k9 Security Blog
Secure your cloud infrastructure quickly and confidently
Severity is no longer a triage input. Risk scoring you own is.
"I'm sorry, Dave. I'm afraid I can't do that." NIST said it more politely on April 15. The NVD change is permanent, not a temporary glitch. CVE volume has outpaced NIST's analysis capacity. For 25 years, vulnerability-management programs assumed the National...
Generate least-privilege EventBridge policies and restrict access to your AWS Organization with k9-cdk
Cross-account event buses are one of the most powerful integration patterns in AWS, and an easy place to make an access policy mistake. A single overly permissive Allow statement can let principals from outside your organization publish events to your bus. With k9-cdk...
Building Evals for an AI Agent: From Zero to Consistency Testing
We're building an AI agent that triages cloud security findings. It reads a finding from AWS Security Hub or Prowler, assesses the risk, and tells an engineer exactly what to do about it with specific AWS CLI commands they can run. The agent worked. We had 620 unit...
How to Connect Strands Agents to AWS MCP with IAM Authentication
We're building a cloud security agent with Strands Agents that triages AWS security findings. The agent uses the AWS Knowledge MCP server to search and read AWS documentation. The agent looks up remediation guides, CLI syntax, and best practices as part of its...
The top AWS Identity and Organization security launches of 2025
The AWS Identity and Organization teams launched some big improvements to IAM in 2025. Read on for a quick introduction to the six changes we think are most likely to help you make an impact securing your AWS organization and identities: Enforce MFA for root users...
How to Systematically Convert Cloud Security Assessments into Client Outreach
Running assessments is familiar territory for most cloud security consultants. However, many consultants lack a standardized process for how they package findings, position their value, and follow up with clients. By creating such a system, consultants can turn...
Export Findings from Security Hub in OCSF Format: A Complete Guide
Security teams have long been challenged by security findings scattered across many tools in proprietary formats that don't play well together. If you're managing AWS Security Hub findings and need to analyze them alongside data from other security tools, you've...
k9 Security launches initial support for automated IAM security review with findings in OCSF format
k9 Security introduces automated IAM security review for AWS, delivering findings in OCSF format. This release detects excess IAM admins and stale API access keys, saving hours of manual review while improving security and compliance. Results are available in JSON, Excel, and CSV to simplify analysis and remediation.
AWS IAM Users vs. Identity Center & JIT: Is Your Cloud Access Strategy Secure or Stalling?
This article was originally written by Cloudanix Introduction The way we manage access in AWS has changed IAM dramatically. When many organizations first ventured into the cloud, creating individual AWS IAM users directly within each account was standard practice....
Effective IAM News – 2025-05-16
NCC Group's AI Red Team recently published key findings after penetration testing dozens of AI applications. Analyzing Secure AI Architectures reveals that major AI vulnerabilities stem not from model flaws, but from misunderstanding how AI systems interact with...
Get k9 News
Get k9 Security technical articles & release updates, at most weekly.