CIEM & AI-SPM
CIEM & AI-SPM — Identity Privilege Escalation + AI Service Posture
EchelonGraph adds two read-only capabilities on top of its agentless cloud scanner:
- CIEM (Cloud Infrastructure Entitlement Management) — finds privilege-escalation paths and over-privileged identities in AWS IAM and GCP IAM.
- AI-SPM (AI Security Posture Management) — checks the security posture of managed AI services: Amazon SageMaker and Amazon Bedrock.
Both are 100% read-only. EchelonGraph never creates, modifies, deletes, or escalates anything in your cloud — it only reads configuration through provider APIs. See Cloud access setup for the exact IAM permissions.
CIEM — Cloud Infrastructure Entitlement Management
Misconfigured identities are the number-one cloud attack path. A single over-privileged role or service account lets an attacker who lands anywhere pivot toward full account control. CIEM maps effective permissions and flags the identities that can escalate — before an attacker chains them.
What CIEM detects on AWS (11 rules, AWS-CIEM-001 to 011)
EchelonGraph reads IAM users, roles, and attached + inline policy documents, and flags principals that can:
- Create or set a new default policy version to widen their own access
- Attach a managed policy or write an inline policy to themselves or others
- Use PassRole to a compute service (Lambda / EC2 / Glue) to run as a more-privileged role
- Create access keys or console passwords for another principal
- Add a user to a privileged group
- Hold wildcard actions or wildcard resources
- Update an assume-role trust policy or assume a privileged role
What CIEM detects on GCP (11 rules, GCP-CIEM-001 to 011)
EchelonGraph reads the project IAM policy and custom-role definitions, and flags:
- Principals with the primitive Owner or Editor role
- Public IAM bindings (allUsers / allAuthenticatedUsers)
- Service-account impersonation (Token Creator, Workload Identity User)
- setIamPolicy holders (Security Admin / Project IAM Admin) who can grant themselves any role
- actAs (Service Account User), key admin (mint long-lived keys), and role admin (rewrite role definitions)
- Custom roles whose permissions confer privilege escalation (setIamPolicy, actAs, getAccessToken, roles.update)
> Google-managed service agents — which legitimately hold broad roles by design — are automatically suppressed, so you only see findings on your identities, not noise.
Why it matters
Every CIEM finding carries a risk score and maps to access-control requirements across CIS, SOC 2 (CC6), ISO 27001 (A.9), and NIST (PR.AC). It tells you which principal, which permission, and why it is dangerous — not generic boilerplate.
AI-SPM — AI Security Posture Management
As teams ship AI features, the managed AI services behind them become a new — and often unmonitored — attack surface. AI-SPM scores the posture of those services and pairs it with EchelonGraph's AI-compliance frameworks (NIST AI-RMF, EU AI Act, ISO 42001, MITRE ATLAS, OWASP LLM Top 10).
What AI-SPM checks on AWS
Amazon SageMaker notebooks (AWS-AISPM-001 to 003):
- Notebook with direct internet access — data-exfiltration / exposure risk
- Notebook with root access enabled
- Notebook storage not encrypted with a customer-managed KMS key
Amazon Bedrock (AWS-AISPM-004 to 005) — evaluated only when Bedrock is actually in use:
- Model-invocation logging disabled — no audit trail of genAI prompts and responses
- No guardrails configured — prompt-injection and unsafe-output controls absent
All checks are read-only (sagemaker List/Describe, bedrock Get/List).
Coverage at a glance
| Capability | AWS | GCP | Azure |
|---|---|---|---|
| CIEM — IAM privilege escalation | Live | Live | Roadmap |
| AI-SPM — SageMaker + Bedrock | Live | Roadmap (Vertex AI) | Roadmap |
Get started
- Connect your cloud account using the read-only permissions in Cloud access setup — the policy already includes the CIEM IAM-policy reads and the AI-SPM SageMaker / Bedrock actions.
- Run a scan. CIEM and AI-SPM findings appear in your dashboard alongside misconfiguration and CVE findings, ranked by risk score.