Changelog

Cloud Security Testing: AWS, GCP & Azure

Automated cloud penetration testing is here. Connect your AWS, GCP, or Azure account, and RedVeil's AI agent will enumerate resources, validate misconfigurations, and report verified findings with CLI evidence.

March 9, 2026

Most cloud security tools stop at compliance checklists. They flag hundreds of "FAIL" results, dump them into a spreadsheet, and leave your team to figure out which ones actually matter. That's not a penetration test — it's a to-do list.

RedVeil's new cloud testing capability goes further. It runs real attacker methodology against your AWS, GCP, or Azure environment: enumerating resources, chasing privilege escalation paths, testing for data exposure, and verifying every finding with concrete CLI evidence before reporting it. No noise. No false positives. Just validated security issues with the exact commands and outputs to prove them.

What's new

Multi-cloud support from day one

Connect any of the three major cloud providers — AWS, GCP, or Azure. RedVeil handles provider-specific authentication, CLI tooling, and testing methodology automatically. Just provide read-only credentials, and you're ready to scan.

All credentials are encrypted at rest and only decrypted inside an isolated sandbox at scan time. They are never logged or persisted in plaintext.

Two-phase testing: recon, then investigation

Every cloud test starts with an automated recon checklist that maps your cloud security posture — identifying trust relationships, exposed services, and potential attack paths across your account.

Most cloud security scanners stop here. Tools like Prowler and ScoutSuite will hand you a list of PASS/FAIL results and call it a day. RedVeil doesn't. The AI agent uses the recon output to understand the lay of the land — what services are deployed, how identities and roles are structured, where trust relationships exist — and uses that context to inform its own areas of deeper testing. It then independently investigates and verifies every issue using the native cloud CLI (aws, gcloud, or az). If the agent can't reproduce it with its own commands, it doesn't report it. This is how you eliminate false positives at the source.

What the agent tests

The testing agent applies provider-specific methodology tailored to each cloud platform including:

  • IAM & privilege escalation — Overly permissive policies, unused credentials, role assumption chains, path-to-admin attacks, and dangerous permission combinations.
  • Storage & data exposure — Public buckets, missing encryption, overly permissive ACLs, and cross-account access policies.
  • Network security — Security groups open to 0.0.0.0/0, missing flow logs, overly permissive firewall rules, and public endpoints on sensitive resources.
  • Secrets & configuration — Credentials in environment variables, unrotated keys, secrets in container definitions, and exposed metadata.
  • Compute & containers — IMDSv1 exposure, public AMIs, default service accounts, and misconfigured Kubernetes clusters.
  • Logging & monitoring — Disabled CloudTrail/audit logs, missing log validation, and unencrypted log storage.

Evidence-backed findings

Every reported finding includes the exact CLI commands the agent ran and their raw outputs. No "possible" or "potential" issues — only confirmed, reproducible misconfigurations with severity ratings aligned to real-world exploitability:

  • Critical — Public data exposure, admin privilege escalation, credential leaks.
  • High — Cross-account access, sensitive data access, significant privilege escalation.
  • Medium — Missing encryption, overly permissive IAM, security group misconfigurations.
  • Low — Missing logging, informational disclosures, minor hardening gaps.

How it works

  1. Create a cloud project — Select your provider, enter read-only credentials, and name your test.
  2. Start the scan — RedVeil runs its recon checklist against your account, then hands the results to the AI testing agent.
  3. Agent investigates — The agent systematically validates each lead using native CLI commands, chasing privilege escalation paths and testing for real exploitability.
  4. Review findings — Each finding comes with evidence, severity, business impact, and remediation guidance. Mark false positives, retest fixes, or export for compliance.

What's next

We're expanding cloud testing with deeper coverage: attack path visualization across multi-account environments, container and Kubernetes-specific testing modules, and integration with cloud-native security tooling. Infrastructure-as-code scanning and drift detection are on the roadmap.

Availability

Cloud security testing is available on the Full Coverage and Enterprise plans. If you're on one of these plans, you can create a cloud project today. If you're on another plan and want access, reach out to our team or upgrade from your account settings.

Ready to test your cloud security posture? Create a cloud project and start your first scan in minutes.

Previous

Introducing Report Groups

Next

pentest-agent: A CLI Built for AI Agents