{ "report_id": "AWS-20260426-132246", "cloud": "aws", "account_id": "450367038821", "caller_arn": "arn:aws:iam::450367038821:user/info@titanaisec.com", "region": "us-east-1", "tenant": "TITAN AI Live Demo", "generated_at": "2026-04-26T13:22:46.5817617-05:00", "summary": { "medium": 0, "low": 0, "high": 2, "critical": 1 }, "fix_count": 0, "total_findings": 3, "downstream_resources_at_risk": 3.0, "compound_risk_resources": 0, "findings": [ { "FID": "c8e6c9320831", "Severity": "critical", "Detector": "IAM", "Resource": "root-account/450367038821", "Title": "Root user MFA is DISABLED", "Citation": "NIST 800-53 IA-2(1), CIS AWS 1.5, SOC2 CC6.1", "Recommendation": "Enable MFA on the root account immediately.", "FixApplied": false, "DetectedAt": "2026-04-26T13:21:23.4232800-05:00", "Priority": { "Score": 75, "Bucket": "P1", "Sla": "Fix in 24 hours", "Factors": { "InternetFacing": false, "PhiExposure": true, "ExploitInWild": true, "BusinessCritical": true } }, "AttckTechnique": "T1078.004 - Valid Accounts: Cloud Accounts", "Playbook": { "steps": [ "Enable MFA on the root account via AWS console (only the root user can enable root MFA - cannot be delegated)", "Delete any active root access keys: aws iam delete-access-key --user-name --access-key-id ", "For IAM users without MFA: aws iam enable-mfa-device --user-name --serial-number --authentication-code-1 --authentication-code-2 ", "Add an SCP / IAM Boundary policy that denies actions when MFA is not present", "Re-scan to verify root MFA enabled and no root keys" ], "effort": "30 minutes", "owner": "Security + IAM admin" }, "BlastRadius": { "finding_id": "c8e6c9320831", "attack_origin": "credential_compromise_or_phish", "path_length": 1, "trust_zones_crossed": [ "Phish/Steal", "Root Console", "ALL AWS Resources" ], "affected_resources": [ { "type": "entire_aws_account", "count": 1, "names": [ "450367038821" ] } ], "co_located_findings": [], "risk_multiplier": 1 } }, { "FID": "7202c3054e22", "Severity": "high", "Detector": "IAM", "Resource": "user/iam-titandemo-260426-1311", "Title": "IAM user iam-titandemo-260426-1311 has no MFA device", "Citation": "CIS AWS 1.10, NIST 800-53 IA-2", "Recommendation": "Require MFA on all human IAM users.", "FixApplied": false, "DetectedAt": "2026-04-26T13:21:45.5419317-05:00", "Priority": { "Score": 50, "Bucket": "P2", "Sla": "Fix in 72 hours", "Factors": { "InternetFacing": false, "PhiExposure": true, "ExploitInWild": false, "BusinessCritical": true } }, "AttckTechnique": "T1078.004 - Valid Accounts: Cloud Accounts", "Playbook": { "steps": [ "Enable MFA on the root account via AWS console (only the root user can enable root MFA - cannot be delegated)", "Delete any active root access keys: aws iam delete-access-key --user-name --access-key-id ", "For IAM users without MFA: aws iam enable-mfa-device --user-name --serial-number --authentication-code-1 --authentication-code-2 ", "Add an SCP / IAM Boundary policy that denies actions when MFA is not present", "Re-scan to verify root MFA enabled and no root keys" ], "effort": "30 minutes", "owner": "Security + IAM admin" }, "BlastRadius": { "finding_id": "7202c3054e22", "attack_origin": "credential_compromise_or_phish", "path_length": 1, "trust_zones_crossed": [ "Phish/Steal", "User Console", "User-Authorized Resources" ], "affected_resources": [ { "type": "iam_user", "count": 1, "names": [ "iam-titandemo-260426-1311" ] } ], "co_located_findings": [], "risk_multiplier": 1 } }, { "FID": "d121cfd943f3", "Severity": "high", "Detector": "S3", "Resource": "s3://s3-titandemo-260426-1311-450367038821", "Title": "S3 bucket s3-titandemo-260426-1311-450367038821 lacks full Public Access Block", "Citation": "HIPAA 164.312(a)(1), CIS AWS 2.1.5, NIST 800-53 AC-3", "Recommendation": "Enable all 4 Public Access Block settings (Block Public ACLs / Policy / Ignore / Restrict).", "FixApplied": false, "DetectedAt": "2026-04-26T13:22:20.4147149-05:00", "Priority": { "Score": 75, "Bucket": "P1", "Sla": "Fix in 24 hours", "Factors": { "InternetFacing": true, "PhiExposure": true, "ExploitInWild": false, "BusinessCritical": true } }, "AttckTechnique": "T1530 - Data from Cloud Storage", "Playbook": { "steps": [ "Enable Public Access Block on the bucket: aws s3api put-public-access-block --bucket NAME --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true", "Enable default encryption: aws s3api put-bucket-encryption --bucket NAME --server-side-encryption-configuration with SSEAlgorithm AES256", "Audit S3 access logs for last 90 days for anonymous reads", "If anonymous access detected on PHI/PII bucket: trigger HIPAA breach assessment", "Enable Macie for ongoing PII/PHI classification on the bucket" ], "effort": "Same day", "owner": "Storage Owner + Privacy" }, "BlastRadius": { "finding_id": "d121cfd943f3", "attack_origin": "external_internet", "path_length": 1, "trust_zones_crossed": [ "Internet", "S3 Public Endpoint", "Bucket Objects" ], "affected_resources": [ { "type": "s3_bucket", "count": 1, "names": [ "s3-titandemo-260426-1311-450367038821" ] } ], "co_located_findings": [], "risk_multiplier": 1 } } ], "attack_paths": [ { "finding_id": "c8e6c9320831", "attack_origin": "credential_compromise_or_phish", "path_length": 1, "trust_zones_crossed": [ "Phish/Steal", "Root Console", "ALL AWS Resources" ], "affected_resources": [ { "type": "entire_aws_account", "count": 1, "names": [ "450367038821" ] } ], "co_located_findings": [], "risk_multiplier": 1 }, { "finding_id": "7202c3054e22", "attack_origin": "credential_compromise_or_phish", "path_length": 1, "trust_zones_crossed": [ "Phish/Steal", "User Console", "User-Authorized Resources" ], "affected_resources": [ { "type": "iam_user", "count": 1, "names": [ "iam-titandemo-260426-1311" ] } ], "co_located_findings": [], "risk_multiplier": 1 }, { "finding_id": "d121cfd943f3", "attack_origin": "external_internet", "path_length": 1, "trust_zones_crossed": [ "Internet", "S3 Public Endpoint", "Bucket Objects" ], "affected_resources": [ { "type": "s3_bucket", "count": 1, "names": [ "s3-titandemo-260426-1311-450367038821" ] } ], "co_located_findings": [], "risk_multiplier": 1 } ] }