Most teams try to manage AWS privilege escalation by tightening IAM policies and hoping developers keep them clean. In practice, permissions sprawl wins: old policy versions stick around, Lambda roles accumulate “just in case” access, and new services like Bedrock introduce fresh paths to abuse execution roles. Attackers do not need exploits. They use legitimate API calls to pivot from a compromised identity to admin or to sensitive data.
Sonrai stops these paths by enforcing least privilege on what identities actually use, then blocking unused privileged actions before they succeed. Cloud Permissions Firewall applies policy guardrails at runtime, flags attempts to use high-risk permissions, and supports Just-in-Time access when a real task needs elevated rights. Security shuts down privilege escalation without breaking delivery workflows or burying teams in approvals.
Nigel Sood
Cloud Privilege Threat Researcher
Sonrai Security
Eats new AWS Permissions for breakfast
Julian B.
Penetration Tester
Software Secured
Hunted down dozens of novel CVEs in IoT and apps