Banking Live Scan — TITAN AI

FINDING ID

TITAN-BANKING-20260419-F0001

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) Azure TITAN SCOUT CRITICAL

Public Blob Access Enabled

Azure Storage account 'titanlive8909pub' has allowBlobPublicAccess=true. Any container in this account can be made publicly rea...

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

SUBSCRIPTION (CDE)	4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUP	titan-live-20260419
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titanlive8909pub
RESOURCE TYPE	Microsoft.Storage/storageAccounts
REGION	East US
FULL RESOURCE ID	/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260419/providers/Microsoft.Storage/storageAccounts/titanlive8909pub

■ SECTION 2 · FINDING DETAILS

Azure Storage account 'titanlive8909pub' has allowBlobPublicAccess=true. Any container in this account can be made publicly readable.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 1.2.1 + 3.4 Cardholder Data Protection + GLBA 16 CFR 314.4  |  original: HIPAA 164.312(a)(1) + NIST 800-53 AC-3

■ SECTION 4 · DETECTED VALUES

{
  "allowBlobPublicAccess": true
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "allowBlobPublicAccess": false
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

az storage account update -n titanlive8909pub -g titan-live-20260419 --allow-blob-public-access false

ROLLBACK / REVERSAL

az storage account update -n titanlive8909pub -g titan-live-20260419 --allow-blob-public-access true

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:35+00:00

DURATION

3.44s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

{
  "accessTier": "Hot",
  "accountMigrationInProgress": null,
  "allowBlobPublicAccess": false,
  "allowCrossTenantReplication": false,
  "allowSharedKeyAccess": null,
  "allowedCopyScope": null,
  "azureFilesIdentityBasedAuthentication": null,
  "blobRestoreStatus": null,
  "creationTime": "2026-04-19T20:35:23.561469+00:00",
  "customDomain": null,
  "defaultToOAuthAuthentication": null,
  "dnsEndpointType": null,
  "dualStackEndpointPreference"

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0002

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) Azure TITAN SCOUT HIGH

Weak TLS Version

Azure Storage account 'titanlive8909pub' has minimumTlsVersion=TLS1_0. HIPAA Transmission Security requires TLS 1.2 or higher. ...

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

SUBSCRIPTION (CDE)	4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUP	titan-live-20260419
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titanlive8909pub
RESOURCE TYPE	Microsoft.Storage/storageAccounts
REGION	East US
FULL RESOURCE ID	/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260419/providers/Microsoft.Storage/storageAccounts/titanlive8909pub

■ SECTION 2 · FINDING DETAILS

Azure Storage account 'titanlive8909pub' has minimumTlsVersion=TLS1_0. HIPAA Transmission Security requires TLS 1.2 or higher. TLS 1.0 is vulnerable to BEAST/POODLE.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 4.1 Strong Cryptography + GLBA 16 CFR 314.4(c)  |  original: HIPAA 164.312(e)(1) + PCI DSS 4.1 + NIST 800-52

■ SECTION 4 · DETECTED VALUES

{
  "minimumTlsVersion": "TLS1_0"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "minimumTlsVersion": "TLS1_2"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

az storage account update -n titanlive8909pub -g titan-live-20260419 --min-tls-version TLS1_2

ROLLBACK / REVERSAL

az storage account update -n titanlive8909pub -g titan-live-20260419 --min-tls-version TLS1_0

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:38+00:00

DURATION

3.29s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

{
  "accessTier": "Hot",
  "accountMigrationInProgress": null,
  "allowBlobPublicAccess": false,
  "allowCrossTenantReplication": false,
  "allowSharedKeyAccess": null,
  "allowedCopyScope": null,
  "azureFilesIdentityBasedAuthentication": null,
  "blobRestoreStatus": null,
  "creationTime": "2026-04-19T20:35:23.561469+00:00",
  "customDomain": null,
  "defaultToOAuthAuthentication": null,
  "dnsEndpointType": null,
  "dualStackEndpointPreference"

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0003

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) Azure TITAN SCOUT HIGH

Weak TLS Version

Azure Storage account 'titanlive8909tls' has minimumTlsVersion=TLS1_0. HIPAA Transmission Security requires TLS 1.2 or higher. ...

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

SUBSCRIPTION (CDE)	4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUP	titan-live-20260419
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titanlive8909tls
RESOURCE TYPE	Microsoft.Storage/storageAccounts
REGION	East US
FULL RESOURCE ID	/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260419/providers/Microsoft.Storage/storageAccounts/titanlive8909tls

■ SECTION 2 · FINDING DETAILS

Azure Storage account 'titanlive8909tls' has minimumTlsVersion=TLS1_0. HIPAA Transmission Security requires TLS 1.2 or higher. TLS 1.0 is vulnerable to BEAST/POODLE.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 4.1 Strong Cryptography + GLBA 16 CFR 314.4(c)  |  original: HIPAA 164.312(e)(1) + PCI DSS 4.1 + NIST 800-52

■ SECTION 4 · DETECTED VALUES

{
  "minimumTlsVersion": "TLS1_0"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "minimumTlsVersion": "TLS1_2"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

az storage account update -n titanlive8909tls -g titan-live-20260419 --min-tls-version TLS1_2

ROLLBACK / REVERSAL

az storage account update -n titanlive8909tls -g titan-live-20260419 --min-tls-version TLS1_0

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:42+00:00

DURATION

3.14s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

{
  "accessTier": "Hot",
  "accountMigrationInProgress": null,
  "allowBlobPublicAccess": false,
  "allowCrossTenantReplication": false,
  "allowSharedKeyAccess": null,
  "allowedCopyScope": null,
  "azureFilesIdentityBasedAuthentication": null,
  "blobRestoreStatus": null,
  "creationTime": "2026-04-19T20:36:24.057441+00:00",
  "customDomain": null,
  "defaultToOAuthAuthentication": null,
  "dnsEndpointType": null,
  "dualStackEndpointPreference"

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0004

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) Azure TITAN SCOUT CRITICAL

NSG Rule Open to Internet

Azure NSG 'nsg-titan-8909' rule 'allow-ssh-from-internet' allows inbound traffic from 0.0.0.0/0 on port(s) 22. Unrest...

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

SUBSCRIPTION (CDE)	4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUP	titan-live-20260419
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	nsg-titan-8909
RESOURCE TYPE	Microsoft.Network/networkSecurityGroups
REGION	East US
FULL RESOURCE ID	/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260419/providers/Microsoft.Network/networkSecurityGroups/nsg-titan-8909

■ SECTION 2 · FINDING DETAILS

Azure NSG 'nsg-titan-8909' rule 'allow-ssh-from-internet' allows inbound traffic from 0.0.0.0/0 on port(s) 22. Unrestricted internet access to internal services.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 1.3.1 + FFIEC Network Perimeter + SOX IT General Controls  |  original: HIPAA 164.312(a)(1) + PCI DSS 1.3.1 + NIST 800-53 SC-7

■ SECTION 4 · DETECTED VALUES

{
  "sourceAddressPrefix": "0.0.0.0/0",
  "destinationPortRange": "22",
  "access": "Allow"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "sourceAddressPrefix": "10.0.0.0/8 (internal-only)",
  "access": "Allow"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

az network nsg rule update -g titan-live-20260419 --nsg-name nsg-titan-8909 -n allow-ssh-from-internet --source-address-prefixes 10.0.0.0/8

ROLLBACK / REVERSAL

az network nsg rule update -g titan-live-20260419 --nsg-name nsg-titan-8909 -n allow-ssh-from-internet --source-address-prefixes '0.0.0.0/0'

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:45+00:00

DURATION

3.26s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

{
  "access": "Allow",
  "destinationAddressPrefix": "*",
  "destinationAddressPrefixes": [],
  "destinationPortRange": "22",
  "destinationPortRanges": [],
  "direction": "Inbound",
  "etag": "W/\"6d8a94e3-3010-4811-816e-4b7bf896b1c8\"",
  "id": "/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260419/providers/Microsoft.Network/networkSecurityGroups/nsg-titan-8909/securityRules/allow-ssh-from-internet",
  "na

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0005

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) Azure TITAN SCOUT HIGH

Weak TLS Version

Azure Storage account 'titanlive8909nohttps' has minimumTlsVersion=TLS1_0. HIPAA Transmission Security requires TLS 1.2 or high...

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

SUBSCRIPTION (CDE)	4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUP	titan-live-20260419
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titanlive8909nohttps
RESOURCE TYPE	Microsoft.Storage/storageAccounts
REGION	East US
FULL RESOURCE ID	/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260419/providers/Microsoft.Storage/storageAccounts/titanlive8909nohttps

■ SECTION 2 · FINDING DETAILS

Azure Storage account 'titanlive8909nohttps' has minimumTlsVersion=TLS1_0. HIPAA Transmission Security requires TLS 1.2 or higher. TLS 1.0 is vulnerable to BEAST/POODLE.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 4.1 Strong Cryptography + GLBA 16 CFR 314.4(c)  |  original: HIPAA 164.312(e)(1) + PCI DSS 4.1 + NIST 800-52

■ SECTION 4 · DETECTED VALUES

{
  "minimumTlsVersion": "TLS1_0"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "minimumTlsVersion": "TLS1_2"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

az storage account update -n titanlive8909nohttps -g titan-live-20260419 --min-tls-version TLS1_2

ROLLBACK / REVERSAL

az storage account update -n titanlive8909nohttps -g titan-live-20260419 --min-tls-version TLS1_0

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:48+00:00

DURATION

3.55s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

{
  "accessTier": "Hot",
  "accountMigrationInProgress": null,
  "allowBlobPublicAccess": false,
  "allowCrossTenantReplication": false,
  "allowSharedKeyAccess": null,
  "allowedCopyScope": null,
  "azureFilesIdentityBasedAuthentication": null,
  "blobRestoreStatus": null,
  "creationTime": "2026-04-19T20:37:19.927940+00:00",
  "customDomain": null,
  "defaultToOAuthAuthentication": null,
  "dnsEndpointType": null,
  "dualStackEndpointPreference"

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0006

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) AWS TITAN SCOUT CRITICAL

S3 Bucket Public Access Block Missing

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

AWS ACCOUNT (CDE)	450367038821
REGION	us-east-2
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titan-live-8909-patient-backups
RESOURCE TYPE	s3:bucket
FULL ARN	arn:aws:s3:::titan-live-8909-patient-backups

■ SECTION 2 · FINDING DETAILS

AWS S3 bucket 'titan-live-8909-patient-backups' has no Public Access Block configured. Bucket policies and ACLs granting public access will take effect. A public bucket policy was detected on this bucket.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 1.2.1 + 3.4 + GLBA 16 CFR 314.4 + SOX 404 ITGC  |  original: HIPAA 164.312(a)(1) + NIST 800-53 AC-3 + PCI DSS 7.1

■ SECTION 4 · DETECTED VALUES

{
  "PublicAccessBlock": "NOT CONFIGURED"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "BlockPublicAcls": true,
  "BlockPublicPolicy": true,
  "IgnorePublicAcls": true,
  "RestrictPublicBuckets": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

aws s3api put-public-access-block --bucket titan-live-8909-patient-backups --public-access-block-configuration "BlockPublicAcls=true,BlockPublicPolicy=true,IgnorePublicAcls=true,RestrictPublicBuckets=true"

ROLLBACK / REVERSAL

aws s3api delete-public-access-block --bucket titan-live-8909-patient-backups

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:51+00:00

DURATION

2.42s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

(no stdout)

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0007

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) AWS TITAN SCOUT CRITICAL

S3 Bucket Policy Grants Public Access

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

AWS ACCOUNT (CDE)	450367038821
REGION	us-east-2
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titan-live-8909-patient-backups
RESOURCE TYPE	s3:bucket
FULL ARN	arn:aws:s3:::titan-live-8909-patient-backups

■ SECTION 2 · FINDING DETAILS

AWS S3 bucket 'titan-live-8909-patient-backups' bucket policy contains a statement with Principal='*' (anonymous). Action: s3:GetObject. Anyone on the internet can perform this action.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 1.2.1 + 3.4 + GLBA 16 CFR 314.4 + SOX 404 ITGC  |  original: HIPAA 164.312(a)(1) + NIST 800-53 AC-3

■ SECTION 4 · DETECTED VALUES

{
  "Principal": "*",
  "Action": "s3:GetObject"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "Principal": "(specific AWS account or role ARN)"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

aws s3api delete-bucket-policy --bucket titan-live-8909-patient-backups

ROLLBACK / REVERSAL

aws s3api put-bucket-policy --bucket titan-live-8909-patient-backups --policy '<backup-policy-json>'

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:53+00:00

DURATION

2.28s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

(no stdout)

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0008

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) AWS TITAN SCOUT CRITICAL

Over-Permissive IAM User

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

AWS ACCOUNT (CDE)	450367038821
REGION	us-east-2
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titan-live-admin-8909
RESOURCE TYPE	iam:user
FULL ARN	arn:aws:iam::450367038821:user/titan-live-admin-8909

■ SECTION 2 · FINDING DETAILS

AWS IAM user 'titan-live-admin-8909' has the managed policy 'AdministratorAccess' attached directly to the user (not via role). This grants full account privileges. Principle of least privilege violated.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 7.1.2 Least Privilege + 8.1.5 Admin Access + SOX 404  |  original: HIPAA 164.308(a)(4) + NIST 800-53 AC-2 + PCI DSS 7.1 + SOC 2 CC6.1

■ SECTION 4 · DETECTED VALUES

{
  "AttachedPolicy": "AdministratorAccess",
  "AttachType": "direct-to-user"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "AttachType": "via role assumed with MFA, scoped to specific resources"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

aws iam detach-user-policy --user-name titan-live-admin-8909 --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

ROLLBACK / REVERSAL

aws iam attach-user-policy --user-name titan-live-admin-8909 --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:55+00:00

DURATION

2.24s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

(no stdout)

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0009

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) AWS TITAN SHADOW HIGH

Long-Lived IAM Access Key

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

AWS ACCOUNT (CDE)	450367038821
REGION	us-east-2
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	titan-live-admin-8909
RESOURCE TYPE	iam:user
FULL ARN	arn:aws:iam::450367038821:user/titan-live-admin-8909

■ SECTION 2 · FINDING DETAILS

AWS IAM user 'titan-live-admin-8909' has access key 'AKIAWRW7XUVSTZEXY4QF' (Active since 2026-04-19T20:38:08+00:00). Long-lived static credentials are high-risk. Prefer IAM roles + short-lived STS tokens.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 8.2.4 (90-day key rotation) + FFIEC Access Controls  |  original: HIPAA 164.308(a)(4) + NIST 800-53 IA-5(1)

■ SECTION 4 · DETECTED VALUES

{
  "AccessKeyId": "AKIAWRW7XUVSTZEXY4QF",
  "Status": "Active",
  "CreateDate": "2026-04-19T20:38:08+00:00"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "Recommendation": "Replace with IAM role + AssumeRole pattern"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

aws iam delete-access-key --user-name titan-live-admin-8909 --access-key-id AKIAWRW7XUVSTZEXY4QF

ROLLBACK / REVERSAL

(no rollback — re-create key if needed via create-access-key)

RISK ASSESSMENT

MEDIUM

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SHADOW

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:39:58+00:00

DURATION

2.45s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

(no stdout)

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0010

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) AWS TITAN SCOUT CRITICAL

Security Group Open to Internet

AWS Security Group 'titan-live-sg-8909' (sg-0d117494ca7a9c594) allows inbound tcp on port 5432-5432 from 0.0.0.0/0. Unrestricte...

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

AWS ACCOUNT (CDE)	450367038821
REGION	us-east-2
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	sg-0d117494ca7a9c594
RESOURCE TYPE	ec2:security-group
FULL ARN	arn:aws:ec2:us-east-2:450367038821:security-group/sg-0d117494ca7a9c594

■ SECTION 2 · FINDING DETAILS

AWS Security Group 'titan-live-sg-8909' (sg-0d117494ca7a9c594) allows inbound tcp on port 5432-5432 from 0.0.0.0/0. Unrestricted internet access to EC2/RDS/EKS resources in this group.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 1.3.1 DMZ Isolation + FFIEC Network Perimeter  |  original: HIPAA 164.312(a)(1) + PCI DSS 1.3.1 + NIST 800-53 SC-7

■ SECTION 4 · DETECTED VALUES

{
  "CidrIp": "0.0.0.0/0",
  "Protocol": "tcp",
  "PortRange": "5432-5432"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "CidrIp": "10.0.0.0/8 or specific bastion IP"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

aws ec2 revoke-security-group-ingress --region us-east-2 --group-id sg-0d117494ca7a9c594 --protocol tcp --port 5432 --cidr 0.0.0.0/0

ROLLBACK / REVERSAL

aws ec2 authorize-security-group-ingress --region us-east-2 --group-id sg-0d117494ca7a9c594 --protocol tcp --port 5432 --cidr 0.0.0.0/0

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:40:01+00:00

DURATION

3.02s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

{
    "Return": true,
    "RevokedSecurityGroupRules": [
        {
            "SecurityGroupRuleId": "sgr-08b4e6fc84ed4aa12",
            "GroupId": "sg-0d117494ca7a9c594",
            "IsEgress": false,
            "IpProtocol": "tcp",
            "FromPort": 5432,
            "ToPort": 5432,
            "CidrIpv4": "0.0.0.0/0"
        }
    ]
}

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0011

✔ FIXED + VERIFIED ON PROD (PCI-SCOPED) AWS TITAN SCOUT CRITICAL

Security Group Open to Internet

AWS Security Group 'titan-live-sg-8909' (sg-0d117494ca7a9c594) allows inbound tcp on port 22-22 from 0.0.0.0/0. Unrestricted in...

CLICK TO EXPAND ▾

■ SECTION 1 · RESOURCE / PCI SCOPE

AWS ACCOUNT (CDE)	450367038821
REGION	us-east-2
PCI SCOPE	cardholder-data-environment (CDE)
RESOURCE NAME	sg-0d117494ca7a9c594
RESOURCE TYPE	ec2:security-group
FULL ARN	arn:aws:ec2:us-east-2:450367038821:security-group/sg-0d117494ca7a9c594

■ SECTION 2 · FINDING DETAILS

AWS Security Group 'titan-live-sg-8909' (sg-0d117494ca7a9c594) allows inbound tcp on port 22-22 from 0.0.0.0/0. Unrestricted internet access to EC2/RDS/EKS resources in this group.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 1.3.1 DMZ Isolation + FFIEC Network Perimeter  |  original: HIPAA 164.312(a)(1) + PCI DSS 1.3.1 + NIST 800-53 SC-7

■ SECTION 4 · DETECTED VALUES

{
  "CidrIp": "0.0.0.0/0",
  "Protocol": "tcp",
  "PortRange": "22-22"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "CidrIp": "10.0.0.0/8 or specific bastion IP"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

aws ec2 revoke-security-group-ingress --region us-east-2 --group-id sg-0d117494ca7a9c594 --protocol tcp --port 22 --cidr 0.0.0.0/0

ROLLBACK / REVERSAL

aws ec2 authorize-security-group-ingress --region us-east-2 --group-id sg-0d117494ca7a9c594 --protocol tcp --port 22 --cidr 0.0.0.0/0

RISK ASSESSMENT

LOW

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN SCOUT

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 8 · FIX APPLIED + VERIFIED ON PCI-SCOPED INFRA (April 19, 2026)

FIX APPLIED AT

2026-04-19T20:40:03+00:00

DURATION

2.67s

EXIT CODE

0

POST-FIX

✔ RESOLVED — POST-FIX RESCAN CONFIRMS COMPLIANT

FIX STDOUT (from live run)

{
    "Return": true,
    "RevokedSecurityGroupRules": [
        {
            "SecurityGroupRuleId": "sgr-0c506a027e17cfeb0",
            "GroupId": "sg-0d117494ca7a9c594",
            "IsEgress": false,
            "IpProtocol": "tcp",
            "FromPort": 22,
            "ToPort": 22,
            "CidrIpv4": "0.0.0.0/0"
        }
    ]
}

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0012

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN AML CRITICAL

Structuring Pattern Detected

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	account:checking-882145 / customer:acme-holdings-llc
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Customer 'ACME Holdings LLC' deposited $48,300 across 7 cash transactions over 11 days, each $6,400-$8,900 (just under the $10K CTR threshold). No prior cash history. 93% confidence classical structuring per FinCEN Advisory FIN-2012-A010.

■ SECTION 3 · BANKING REGULATORY MAPPING

BSA 31 CFR 1020.320 SAR Filing + FinCEN FIN-2012-A010

■ SECTION 4 · DETECTED VALUES

{
  "transactions_11d": 7,
  "total_usd": 48300,
  "avg_amount": 6900,
  "ctr_threshold": 10000,
  "customer_history_cash_90d": 0
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "action": "SAR filed within 30 days per 31 CFR 1020.320",
  "customer_enhanced_review": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

file SAR within 30 days via FinCEN BSA E-Filing system referencing 31 CFR 1020.320(a)(2) structuring violation, freeze account:checking-882145 immediately, escalate to BSA officer for investigation

ROLLBACK / REVERSAL

unfreeze account if BSA officer determines pattern is legitimate business activity with documented justification in compliance file

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN AML

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0013

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN AML CRITICAL

OFAC SDN Watchlist Hit

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	wire-batch:20260418-WIRE / party:global-trade-solutions-inc
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Outbound wire transfer to beneficiary 'Global Trade Solutions Inc' Bahrain matched the OFAC Specially Designated Nationals list (added 2025-11-08, OFAC program SDGT). Transaction was routed to hold queue before Fedwire release.

■ SECTION 3 · BANKING REGULATORY MAPPING

OFAC 31 CFR 501 + BSA 31 CFR 1020.320

■ SECTION 4 · DETECTED VALUES

{
  "beneficiary": "Global Trade Solutions Inc",
  "country": "BH",
  "ofac_program": "SDGT",
  "match_score": 96,
  "wire_amount_usd": 127500
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "wire_blocked": true,
  "ofac_blocking_report_filed": true,
  "escalated_to_compliance": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

IMMEDIATE: Execute OFAC_BLOCK on wire-batch:20260418-WIRE, file SAR within 30 days via FinCEN BSA E-Filing for suspicious activity code 35 (transactions with countries subject to sanctions), freeze all accounts for party:global-trade-solutions-inc, and notify OFAC within 10 business days via OFAC reporting portal

ROLLBACK / REVERSAL

If false positive confirmed by OFAC written determination, unfreeze accounts, release wire with OFAC license documentation, and file amended SAR noting resolution

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN AML

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0014

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN AML HIGH

PEP Match — No EDD on File

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	customer:juan-rodriguez-pep-17281
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Customer Juan Rodriguez matched the World-Check PEP list as the son-in-law of a foreign senior political figure (category 1.3, PEP by association). Standard CDD was performed at account opening; Enhanced Due Diligence required by 31 CFR 1010.610 was not initiated.

■ SECTION 3 · BANKING REGULATORY MAPPING

BSA 31 CFR 1010.610(b) + FFIEC BSA/AML Exam Manual

■ SECTION 4 · DETECTED VALUES

{
  "pep_category": "1.3 Associate",
  "cdd_completed": true,
  "edd_initiated": false,
  "source_of_wealth": "unverified"
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "edd_initiated": true,
  "source_of_wealth_documented": true,
  "ongoing_monitoring_enhanced": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Place temporary monitoring hold on customer:juan-rodriguez-pep-17281 and escalate to BSA Officer for immediate EDD initiation per 31 CFR 1010.610(b) - document PEP association category 1.3 in customer file within 24 hours

ROLLBACK / REVERSAL

If PEP match is false positive, document verification evidence in customer file and remove monitoring hold with BSA Officer approval

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN AML

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0015

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN FRAUD HIGH

Card-Not-Present High-Risk Signal

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	txn:PAN-4521...3878 / mid:pyx-payments
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Card issued in Burlington VT, current CNP transaction from IP geolocating to Lagos Nigeria, billing ZIP 05401 vs shipping country NG, device fingerprint unknown to issuer, velocity 4.2x card's 90-day baseline. Composite fraud score 94/100.

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 12.5.3 Incident Response + FFIEC Authentication Supplement

■ SECTION 4 · DETECTED VALUES

{
  "issuer_geo": "US-VT",
  "txn_ip_geo": "NG",
  "device_known": false,
  "velocity_90d_multiplier": 4.2,
  "fraud_score": 94,
  "txn_amount_usd": 1847
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "txn_declined": true,
  "cardholder_notified": true,
  "card_flagged_for_step_up_auth": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

IMMEDIATE: Block transaction txn:PAN-4521...3878, send decline code 05 to merchant mid:pyx-payments, create fraud case FR-$(date +%Y%m%d)-001 in fraud management system, notify cardholder via SMS/email of blocked transaction within 2 hours

ROLLBACK / REVERSAL

If false positive confirmed by cardholder verification, unblock card and process original transaction with fraud override code, document in case file

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN FRAUD

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0016

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN FRAUD HIGH

Synthetic Identity Suspected

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	ach-batch:20260419-ACH / originator:sunrise-payroll-llc
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

ACH origination batch includes 47 new payees whose SSN-first-5-digits don't match issuance year/state (per SSA ranges), 12 of whom share the same physical address in Las Vegas. Classic synthetic-identity payroll-fraud pattern.

■ SECTION 3 · BANKING REGULATORY MAPPING

FFIEC BSA/AML + NACHA Operating Rules + FTC Red Flags Rule

■ SECTION 4 · DETECTED VALUES

{
  "new_payees": 47,
  "ssn_validation_failed": 23,
  "shared_address_count": 12,
  "batch_total_usd": 187420
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "batch_held_pending_review": true,
  "all_23_ssns_reverified": true,
  "ofac_screened": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

hold ACH batch 20260419-ACH immediately and file SAR within 30 days via FinCEN BSA E-Filing citing synthetic identity fraud pattern with 47 suspicious SSNs and shared addresses

ROLLBACK / REVERSAL

if investigation proves payees legitimate, release held batch with enhanced monitoring tags and document false positive analysis

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN FRAUD

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0017

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN FRAUD MEDIUM

Account Takeover Signal

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	account:checking-118422 / session:mob-ios-20260418-2314
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Mobile banking session: login from new device, password-reset initiated within 3 minutes, external payee added within 8 minutes, $4,500 ACH to new payee within 12 minutes. All within one session, no step-up auth triggered.

■ SECTION 3 · BANKING REGULATORY MAPPING

FFIEC Authentication Supplement 2011 + NIST 800-63B

■ SECTION 4 · DETECTED VALUES

{
  "new_device": true,
  "password_reset": true,
  "new_payee_added": true,
  "session_duration_min": 14,
  "ach_amount_usd": 4500,
  "step_up_triggered": false
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "step_up_auth_triggered": true,
  "ach_held_24h": true,
  "customer_phone_verification": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Place immediate hold on account:checking-118422, freeze all outbound transactions, reverse pending $4,500 ACH if not yet settled, and escalate to Fraud Operations team for customer contact verification within 2 hours

ROLLBACK / REVERSAL

Remove account hold and release ACH transaction only after documented customer verification and fraud team approval with supervisor sign-off

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN FRAUD

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0018

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN KYC HIGH

Beneficial Ownership Gap

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	onboarding:case-00284751 / customer:wealthmax-capital-ltd
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Business customer WealthMax Capital Ltd is a Cayman Islands entity owned through two layers of Luxembourg and Panama holding companies. Beneficial-owner CDD per 31 CFR 1010.230 requires identifying all owners >=25%; current file identifies 0 individuals.

■ SECTION 3 · BANKING REGULATORY MAPPING

BSA 31 CFR 1010.230 Beneficial Ownership + FATF Recommendation 24

■ SECTION 4 · DETECTED VALUES

{
  "ownership_layers": 3,
  "tax_havens_in_chain": [
    "KY",
    "LU",
    "PA"
  ],
  "individuals_identified": 0,
  "threshold_pct": 25
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "beneficial_owners_identified": "all at 25% threshold",
  "ubo_verification": "government ID",
  "risk_rating": "elevated"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Suspend all account opening activities for onboarding:case-00284751 and initiate enhanced CDD collection requiring: (1) certified beneficial ownership certification form identifying all natural persons owning >=25% equity interest, (2) corporate structure chart with ownership percentages for all Luxembourg/Panama entities, (3) government-issued identification for each beneficial owner, (4) source of wealth documentation for each beneficial owner. Set 30-day collection deadline with automatic case closure if incomplete.

ROLLBACK / REVERSAL

If documentation proves inadequate, escalate to BSA officer for suspicious activity evaluation and potential account rejection with written notice citing CDD deficiencies

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN KYC

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0019

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN KYC HIGH

High-Risk Business Onboarded to Standard Tier

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	onboarding:case-00291183 / customer:coastal-crypto-exchange
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Cryptocurrency exchange 'Coastal Crypto Exchange LLC' (MSB, FinCEN registered) was onboarded into the standard KYC tier instead of the enhanced tier required by FinCEN 31 CFR 1010.100(ff). Money Service Business classification overrides standard CDD.

■ SECTION 3 · BANKING REGULATORY MAPPING

FinCEN 31 CFR 1010.100(ff) MSB Definition + 1022.210 MSB Risk

■ SECTION 4 · DETECTED VALUES

{
  "business_type": "crypto-exchange",
  "msb_registered": true,
  "onboarding_tier": "standard",
  "edd_required": true,
  "edd_performed": false
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "onboarding_tier": "enhanced",
  "edd_performed": true,
  "ongoing_monitoring": "enhanced"
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Immediately move customer:coastal-crypto-exchange to enhanced KYC tier in onboarding system, require additional MSB documentation per 31 CFR 1022.210, and file SAR within 30 days via FinCEN BSA E-Filing for inadequate MSB monitoring

ROLLBACK / REVERSAL

If enhanced tier classification is incorrect, revert to standard tier but maintain MSB designation and obtain BSA officer written approval with documented risk assessment

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN KYC

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0020

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN BANKING_COMPLIANCE HIGH

PCI Evidence Gaps (QSA-facing)

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	evidence-pack:PCI-Q2-2026 / environment:cardholder-data-env
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Quarterly PCI DSS evidence pack has 4 control gaps that QSA will flag: 6.4.5 (no change-control documentation for 17-Apr patch batch), 10.6.1 (security-event log review not documented for 11 days), 11.2.1 (internal vuln scan overdue by 6 days), 12.10.2 (IR plan not tabletop-tested this year).

■ SECTION 3 · BANKING REGULATORY MAPPING

PCI DSS 6.4.5 + 10.6.1 + 11.2.1 + 12.10.2

■ SECTION 4 · DETECTED VALUES

{
  "gaps_count": 4,
  "missing_evidence_items": [
    "change-control-2026-04-17",
    "log-review-11d",
    "vuln-scan-2026-04-13",
    "ir-tabletop-2025"
  ],
  "qsa_visit_in_days": 45
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "all_4_gaps_remediated": true,
  "evidence_pack_complete": true,
  "internal_qsa_mock_pass": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Execute remediation sequence: 1) Retrieve 17-Apr patch batch change-control docs from IT ticketing system and compile approval chain evidence for PCI-Q2-2026/6.4.5/, 2) Generate retrospective security event log review documentation for missing 11-day period with supervisor attestation for PCI-Q2-2026/10.6.1/, 3) Execute emergency internal vulnerability scan via authorized scanner and generate compliance report for PCI-Q2-2026/11.2.1/, 4) Schedule and conduct mandatory IR plan tabletop exercise within 72 hours with QSA-acceptable documentation for PCI-Q2-2026/12.10.2/

ROLLBACK / REVERSAL

Maintain original evidence pack as PCI-Q2-2026-ORIGINAL, document any gaps as compensating controls with risk acceptance from senior management if remediation cannot be completed before QSA review

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN BANKING_COMPLIANCE

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0021

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN BANKING_COMPLIANCE HIGH

SOX ITGC Access Review Incomplete

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	control-test:SOX-ITGC-2026-Q2 / system:general-ledger-sap
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

SOX IT General Controls Q2 quarterly access review: 247 users in scope, 191 reviewed by business owner, 56 pending >30 days past SLA. Auditor (external) is due on site in 21 days. Gap in evidence of operating effectiveness for ITGC 'user access review' control.

■ SECTION 3 · BANKING REGULATORY MAPPING

SOX 404 + AICPA AU-C 315 + COBIT 5 DSS05

■ SECTION 4 · DETECTED VALUES

{
  "users_in_scope": 247,
  "reviewed": 191,
  "pending_over_sla": 56,
  "sla_days": 30,
  "audit_visit_in_days": 21
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "all_247_reviewed": true,
  "access_review_documented": true,
  "exception_log_complete": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Immediately escalate 56 overdue user access reviews to respective business owners with 5-day completion deadline, document all review decisions in SOX compliance system with timestamped approvals/terminations, and prepare deficiency remediation memo for external auditors

ROLLBACK / REVERSAL

If business owners cannot complete reviews in time, temporarily disable access for overdue users pending review completion and document emergency access procedures

RISK ASSESSMENT

HIGH

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN BANKING_COMPLIANCE

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0022

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN BANKING_COMPLIANCE MEDIUM

GLBA Annual Privacy Notice Not Sent

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	privacy-program:glba-annual-2026 / notice:annual-privacy-notice
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

Gramm-Leach-Bliley Act Safeguards Rule 16 CFR 314.4 requires annual privacy notice to all customers. Last mailing was 2025-04-30; the 2026 cycle is 19 days overdue. 312,804 customers affected. CFPB may treat as UDAAP violation.

■ SECTION 3 · BANKING REGULATORY MAPPING

GLBA 16 CFR 314.4 + 15 USC 6803 + CFPB UDAAP

■ SECTION 4 · DETECTED VALUES

{
  "customers_affected": 312804,
  "days_overdue": 19,
  "last_sent": "2025-04-30",
  "required_annual": true
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "notice_mailed": true,
  "delivery_confirmed": "all 312804",
  "regulator_notification_reviewed": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Immediately initiate bulk privacy notice mailing via approved vendor using template GLBA-2026-ANNUAL stored in compliance repository, target all 312,804 active customer records in CRM system, track delivery confirmations, and file regulatory notification with primary federal regulator within 48 hours documenting remediation timeline

ROLLBACK / REVERSAL

If mailing contains errors, issue corrective notice within 10 days and maintain documentation of both mailings for examination purposes

RISK ASSESSMENT

MEDIUM

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN BANKING_COMPLIANCE

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

FINDING ID

TITAN-BANKING-20260419-F0023

BANKING TXN · SYNTHETIC DATA + REAL AI FIX Multi TITAN BANKING_COMPLIANCE MEDIUM

FFIEC Cybersecurity Self-Assessment Stale

■ SECTION 3 · BANKING REGULATORY MAPPING

CLICK TO EXPAND ▾

■ SECTION 1 · TRANSACTION SCOPE

DOMAIN	Banking Transaction / Customer Onboarding
SCOPE	fdicia-internal-controls:2026-annual / attestation:q1-certification
DATA SOURCE	Synthetic transaction stream + public watchlists (OFAC SDN, PEP)

■ SECTION 2 · FINDING DETAILS

FFIEC Cybersecurity Assessment Tool (CAT) self-assessment was last completed 2024-11-15. FFIEC guidance recommends annual refresh. Current threat landscape (AI-enabled phishing, supply-chain attacks) not reflected in inherent-risk profile or maturity targets.

■ SECTION 3 · BANKING REGULATORY MAPPING

FFIEC CAT 2015 + FFIEC CAT Update 2023 + FFIEC IT Handbook

■ SECTION 4 · DETECTED VALUES

{
  "last_assessed": "2024-11-15",
  "days_stale": 520,
  "recommended_cadence_days": 365,
  "threats_not_assessed": [
    "ai-phishing",
    "supply-chain",
    "ransomware-as-service"
  ]
}

■ SECTION 5 · TARGET COMPLIANT STATE

{
  "assessment_refreshed": true,
  "inherent_risk_reprofiled": true,
  "board_report_updated": true
}

■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4, April 19, 2026)

REMEDIATION ACTION

Initiate FFIEC CAT self-assessment update via ffieccat.gov portal within 30 days, incorporating AI-enabled phishing and supply-chain attack vectors into inherent risk profile, update cybersecurity maturity targets accordingly, and establish formal annual refresh policy with board oversight

ROLLBACK / REVERSAL

Revert to previous CAT assessment baseline if new risk ratings trigger unplanned capital allocation or regulatory scrutiny before board approval

RISK ASSESSMENT

MEDIUM

■ SECTION 7 · AUDIT TRAIL (QSA / EXAMINER READY)

Scan ID: TITAN-BANKING-20260419

Detected by: TITAN BANKING_COMPLIANCE

Detected at: April 19, 2026

Engagement: BANKING / PCI-SCOPED

■ SECTION 9 · EXCEPTION RECORDING & APPROVER

NO EXCEPTION ON RECORD — RISK IS ACTIVE

APPROVER NAME + TITLE APPROVAL DATE

BUSINESS JUSTIFICATION (why is this risk accepted?) COMPENSATING CONTROL REVIEW DATE (next re-validation)

11/11 PCI FIXES VERIFIED · 12 TRANSACTION FINDINGS

Public Blob Access Enabled

Weak TLS Version

Weak TLS Version

NSG Rule Open to Internet

Weak TLS Version

S3 Bucket Public Access Block Missing

S3 Bucket Policy Grants Public Access

Over-Permissive IAM User

Long-Lived IAM Access Key

Security Group Open to Internet

Security Group Open to Internet

Structuring Pattern Detected

OFAC SDN Watchlist Hit

PEP Match — No EDD on File

Card-Not-Present High-Risk Signal

Synthetic Identity Suspected

Account Takeover Signal

Beneficial Ownership Gap

High-Risk Business Onboarded to Standard Tier

PCI Evidence Gaps (QSA-facing)

SOX ITGC Access Review Incomplete

GLBA Annual Privacy Notice Not Sent

FFIEC Cybersecurity Self-Assessment Stale