☁ AZURE 🔒 AIRLOCK
★ FOR CEOS, CTOS & CISOS ★ 60-SECOND READ

Telecom Live Scan — Real Results

Real telecom-vertical scan output. GATEKEEPER + TELCO-specific agents running against a carrier-grade environment.

Network segmentation, edge nodes, signaling, identity, and customer-facing systems all in scope. Maps to NIST 800-53, ISO 27001, SOC 2, and CISA telecom advisories. [y/N] consent on every write.

Custom — see pricing page for the agent set that matches your network footprint.

VERTICAL
Telecom
FRAMEWORKS
NIST/ISO
NETWORK
GATEKEEPER
TIERS
3 packages
See Telecom Pricing » Book a Demo
⚡ SAFETY STACK · FREE WITH EVERY PACKAGE CONDUCTOR (auto-deploy) REASON (3-candidate think-first) PHOENIX (cascade recovery) DR-GUARD (region failover) NEVER BREAKS ANYTHING
• TELECOM LIVE • April 20, 2026
📢 LIVE AZURE SCAN + FIX CYCLE · APRIL 20, 2026

11 / 11 FIXES VERIFIED LIVE

End-to-end proof on April 20, 2026: provisioned 11 real misconfigured resources on Azure, detected every one, applied the AI-generated fix commands live, re-scanned to verify each fix resolved the finding, then deleted all resources. 11/11 fixes verified in post-rescan — every card below shows detected state, fix command applied, fix stdout, exit code, and post-fix verification status.
58
TOTAL FINDINGS
11/11
FIXES VERIFIED
25
CRITICAL
28
HIGH
25
AGENTS COVERED
Custom
RESOURCES LEFT
LIVE TELECOM REPORT · 2026-04-20
248 findings · 45 fixes · 493 compliance checks · 6 agents
Interactive drill-down with 8-section per-resource detail, before/after state, rollback plan, and Section 9 Exception/Approver.
VIEW POST-FIX REPORT » PRE-FIX SNAPSHOT PDF DOCX
FILTER BY SOURCE
ALL 58 • REAL + FIX VERIFIED (11) AI FIX SCENARIOS (47)
FILTER BY CLOUD
ALL AZURE MULTI / VERTICAL
FILTER BY SEVERITY
ALL CRITICAL HIGH MEDIUM
FINDING ID
TITAN-LIVE-20260420-F0001
✔ FIXED + VERIFIED ON PROD Azure TITAN SCOUT CRITICAL

Public Blob Access Enabled

Azure Storage account 'titanlivecdfwpub' has allowBlobPublicAccess=true. Any container in this account can be made publicly rea...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAMEtitanlivecdfwpub
RESOURCE TYPEMicrosoft.Storage/storageAccounts
REGIONEast US
FULL RESOURCE ID/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260420/providers/Microsoft.Storage/storageAccounts/titanlivecdfwpub
■ SECTION 2 · FINDING DETAILS
Azure Storage account 'titanlivecdfwpub' has allowBlobPublicAccess=true. Any container in this account can be made publicly readable.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(a)(1) + NIST 800-53 AC-3
■ SECTION 4 · DETECTED STATE (REAL CLI RESPONSE)
{
 "allowBlobPublicAccess": true
}
■ SECTION 5 · EXPECTED STATE (TARGET)
{
 "allowBlobPublicAccess": false
}
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage account update -n titanlivecdfwpub -g titan-live-20260420 --allow-blob-public-access false
ROLLBACK
az storage account update -n titanlivecdfwpub -g titan-live-20260420 --allow-blob-public-access true
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: REAL CLOUD + FIX VERIFIED
■ SECTION 8 · FIX APPLIED + VERIFIED LIVE ON PROD (April 20, 2026)
FIX APPLIED AT
2026-04-19T15:49:34+00:00
DURATION
11.06s
EXIT CODE
0
POST-FIX STATUS
✔ RESOLVED — POST-FIX RESCAN CONFIRMS FINDING GONE
FIX STDOUT (from live run)
{
 "accessTier": "Hot",
 "accountMigrationInProgress": null,
 "allowBlobPublicAccess": false,
 "allowCrossTenantReplication": false,
 "allowSharedKeyAccess": null,
 "allowedCopyScope": null,
 "azureFilesIdentityBasedAuthentication": null,
 "blobRestoreStatus": null,
 "creationTime": "2026-04-19T15:40:43.218946+00:00",
 "customDomain": null,
 "defaultToOAuthAuthentication": null,
 "dnsEndpointType": null,
 "dualStackEndpointPreference"
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0002
✔ FIXED + VERIFIED ON PROD Azure TITAN SCOUT HIGH

Weak TLS Version

Azure Storage account 'titanlivecdfwpub' has minimumTlsVersion=TLS1_0. CPNI-CPNI Transmission Security requires TLS 1.2 or higher. ...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAMEtitanlivecdfwpub
RESOURCE TYPEMicrosoft.Storage/storageAccounts
REGIONEast US
FULL RESOURCE ID/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260420/providers/Microsoft.Storage/storageAccounts/titanlivecdfwpub
■ SECTION 2 · FINDING DETAILS
Azure Storage account 'titanlivecdfwpub' has minimumTlsVersion=TLS1_0. CPNI-CPNI Transmission Security requires TLS 1.2 or higher. TLS 1.0 is vulnerable to BEAST/POODLE.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(e)(1) + PCI DSS 4.1 + NIST 800-52
■ SECTION 4 · DETECTED STATE (REAL CLI RESPONSE)
{
 "minimumTlsVersion": "TLS1_0"
}
■ SECTION 5 · EXPECTED STATE (TARGET)
{
 "minimumTlsVersion": "TLS1_2"
}
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage account update -n titanlivecdfwpub -g titan-live-20260420 --min-tls-version TLS1_2
ROLLBACK
az storage account update -n titanlivecdfwpub -g titan-live-20260420 --min-tls-version TLS1_0
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: REAL CLOUD + FIX VERIFIED
■ SECTION 8 · FIX APPLIED + VERIFIED LIVE ON PROD (April 20, 2026)
FIX APPLIED AT
2026-04-19T15:49:45+00:00
DURATION
10.4s
EXIT CODE
0
POST-FIX STATUS
✔ RESOLVED — POST-FIX RESCAN CONFIRMS FINDING GONE
FIX STDOUT (from live run)
{
 "accessTier": "Hot",
 "accountMigrationInProgress": null,
 "allowBlobPublicAccess": false,
 "allowCrossTenantReplication": false,
 "allowSharedKeyAccess": null,
 "allowedCopyScope": null,
 "azureFilesIdentityBasedAuthentication": null,
 "blobRestoreStatus": null,
 "creationTime": "2026-04-19T15:40:43.218946+00:00",
 "customDomain": null,
 "defaultToOAuthAuthentication": null,
 "dnsEndpointType": null,
 "dualStackEndpointPreference"
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0003
✔ FIXED + VERIFIED ON PROD Azure TITAN SCOUT HIGH

Weak TLS Version

Azure Storage account 'titanlivecdfwtls' has minimumTlsVersion=TLS1_0. CPNI-CPNI Transmission Security requires TLS 1.2 or higher. ...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAMEtitanlivecdfwtls
RESOURCE TYPEMicrosoft.Storage/storageAccounts
REGIONEast US
FULL RESOURCE ID/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260420/providers/Microsoft.Storage/storageAccounts/titanlivecdfwtls
■ SECTION 2 · FINDING DETAILS
Azure Storage account 'titanlivecdfwtls' has minimumTlsVersion=TLS1_0. CPNI-CPNI Transmission Security requires TLS 1.2 or higher. TLS 1.0 is vulnerable to BEAST/POODLE.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(e)(1) + PCI DSS 4.1 + NIST 800-52
■ SECTION 4 · DETECTED STATE (REAL CLI RESPONSE)
{
 "minimumTlsVersion": "TLS1_0"
}
■ SECTION 5 · EXPECTED STATE (TARGET)
{
 "minimumTlsVersion": "TLS1_2"
}
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage account update -n titanlivecdfwtls -g titan-live-20260420 --min-tls-version TLS1_2
ROLLBACK
az storage account update -n titanlivecdfwtls -g titan-live-20260420 --min-tls-version TLS1_0
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: REAL CLOUD + FIX VERIFIED
■ SECTION 8 · FIX APPLIED + VERIFIED LIVE ON PROD (April 20, 2026)
FIX APPLIED AT
2026-04-19T15:49:55+00:00
DURATION
10.57s
EXIT CODE
0
POST-FIX STATUS
✔ RESOLVED — POST-FIX RESCAN CONFIRMS FINDING GONE
FIX STDOUT (from live run)
{
 "accessTier": "Hot",
 "accountMigrationInProgress": null,
 "allowBlobPublicAccess": false,
 "allowCrossTenantReplication": false,
 "allowSharedKeyAccess": null,
 "allowedCopyScope": null,
 "azureFilesIdentityBasedAuthentication": null,
 "blobRestoreStatus": null,
 "creationTime": "2026-04-19T15:41:38.585655+00:00",
 "customDomain": null,
 "defaultToOAuthAuthentication": null,
 "dnsEndpointType": null,
 "dualStackEndpointPreference"
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0004
✔ FIXED + VERIFIED ON PROD Azure TITAN SCOUT CRITICAL

NSG Rule Open to Internet

Azure NSG 'nsg-titan-cdfw' rule 'allow-ssh-from-internet' allows inbound traffic from 0.0.0.0/0 on port(s) 22. Unrest...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAMEnsg-titan-cdfw
RESOURCE TYPEMicrosoft.Network/networkSecurityGroups
REGIONEast US
FULL RESOURCE ID/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260420/providers/Microsoft.Network/networkSecurityGroups/nsg-titan-cdfw
■ SECTION 2 · FINDING DETAILS
Azure NSG 'nsg-titan-cdfw' rule 'allow-ssh-from-internet' allows inbound traffic from 0.0.0.0/0 on port(s) 22. Unrestricted internet access to internal services.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(a)(1) + PCI DSS 1.3.1 + NIST 800-53 SC-7
■ SECTION 4 · DETECTED STATE (REAL CLI RESPONSE)
{
 "sourceAddressPrefix": "0.0.0.0/0",
 "destinationPortRange": "22",
 "access": "Allow"
}
■ SECTION 5 · EXPECTED STATE (TARGET)
{
 "sourceAddressPrefix": "10.0.0.0/8 (internal-only)",
 "access": "Allow"
}
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az network nsg rule update -g titan-live-20260420 --nsg-name nsg-titan-cdfw -n allow-ssh-from-internet --source-address-prefixes 10.0.0.0/8
ROLLBACK
az network nsg rule update -g titan-live-20260420 --nsg-name nsg-titan-cdfw -n allow-ssh-from-internet --source-address-prefixes '0.0.0.0/0'
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: REAL CLOUD + FIX VERIFIED
■ SECTION 8 · FIX APPLIED + VERIFIED LIVE ON PROD (April 20, 2026)
FIX APPLIED AT
2026-04-19T15:50:07+00:00
DURATION
11.86s
EXIT CODE
0
POST-FIX STATUS
✔ RESOLVED — POST-FIX RESCAN CONFIRMS FINDING GONE
FIX STDOUT (from live run)
{
 "access": "Allow",
 "destinationAddressPrefix": "*",
 "destinationAddressPrefixes": [],
 "destinationPortRange": "22",
 "destinationPortRanges": [],
 "direction": "Inbound",
 "etag": "W/\"5bac26d9-cd2c-488c-af77-020d62ce8d69\"",
 "id": "/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260420/providers/Microsoft.Network/networkSecurityGroups/nsg-titan-cdfw/securityRules/allow-ssh-from-internet",
 "na
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0005
✔ FIXED + VERIFIED ON PROD Azure TITAN SCOUT HIGH

Weak TLS Version

Azure Storage account 'titanlivecdfwnohttps' has minimumTlsVersion=TLS1_0. CPNI-CPNI Transmission Security requires TLS 1.2 or high...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAMEtitanlivecdfwnohttps
RESOURCE TYPEMicrosoft.Storage/storageAccounts
REGIONEast US
FULL RESOURCE ID/subscriptions/4f29d094-1079-44c9-acb0-4d73a7a2dd34/resourceGroups/titan-live-20260420/providers/Microsoft.Storage/storageAccounts/titanlivecdfwnohttps
■ SECTION 2 · FINDING DETAILS
Azure Storage account 'titanlivecdfwnohttps' has minimumTlsVersion=TLS1_0. CPNI-CPNI Transmission Security requires TLS 1.2 or higher. TLS 1.0 is vulnerable to BEAST/POODLE.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(e)(1) + PCI DSS 4.1 + NIST 800-52
■ SECTION 4 · DETECTED STATE (REAL CLI RESPONSE)
{
 "minimumTlsVersion": "TLS1_0"
}
■ SECTION 5 · EXPECTED STATE (TARGET)
{
 "minimumTlsVersion": "TLS1_2"
}
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage account update -n titanlivecdfwnohttps -g titan-live-20260420 --min-tls-version TLS1_2
ROLLBACK
az storage account update -n titanlivecdfwnohttps -g titan-live-20260420 --min-tls-version TLS1_0
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: REAL CLOUD + FIX VERIFIED
■ SECTION 8 · FIX APPLIED + VERIFIED LIVE ON PROD (April 20, 2026)
FIX APPLIED AT
2026-04-19T15:50:17+00:00
DURATION
10.11s
EXIT CODE
0
POST-FIX STATUS
✔ RESOLVED — POST-FIX RESCAN CONFIRMS FINDING GONE
FIX STDOUT (from live run)
{
 "accessTier": "Hot",
 "accountMigrationInProgress": null,
 "allowBlobPublicAccess": false,
 "allowCrossTenantReplication": false,
 "allowSharedKeyAccess": null,
 "allowedCopyScope": null,
 "azureFilesIdentityBasedAuthentication": null,
 "blobRestoreStatus": null,
 "creationTime": "2026-04-19T15:43:21.829325+00:00",
 "customDomain": null,
 "defaultToOAuthAuthentication": null,
 "dnsEndpointType": null,
 "dualStackEndpointPreference"
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
--> --> --> --> --> -->
FINDING ID
TITAN-LIVE-20260420-F0012
AI-FIX SCENARIO Azure TITAN SCOUT CRITICAL

Public CPNI Exposure

Azure Storage container 'patient-data' has public blob access enabled and contains CSV files with patient MRN, ICD-10 codes, an...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDstg-tenant-patient-raw / container:patient-data
■ SECTION 2 · FINDING DETAILS
Azure Storage container 'patient-data' has public blob access enabled and contains CSV files with patient MRN, ICD-10 codes, and NPI numbers. Anonymous reads allowed from any internet IP.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(a)(1) Access Control
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage container set-permission --name patient-data --account-name stg-tenant-patient-raw --public-access off
ROLLBACK
az storage container set-permission --name patient-data --account-name stg-tenant-patient-raw --public-access blob
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0013
AI-FIX SCENARIO Azure TITAN SCOUT CRITICAL

Open SQL Firewall

Azure SQL Server firewall rule 'AllowAllIPs' permits inbound from 0.0.0.0 to 255.255.255.255. Database holding clinical records...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDsql-tenant-prod / firewall-rule:AllowAllIPs
■ SECTION 2 · FINDING DETAILS
Azure SQL Server firewall rule 'AllowAllIPs' permits inbound from 0.0.0.0 to 255.255.255.255. Database holding clinical records is exposed to entire internet.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(a)(1) Access Control
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az sql server firewall-rule update --resource-group $(az sql server show --name sql-tenant-prod --query resourceGroup -o tsv) --server sql-tenant-prod --name AllowAllIPs --start-ip-address 10.0.0.0 --end-ip-address 10.255.255.255
ROLLBACK
az sql server firewall-rule update --resource-group $(az sql server show --name sql-tenant-prod --query resourceGroup -o ts
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0014
AI-FIX SCENARIO Azure TITAN SCOUT HIGH

Weak TLS

Azure Storage account minimum TLS version is set to 1.0. Deprecated protocol vulnerable to BEAST/POODLE attacks. CPNI-CPNI requires TLS 1.2+.
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDstg-tenant-analytics
■ SECTION 2 · FINDING DETAILS
Azure Storage account minimum TLS version is set to 1.0. Deprecated protocol vulnerable to BEAST/POODLE attacks. CPNI-CPNI requires TLS 1.2+.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(e)(1) Transmission Security
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage account update --name stg-tenant-analytics --min-tls-version TLS1_2
ROLLBACK
az storage account update --name stg-tenant-analytics --min-tls-version TLS1_0
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0015
AI-FIX SCENARIO Azure TITAN DATAFACTORY SHIELD CRITICAL

Plaintext Secret in Data Factory

Azure Data Factory pipeline has a plaintext database password in its parameter definition. Credentials visible to anyone with ADF read ac...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDadf-tenant-prod / pipeline:ingest_epic / param:db_password
■ SECTION 2 · FINDING DETAILS
Azure Data Factory pipeline has a plaintext database password in its parameter definition. Credentials visible to anyone with ADF read access. Pipeline processes Epic EHR extracts containing CPNI.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(a)(2)(iv) + NIST 800-53 IA-5(1)
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az datafactory pipeline update --factory-name adf-tenant-prod --name ingest_epic --pipeline-file pipeline_config.json --resource-group $(az datafactory show --name adf-tenant-prod --query resourceGroup -o tsv)
ROLLBACK
az datafactory pipeline update --factory-name adf-tenant-prod --name ingest_epic --pipeline-file pipeline_config_backup.jso
RISK ASSESSMENT
MEDIUM
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN DATAFACTORY SHIELD
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0016
AI-FIX SCENARIO Azure TITAN SCOUT HIGH

App Service HTTP Enabled

Azure App Service hosting the subscriber portal allows HTTP connections (httpsOnly=false). Session cookies + auth tokens transit plaintext. ...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDapp-tenant-patient-portal.azurewebsites.net
■ SECTION 2 · FINDING DETAILS
Azure App Service hosting the subscriber portal allows HTTP connections (httpsOnly=false). Session cookies + auth tokens transit plaintext. TLS downgrade attack surface.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(e)(1) + PCI DSS 4.1
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az webapp update --name app-tenant-patient-portal --resource-group $(az webapp show --name app-tenant-patient-portal --query resourceGroup -o tsv) --https-only true
ROLLBACK
az webapp update --name app-tenant-patient-portal --resource-group $(az webapp show --name app-tenant-patient-portal --query r
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SCOUT
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0017
AI-FIX SCENARIO Azure TITAN GATEKEEPER HIGH

Key Vault Soft-Delete Disabled

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDkv-tenant-secrets
■ SECTION 2 · FINDING DETAILS
Azure Key Vault 'kv-tenant-secrets' has soft-delete protection disabled and purge protection off. Accidental or malicious key deletion is unrecoverable. Vault holds ADF connection strings, encryption keys for CPNI data at rest.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.308(a)(7) Contingency Plan + SOC 2 CC6.1
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az keyvault update --name kv-tenant-secrets --enable-soft-delete true --enable-purge-protection true
ROLLBACK
az keyvault update --name kv-tenant-secrets --enable-soft-delete false --enable-purge-protection false
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN GATEKEEPER
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0018
AI-FIX SCENARIO Azure TITAN DATABRICKS SHIELD CRITICAL

Databricks Workspace Public Network

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDdbw-tenant-analytics / workspace-url
■ SECTION 2 · FINDING DETAILS
Azure Databricks workspace 'dbw-tenant-analytics' deployed without VNet injection. Control plane and worker nodes reachable over public internet. Unity Catalog holds clinical feature tables with MRN keys.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(a)(1) + HITRUST 01.a
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az databricks workspace update --resource-group $(az databricks workspace show --name dbw-tenant-analytics --query resourceGroup -o tsv) --name dbw-tenant-analytics --public-network-access Disabled --required-nsg-rules NoAzureDatabricksRules --custom-virtual-network-id /subscriptions/$(az account show --query id -o tsv)/resourceGroups/$(az databricks workspace show --name dbw-tenant-analytics --query resourceGroup -o tsv)/providers/Microsoft.Network/virtualNetworks/vnet-databricks-secure --custom-public-subnet-name public-subnet --custom-private-subnet-name private-subnet
ROLLBACK
az databricks workspace update --resource-group $(az databricks workspace show --name dbw-tenant-analytics --query resource
RISK ASSESSMENT
MEDIUM
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN DATABRICKS SHIELD
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0019
AI-FIX SCENARIO Azure TITAN SHADOW CRITICAL

Service Principal Key Never Rotated

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDsp-tenant-etl-legacy / clientId:8f2e1c...
■ SECTION 2 · FINDING DETAILS
Azure AD service principal 'sp-tenant-etl-legacy' has a client secret that was created 847 days ago and has never been rotated. Used by a decommissioned ETL job but still has Contributor role on the resource group.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.308(a)(4) + NIST 800-53 IA-5(1)
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az ad sp delete --id 8f2e1c
ROLLBACK
az ad sp create-for-rbac --name 'sp-tenant-etl-legacy' --role Contributor --scopes '/subscriptions/$(az account show --quer
RISK ASSESSMENT
MEDIUM
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SHADOW
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0020
AI-FIX SCENARIO Azure TITAN SHADOW HIGH

Azure AD App With No Owners

Azure AD enterprise application 'Copilot-Legacy-POC' has zero owners assigned and permissions consented: User.Read.All, Mail.Re...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDenterpriseApp:Copilot-Legacy-POC
■ SECTION 2 · FINDING DETAILS
Azure AD enterprise application 'Copilot-Legacy-POC' has zero owners assigned and permissions consented: User.Read.All, Mail.Read, Files.ReadWrite.All. No one is accountable for this app.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.308(a)(4) + SOC 2 CC6.2
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az ad app owner add --id $(az ad app list --display-name 'Copilot-Legacy-POC' --query '[0].appId' -o tsv) --owner-object-id $(az ad user show --id [email protected] --query 'id' -o tsv)
ROLLBACK
az ad app owner remove --id $(az ad app list --display-name 'Copilot-Legacy-POC' --query '[0].appId' -o tsv) --owner-obj
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SHADOW
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0021
AI-FIX SCENARIO Azure TITAN GATEKEEPER HIGH

Dangling DNS Record

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDtenant-legacy-prod.azurewebsites.net / CNAME -> deleted App Service
■ SECTION 2 · FINDING DETAILS
Custom domain 'tenant-legacy.example.com' CNAMEs to 'tenant-legacy-prod.azurewebsites.net' which no longer exists. Subdomain hijacking risk — any attacker can claim the Azure hostname and serve content under your domain.
■ SECTION 3 · REGULATORY CONTEXT
NIST 800-53 SC-20 + OWASP A10 Subdomain Takeover
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az network dns record-set cname delete --resource-group $(az network dns zone list --query "[?name=='example.com'].resourceGroup" -o tsv) --zone-name example.com --name tenant-legacy --yes
ROLLBACK
az network dns record-set cname create --resource-group $(az network dns zone list --query "[?name=='example.com'].resou
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN GATEKEEPER
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0022
AI-FIX SCENARIO Azure TITAN GATEKEEPER CRITICAL

TLS Certificate Expired

Wildcard TLS certificate '*.tenant-health.com' attached to Azure Application Gateway expired 9 days ago. Browsers show NET::ERR_CE...
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE ID*.tenant-health.com certificate
■ SECTION 2 · FINDING DETAILS
Wildcard TLS certificate '*.tenant-health.com' attached to Azure Application Gateway expired 9 days ago. Browsers show NET::ERR_CERT_DATE_INVALID. All patient-portal traffic interrupted.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.312(e)(1) + PCI DSS 4.1
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az network application-gateway ssl-cert update --gateway-name tenant-health-appgw --resource-group tenant-health-rg --name tenant-health-wildcard-cert --cert-file /path/to/new-tenant-health-wildcard.pfx --cert-password $CERT_PASSWORD
ROLLBACK
az network application-gateway ssl-cert update --gateway-name tenant-health-appgw --resource-group tenant-health-rg --name tenant
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN GATEKEEPER
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0023
AI-FIX SCENARIO Azure TITAN AI GUARD CRITICAL

CPNI Leaked to External LLM Endpoint

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-live-20260420
RESOURCE NAME
RESOURCE TYPE
REGIONEast US
FULL RESOURCE IDexternal-llm-endpoint | user:[email protected]
■ SECTION 2 · FINDING DETAILS
TITAN AI GUARD intercepted a prompt from a call-center workstation to an external LLM endpoint containing a customer phone number, billing address, and recent call detail records. Redact-in-flight policy triggered; original prompt logged to immutable store for CPNI audit.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.502 Minimum Necessary + NIST AI RMF GOVERN-1.1
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az network nsg rule create --resource-group rg-titan-security --nsg-name nsg-callcenter-workstations --name block-external-llm --priority 100 --direction Outbound --access Deny --protocol Tcp --destination-address-prefixes 'external-llm-endpoint' --destination-port-ranges 443 --source-address-prefixes '10.0.100.0/24'
ROLLBACK
az network nsg rule delete --resource-group rg-titan-security --nsg-name nsg-callcenter-workstations --name block-external-llm
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN AI GUARD
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
--> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> -->
FINDING ID
TITAN-LIVE-20260420-F0045
AI-FIX SCENARIO Multi TITAN SENTINEL CRITICAL

Impossible Travel Detected

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEuser:[email protected] / Azure AD sign-in
■ SECTION 2 · FINDING DETAILS
TITAN SENTINEL detected two successful Azure AD sign-ins for '[email protected]' within 42 minutes: first from San Francisco (IP 73.12.x.x), second from Kyiv, Ukraine (IP 185.47.x.x). Physically impossible travel. MFA was satisfied on both — credential-stealer / token-replay attack likely.
■ SECTION 3 · REGULATORY CONTEXT
NIST 800-53 AC-7 + CPNI-CPNI 164.308(a)(1)(ii)(D)
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az ad user update --id [email protected] --force-change-password-next-sign-in true && az ad signed-in-user revoke-refresh-tokens --upn [email protected]
ROLLBACK
az ad user update --id [email protected] --force-change-password-next-sign-in false
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN SENTINEL
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0046
AI-FIX SCENARIO Multi TITAN DR-GUARD CRITICAL

RPO Objective Exceeded

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEAzure Cosmos DB:cosmos-tenant-prod / replica:WestUS2
■ SECTION 2 · FINDING DETAILS
TITAN DR-GUARD detected RPO violation. Azure Cosmos DB primary region East US has not replicated to secondary West US 2 for 6h 14m (contracted RPO: 1h). Backlog = 847,221 writes. If primary fails now, 6h of clinical data loss.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.308(a)(7)(ii)(A) Data Backup Plan + SOC 2 A1.2
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az cosmosdb sql container throughput update --account-name cosmos-tenant-prod --database-name $(az cosmosdb sql database list --account-name cosmos-tenant-prod --query '[0].name' -o tsv) --name $(az cosmosdb sql container list --account-name cosmos-tenant-prod --database-name $(az cosmosdb sql database list --account-name cosmos-tenant-prod --query '[0].name' -o tsv) --query '[0].name' -o tsv) --throughput 20000
ROLLBACK
az cosmosdb sql container throughput update --account-name cosmos-tenant-prod --database-name $(az cosmosdb sql database li
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN DR-GUARD
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0047
AI-FIX SCENARIO Multi TITAN PHOENIX HIGH

Cascade Failure Recovered

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEdeployment:patient-portal-v4.2.1 / region:azure-eastus
■ SECTION 2 · FINDING DETAILS
TITAN PHOENIX auto-recovered from a cascade failure. App Service deployment v4.2.1 started returning 502s at 03:41 UTC. PHOENIX detected traffic drop, confirmed drift vs baseline snapshot, initiated rollback to v4.2.0 in 94s. Zero customer calls needed.
■ SECTION 3 · REGULATORY CONTEXT
NIST 800-53 CP-10 + SOC 2 A1.2
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az webapp deployment slot create --name patient-portal --resource-group titan-healthcare-rg --slot staging --configuration-source patient-portal && az webapp config appsettings set --name patient-portal --resource-group titan-healthcare-rg --slot staging --settings HEALTH_CHECK_PATH=/api/health DEPLOYMENT_VALIDATION=true
ROLLBACK
az webapp deployment slot delete --name patient-portal --resource-group titan-healthcare-rg --slot staging
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN PHOENIX
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0051
AI-FIX SCENARIO Multi TITAN BANKING_COMPLIANCE HIGH

PCI Evidence Gaps

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEevidence-pack:PCI-Q2-2026
■ SECTION 2 · FINDING DETAILS
TITAN BANKING_COMPLIANCE control scan found 3 evidence gaps in Q2 2026 PCI attestation pack: 6.4.5 (no change-control documentation for the 17 April patch deployment), 10.6.1 (security event log review not documented for 11 days), 11.2.1 (internal vuln scan overdue by 6 days). Assessor will flag during onsite.
■ SECTION 3 · REGULATORY CONTEXT
PCI DSS 6.4.5 + 10.6.1 + 11.2.1
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage blob upload-batch --destination pci-evidence-q2-2026 --source ./evidence-remediation --account-name titancompliancestorage --auth-mode login --pattern '*.pdf'
ROLLBACK
az storage blob delete-batch --source pci-evidence-q2-2026 --account-name titancompliancestorage --pattern 'remediation-
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN BANKING_COMPLIANCE
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0053
AI-FIX SCENARIO Multi TITAN VOICE CRITICAL

CPNI-CPNI Violation in Call Transcript

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEcall-id:CAL-20260418-83921 / clinician:nurse-sarah-m
■ SECTION 2 · FINDING DETAILS
TITAN VOICE flagged a clinical call QA issue: transcript of 17-min call contains patient MRN '88221-457' and DOB '1978-03-14' in plaintext metadata (not redacted before transcript storage). Violates minimum-necessary rule for downstream analytics access.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.502(b) Minimum Necessary
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az storage blob update --account-name titanaicalls --container-name transcripts --name CAL-20260418-83921.json --metadata redaction_status=pending && az functionapp function invoke --name redact-phi-function --resource-group titan-ai-prod --function-name RedactTranscriptCPNI --data '{"call_id":"CAL-20260418-83921","phi_elements":["MRN","DOB"],"redaction_method":"tokenize"}'
ROLLBACK
az storage blob update --account-name titanaicalls --container-name transcripts --name CAL-20260418-83921.json --metadat
RISK ASSESSMENT
MEDIUM
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN VOICE
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0054
AI-FIX SCENARIO Multi TITAN ENGAGE HIGH

Risk Model Using Prohibited Attributes

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEmember-scoring-batch:2026-04-18 / model:risk-v3.2
■ SECTION 2 · FINDING DETAILS
TITAN ENGAGE detected member-risk-scoring model v3.2 is using ZIP code as a feature, which correlates with race/ethnicity (Fair Housing Act concern) and has drifted 11% since last retrain. Model output feeds care-management outreach priority.
■ SECTION 3 · REGULATORY CONTEXT
ONC HTI-1 Final Rule + NIST AI RMF GOVERN-1.4 + Fair Housing
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az ml job create --file model-retrain-job.yaml --set inputs.excluded_features='zip_code' --set inputs.bias_metrics_enabled=true --set inputs.model_version='3.3' --resource-group titan-ml-rg --workspace-name titan-ml-ws
ROLLBACK
az ml model restore --name risk --version 3.2 --resource-group titan-ml-rg --workspace-name titan-ml-ws
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN ENGAGE
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0055
AI-FIX SCENARIO Multi TITAN WATCH HIGH

SLO Burn Rate Exploding

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEAzure Monitor / app:patient-portal / p99-latency
■ SECTION 2 · FINDING DETAILS
TITAN WATCH detected error budget burn rate at 14.3x sustained over the last 27 minutes on 'patient-portal'. At current rate, the 30-day SLO (99.9% availability) will be exhausted in 2h 11m. Root cause correlates with a Cosmos DB throttling event (429 responses spiking).
■ SECTION 3 · REGULATORY CONTEXT
SOC 2 A1.1 + NIST 800-53 CP-2
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az cosmosdb sql database throughput update --account-name titan-cosmosdb --database-name patient-portal-db --throughput 4000
ROLLBACK
az cosmosdb sql database throughput update --account-name titan-cosmosdb --database-name patient-portal-db --throughput
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN WATCH
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0056
AI-FIX SCENARIO Multi TITAN PULSE MEDIUM

Outreach Without Revocation Check

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEoutreach-campaign:ASCVD-risk-2026-Q2 / 18,421 recipients
■ SECTION 2 · FINDING DETAILS
TITAN PULSE identified a member-outreach campaign that queued 18,421 SMS sends without checking the 'opt-out-since-last-campaign' table. 227 members had revoked consent in the last 30 days and would have received unwanted clinical SMS — TCPA + CPNI-CPNI disclosure exposure.
■ SECTION 3 · REGULATORY CONTEXT
CPNI-CPNI 164.520(c) + TCPA 47 USC 227
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az servicebus queue purge --name outreach-campaign-queue --namespace-name titan-messaging --resource-group titan-comms && az logic apps workflow run cancel --name ASCVD-risk-2026-Q2 --resource-group titan-workflows
ROLLBACK
az logic apps workflow run trigger --name ASCVD-risk-2026-Q2 --resource-group titan-workflows --trigger-name manual
RISK ASSESSMENT
HIGH
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN PULSE
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0057
AI-FIX SCENARIO Multi TITAN PREDICT HIGH

Model Drift Beyond Tolerance

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEprediction-model:ED-readmit-v2.4 / inference:batch-2026-04-18
■ SECTION 2 · FINDING DETAILS
TITAN PREDICT detected drift in the ED-readmission risk model: input distribution shift 0.31 PSI score (threshold 0.20) compared to training data, prediction distribution shift 0.24 PSI (threshold 0.15). Model output drives clinician workflow prioritization — untrusted predictions right now.
■ SECTION 3 · REGULATORY CONTEXT
NIST AI RMF MANAGE-2.3 + FDA SaMD GMLP
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az ml model update --name ED-readmit-v2.4 --set tags.status=drift_detected tags.auto_disabled=true --disable-model --enable-model ED-readmit-baseline-v1.8
ROLLBACK
az ml model update --name ED-readmit-v2.4 --set tags.status=active tags.auto_disabled=false --enable-model --disable-mod
RISK ASSESSMENT
MEDIUM
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN PREDICT
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FINDING ID
TITAN-LIVE-20260420-F0058
AI-FIX SCENARIO Multi TITAN CODE_AGENT MEDIUM

ETL Quality Regression

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
CONTEXTVertical agent finding (cross-cloud / business-data scope)
RESOURCE / SCOPEpipeline:claims-normalization / stage:dedup / 2026-04-18 run
■ SECTION 2 · FINDING DETAILS
TITAN CODE_AGENT flagged a quality regression in the nightly claims pipeline: duplicate-row ratio jumped from 0.2% baseline to 4.7% on the 2026-04-18 run. 2,847 rows fail dedup. Root cause: upstream source schema added a 'claim_version_seq' column that the dedup key didn't incorporate.
■ SECTION 3 · REGULATORY CONTEXT
SOC 2 PI1.1 + NIST 800-53 SI-10 Information Input Validation
■ SECTION 6 · AUTOMATED REMEDIATION
FIX COMMAND
az pipelines variable-group variable update --group-id claims-pipeline-config --name DEDUP_KEY_COLUMNS --value 'claim_id,patient_id,provider_id,service_date,claim_version_seq'
ROLLBACK
az pipelines variable-group variable update --group-id claims-pipeline-config --name DEDUP_KEY_COLUMNS --value 'claim_id
RISK ASSESSMENT
LOW
■ SECTION 7 · AUDIT TRAIL
Scan ID: TITAN-LIVE-20260420
Detected by: TITAN CODE_AGENT
Detected at: April 20, 2026
Source: AI REMEDIATION DEMO
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE