a local .env file. Novel academic contribution.
§ 4 · Scoring methodology
The PREA risk model
Every non-human identity is scored by a single multiplicative model. The formulation is deliberately auditable: each factor is computed from statically observable evidence, and the final score decomposes into the exact terms shown in scan output.
Definition 4.1 — composite risk
Risk(n) = P(n) × R(n) × E(n) × A(n)
for each identity n ∈ N, the set of discovered non-human identities
| Term | Range | Measures |
|---|---|---|
| PPrivilege | [0.1, 5.0] | Effective permission scope of the identity's credentials |
| RReachability | [0.1, 3.0] | Network and trust-boundary exposure of the identity |
| EExposure | [0.1, 3.0] | Credential hygiene: rotation age, storage, plaintext leaks |
| AAI-Amplification | [1.0, 50.0] | Risk multiplier for autonomous agents with tool access |
Example 4.1 — finding AS-0042
Risk = 5.0 × 2.5 × 3.0 × 50.0 = 1875.0 [CRITICAL]
The same identity with an L2 approval gate (A = 5.0) scores 187.5 — one configuration change moves the finding two severity bands.
§ 4.1–4.4 · The AI-Amplification factor
A is the term that distinguishes PREA from conventional identity-risk models. It isolates two statically measurable properties of an agent: what its tools can do irreversibly, and how unsupervised it is when doing it.
Each tool bound to an agent is classified by the reversibility of its worst-case invocation. Read-class tools (retrieval, search) carry a 1× weight. Write-class tools (file mutation, API POST) carry a 4× weight. Execute-class tools (code execution, shell, infrastructure mutation) carry a 10× weight, because a single invocation can establish persistence or destroy state with no rollback path. The classification is derived statically from the tool's declared schema and call sites — no runtime instrumentation is required.
Free forever.
Pay once for Pro.
The scanner is open source and always will be. Pro unlocks reports, enrichment, and JSON output — one payment, lifetime license.
- AWS, Azure, GCP, GitHub & K8s scanners
- LangChain / CrewAI / AutoGen agent scanner
- P×R×E×A risk scoring engine
- MITRE ATT&CK technique mapping
- Blast radius analysis
- CLI — runs locally, no data leaves you
- Open source — MIT license
- Everything in Free
- --visualize: interactive HTML attack graph
- --enrich: CISA KEV threat intel enrichment
- --json: JSON output for pipelines & CI
- Interactive multi-cloud scan mode
- One-time purchase — license key, yours forever
- Priority email support
2. Upgrade from your dashboard → AS-PRO-XXXX
API key & activation code delivered instantly by email · CLI works offline
Stay ahead of machine identity threats
Weekly intel on NHI security and AI agent risks — real findings, practical commands, no fluff. Join security engineers and DevOps teams already subscribed.
No spam. Unsubscribe anytime. Every Tuesday.
Get in Touch
Choose the channel that works best for you.