Product & Capabilities

Ira

An AI-driven, multi-agent incident response system for AWS environments. Decision support, not autonomous action. AWS-native, fully auditable.

Overview

Ira is a decision-support system, not an autonomous actor. Every containment action it surfaces requires human approval before execution. The system is designed for security engineers and CISOs who need to move faster without sacrificing oversight.

It deploys entirely within your AWS account via Terraform, uses only IAM-scoped read access to telemetry sources, and produces a fully auditable record of every analysis it performs. Nothing leaves your environment.

Telemetry Sources

What Ira analyses

AWS CloudTrail

CloudTrail Analysis

Correlates API call patterns across accounts and regions to identify credential misuse, privilege escalation, and lateral movement.

What is ingested

All management events from CloudTrail — API calls across IAM, EC2, S3, Lambda, and supporting services. Both read and write events are analysed; write events carry higher baseline signal weight.

What the agent looks for

  • Credential use from unexpected IP ranges or geographies
  • Privilege escalation chains (assume-role sequences, policy attachments)
  • Service enumeration patterns (rapid Describe* / List* calls across services)
  • API calls from newly created or recently modified IAM principals
  • Console login followed immediately by programmatic access from a different source
Example finding JSON 
{
  "signal": "CREDENTIAL_MISUSE",
  "severity": "HIGH",
  "principal": "arn:aws:iam::123456789012:user/deploy-bot",
  "event": "AssumeRole",
  "target_role": "arn:aws:iam::123456789012:role/OrganizationAccountAccessRole",
  "source_ip": "185.220.101.47",
  "region": "eu-west-1",
  "timestamp": "2026-03-25T03:41:22Z",
  "rationale": "Principal has never assumed this role. Source IP is a known Tor exit node."
}
VPC Flow Logs

VPC Flow Log Analysis

Detects anomalous network behaviour — port scans, unexpected egress, data exfiltration patterns — across your VPC infrastructure.

What is ingested

Accepted and rejected flow records from VPC Flow Logs, including source/destination IP, port, protocol, bytes transferred, and action. Both intra-VPC and internet-bound traffic is analysed.

What the agent looks for

  • High-volume egress to external IPs (potential data exfiltration)
  • Sequential port scanning from internal hosts
  • Connections to known malicious IP ranges (threat intelligence correlation)
  • Unexpected inter-VPC or cross-account traffic flows
  • Traffic on non-standard ports from compute instances
Example finding JSON 
{
  "signal": "DATA_EXFILTRATION_SUSPECTED",
  "severity": "CRITICAL",
  "source_instance": "i-0abc1234def56789",
  "destination_ip": "203.0.113.88",
  "destination_port": 443,
  "bytes_transferred": 2147483648,
  "duration_seconds": 312,
  "rationale": "2GB egress to external IP in 5 minutes. No matching inbound session. Instance has S3 read access to sensitive buckets."
}
S3 Access Logs

S3 Access Log Analysis

Identifies mass download events, public access anomalies, and cross-account bucket access that indicate data exfiltration or misconfiguration exploitation.

What is ingested

Server access logs from S3 buckets where logging is enabled — including requester identity, operation type, object key, bytes transferred, HTTP status, and referrer.

What the agent looks for

  • Mass object download events (high object count or byte volume in a short window)
  • Access from principals that have never previously accessed the bucket
  • Cross-account access from unrecognised account IDs
  • Access denied spikes (potential enumeration of object keys)
  • GetObject requests on objects tagged as sensitive or with restricted prefixes
Example finding JSON 
{
  "signal": "MASS_DOWNLOAD",
  "severity": "HIGH",
  "bucket": "prod-customer-data-us-east-1",
  "requester": "arn:aws:iam::987654321098:role/external-audit",
  "objects_accessed": 14200,
  "bytes_transferred": 89000000000,
  "window_minutes": 8,
  "rationale": "14,200 objects downloaded in 8 minutes by a role with no prior access history to this bucket."
}
Amazon GuardDuty

GuardDuty Integration

Uses GuardDuty findings as high-confidence triggers, enriching them with cross-service context from CloudTrail, VPC Flow, and Config to produce actionable response guidance.

What is ingested

All active GuardDuty findings via EventBridge — including finding type, severity, affected resource, and the GuardDuty-assigned confidence score. Archived findings are excluded by default.

What the agent looks for

GuardDuty findings are treated as high-confidence triggers rather than raw signals. The agent uses them to initiate targeted analysis in the other sub-agents — enriching the GuardDuty finding with:

  • The CloudTrail API call chain that preceded the finding
  • VPC Flow records for the affected instance or principal
  • AWS Config history for the affected resource (was it recently modified?)
  • Cross-service blast radius assessment
Example finding JSON 
{
  "signal": "GUARDDUTY_ENRICHED",
  "severity": "CRITICAL",
  "guardduty_finding_id": "abc123def456",
  "finding_type": "UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS",
  "affected_resource": "arn:aws:ec2:us-east-1:123456789012:instance/i-0abc1234def56789",
  "enrichment": {
    "cloudtrail_signals": 3,
    "vpc_flow_anomalies": 1,
    "config_drift_detected": true,
    "config_drift_severity": "HIGH"
  },
  "composite_risk_score": 94,
  "rationale": "GuardDuty finding enriched with 3 CloudTrail signals (AssumeRole from external IP, 2x sensitive API calls) and an IAM policy drift event on the affected instance role recorded 6 hours prior."
}

Configuration Drift

Detect deviations from your security baseline

Ira integrates with AWS Config to establish a security baseline for your environment. When a resource deviates from that baseline — a security group opens to 0.0.0.0/0, an IAM policy gains new managed policies, an S3 bucket disables versioning — the Config agent detects and classifies the drift.

Drift classification uses a four-tier risk taxonomy. Classification criteria are based on the security impact of the deviation, blast radius of the affected resource, and whether the change correlates with other active signals in the same analysis window.

Level Criteria
CRITICAL Imminent exploitation risk. Public exposure of sensitive resources, active credential compromise indicators.
HIGH Significant policy weakening, broad IAM permission grants, cross-account access anomalies.
MEDIUM Drift from baseline with limited immediate impact. Requires investigation but not urgent containment.
LOW Informational. Configuration changes that do not represent a security risk but should be acknowledged.

Risk Scoring

A composite score, not a single signal

Ira calculates a composite risk score from 0–100 for each analysis. The score combines three factors, each weighted based on the analysis context.

A score above 75 triggers a high-priority recommendation. Scores above 90 are classified as critical and surfaced immediately. Scores below 40 are logged but do not generate a recommendation unless they correlate with an active incident.

Signal Severity
50%
Blast Radius
30%
Lateral Movement Indicators
20%

Containment

Recommendations, not autonomous actions

Ira never takes action in your environment without explicit human approval. Every analysis concludes with a ranked set of containment recommendations — structured, human-readable outputs that tell the operator exactly what to do and why.

Each recommendation includes: the signal chain that triggered it, the affected resources, the proposed action, the expected impact of that action, and any caveats or risks. Recommendations are ranked by expected risk reduction.

Example recommendation JSON 
{
  "id": "rec-20260325-001",
  "rank": 1,
  "action": "REVOKE_IAM_SESSION",
  "target": "arn:aws:iam::123456789012:user/deploy-bot",
  "rationale": "Active credential use from known Tor exit node. AssumeRole to OrganizationAccountAccessRole confirmed.",
  "risk_reduction": 87,
  "blast_radius": "Single IAM user. No service dependencies detected.",
  "caveats": "Revoking session will interrupt any in-progress deployments using this credential.",
  "status": "PENDING_APPROVAL"
}

Design Principles

Built on the right foundations

AWS-Native

No external data plane. Deployed and operated entirely within your AWS account boundary. Your data stays yours.

Least Surprise

The system surfaces what it finds. It does not suppress signals, auto-remediate, or make decisions on your behalf.

Explainability

Every recommendation includes the complete signal chain that produced it. No black-box outputs. No "trust us".

Auditability

Full analysis logs retained in your account. Every finding, every score, every recommendation — queryable, exportable, yours.

Modularity

Sub-agents are independently deployable. Add or remove telemetry sources without rebuilding the stack.

Get started

Want to see Ira analyse your environment?

Request a demo and we'll run a live analysis session against a representative set of your telemetry.

Request a Demo