NSAuditor AI

Verified account

@Nsasoft

We find what your GRC platform misses: shadow admins, IAM privesc, NSG holes. SOC 2 evidence. Open source. Multi-cloud. Zero data exfil.

USA

Joined December 2009

46 Following

119 Followers

1.8K Posts

Pinned Tweet

about 12 hours ago

🚀 NSAuditor AI Enterprise Edition v0.18.0 is here — a deep GCP false-negative hardening release. 🛠️ 5 detection-gap fixes that stop "silent cleans": 1️⃣ Legacy GCS bucket ACL tracking (catches allUsers:READER when UBLA is off) 2️⃣ Project-scope SA key creation flagging 3️⃣ Transitive impersonation graph mapping (BFS up to 4 hops) 4️⃣ Pure ADC auth support — no key file needed 5️⃣ Fail-closed evidence routing (AccessDenied = FAILED, not clean) 📋 One Scan, Six Frameworks: SOC 2, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, ISO 27001:2022 & CIS Controls v8 — 62 signed evidence artifacts per run with RFC 3161 timestamps + SHA-256 sidecars. 🔌 Now native in Claude Desktop via MCP: start_assessment, prioritize_risks, compliance_check, export_report & more — turning your AI assistant into an autonomous cloud compliance auditor. #CloudSecurity #GCP #Compliance #DevSecOps

3

5

1

0

78

about 12 hours ago

📢 We've also shared this on LinkedIn — full breakdown and discussion here: https://t.co/Hxbr5PGf1G

0

2

0

0

6

about 12 hours ago

🚀 NSAuditor AI Enterprise Edition v0.18.0 is here — a deep GCP false-negative hardening release. 🛠️ 5 detection-gap fixes that stop "silent cleans": 1️⃣ Legacy GCS bucket ACL tracking (catches allUsers:READER when UBLA is off) 2️⃣ Project-scope SA key creation flagging 3️⃣ Transitive impersonation graph mapping (BFS up to 4 hops) 4️⃣ Pure ADC auth support — no key file needed 5️⃣ Fail-closed evidence routing (AccessDenied = FAILED, not clean) 📋 One Scan, Six Frameworks: SOC 2, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, ISO 27001:2022 & CIS Controls v8 — 62 signed evidence artifacts per run with RFC 3161 timestamps + SHA-256 sidecars. 🔌 Now native in Claude Desktop via MCP: start_assessment, prioritize_risks, compliance_check, export_report & more — turning your AI assistant into an autonomous cloud compliance auditor. #CloudSecurity #GCP #Compliance #DevSecOps

3

5

1

0

78

about 15 hours ago

Full release breakdown on LinkedIn: https://t.co/uK83P3RSrN

0

2

0

0

6

Who to follow

I am a MBA/CPA,CGMA Certified QuickBooks ProAdvisor helping small businesses succeed. I provide accounting, tax and consulting services.

Chiranjeev Ranjan

Ramzul Majdan Yaman

I solemnly swear that I'm up to no good

about 16 hours ago

NSAuditor AI EE 0.18.0 is live: GCP false-negative hardening. A cloud audit that reads "clean" can still be wrong. This release closes five real GCP detection gaps — no new controls, all six compliance matrices unchanged. 28 plugins. What we fixed 🧵

Nsasoft's tweet photo. NSAuditor AI EE 0.18.0 is live: GCP false-negative hardening.

A cloud audit that reads "clean" can still be wrong. This release closes five real GCP detection gaps — no new controls, all six compliance matrices unchanged. 28 plugins.

What we fixed 🧵 https://t.co/kfokVzJRJg

3

4

2

3

17

about 16 hours ago

4/ Both were caught by a new mandatory pre-publish validation gate — pack → global-install → real scan → live run — before they shipped. A false negative is the worst defect an audit tool can ship. We hunt them. npm i -g nsauditor-ai@latest https://t.co/mA4rcB9ZrY #CloudSecurity #GCP

0

3

0

0

9

about 16 hours ago

3/ Fail-closed, not silently clean. A denied GCP enumeration now routes into findings and fails its own controls. Plus two pre-existing bugs — a project-IAM check on the wrong client (never ran) and an IAM-admin client unauthenticated under pure ADC — both fixed + live-validated.

1

3

0

0

10

about 16 hours ago

2/ IAM impersonation completeness. A project-scope serviceAccountKeyAdmin can mint a long-lived key for ANY service account = offline impersonation of the whole project. And a custom role can grant actAs admin-equivalence. Both are now detected instead of reading clean.

1

3

0

0

9

about 16 hours ago

1/ Legacy-ACL public buckets. A GCS bucket made public via a legacy ACL (allUsers / allAuthenticatedUsers) while Uniform Bucket-Level Access is off was reading clean — we only checked IAM-policy exposure. Now we scan the bucket ACL + a sampled object-ACL surface.

1

3

0

0

11

2 days ago

Also on LinkedIn: watch the same Getting Started walkthrough here https://t.co/dQvZuVKQa7

3

7

0

2

42

2 days ago

New to Nsauditor AI Enterprise? Watch this quick Getting Started walkthrough, from the license key in your purchase email to your first signed audit report. Install, activate, configure, scan, and read the results, all on your own machine. No scan data ever leaves your network. One scan produces timestamped evidence packs across SOC 2, HIPAA, NIST CSF 2.0, PCI DSS, ISO 27001, and CIS Controls v8 spanning AWS, Azure, and GCP. Learn more: https://t.co/tGN97SYUTY #CloudSecurity #Compliance #SOC2 #HIPAA #DevSecOps

8

13

1

3

3K

2 days ago

Also on LinkedIn: read the full Getting Started guide here https://t.co/rwiPLuytfk

2

5

0

0

36

2 days ago

https://t.co/nq6aPennMJ

1

7

1

1

46

Nsasoft retweeted

2 days ago

Until now an NSAuditor AI cloud audit looked at ONE AWS region — whichever your account was set to. A public bucket in eu-west-1, a wide-open SG in ap-southeast-2: invisible if you happened to scan us-east-1. EE 0.17.0 adds --aws-region. 🧵

Nsasoft's tweet photo. Until now an NSAuditor AI cloud audit looked at ONE AWS region — whichever your account was set to. A public bucket in eu-west-1, a wide-open SG in ap-southeast-2: invisible if you happened to scan us-east-1.

EE 0.17.0 adds --aws-region. 🧵 https://t.co/MS0AlVxOYF

1

5

2

2

51

2 days ago

Plugin count unchanged at 28; all six compliance matrices unchanged. This is reach, not new claims. npm i -g nsauditor-ai@latest (Community) @nsasoft/nsauditor-ai-ee@latest (Enterprise) https://t.co/2mUd9KRHs3 #CyberSecurity #CloudSecurity #AWS #InfoSec

0

3

0

0

16

2 days ago

Until now an NSAuditor AI cloud audit looked at ONE AWS region — whichever your account was set to. A public bucket in eu-west-1, a wide-open SG in ap-southeast-2: invisible if you happened to scan us-east-1. EE 0.17.0 adds --aws-region. 🧵

Nsasoft's tweet photo. Until now an NSAuditor AI cloud audit looked at ONE AWS region — whichever your account was set to. A public bucket in eu-west-1, a wide-open SG in ap-southeast-2: invisible if you happened to scan us-east-1.

EE 0.17.0 adds --aws-region. 🧵 https://t.co/MS0AlVxOYF

1

5

2

2

51

2 days ago

Safe by default. No flag = single region (behaviour-preserving), and it discloses the regions it didn't scan. An unknown region code fails fast — a scan never silently mis-scopes. In Claude Desktop, "all regions" is covered automatically in small batches: full reach, no timeouts.

1

3

0

0

27

4 days ago

The part we care about most: a region it genuinely can't reach is an explicit evidence gap — the CloudTrail verdict fails closed over it, never a silent "all clear." Confirmed live in Claude Desktop. npm i -g @nsasoft/nsauditor-ai-ee@latest

0

3

0

0

23

4 days ago

We shipped NSAuditor AI EE 0.16.7 — and it came straight from a real bug report. An operator asked Claude Desktop to "audit my AWS account" and the CloudTrail auditor came back oddly thin. 🧵

Nsasoft's tweet photo. We shipped NSAuditor AI EE 0.16.7 — and it came straight from a real bug report. An operator asked Claude Desktop to "audit my AWS account" and the CloudTrail auditor came back oddly thin. 🧵 https://t.co/bPQRtLnKug

1

4

2

2

37

4 days ago

0.16.7: a short per-region connect/request timeout + wider fan-out → a dead region fails in ~2s, not 30. And an errored region is now recorded and skipped, not fatal. 234 seconds → ~13 seconds, fully multi-region.

1

3

0

0

14

Last Seen Users on Sotwe

Trends for you

Most Popular Users