Introducing Cloud Search
From question to insight, in seconds.
Gain instant visibility into your cloud environment with Aikido Cloud Search. Search your cloud like a database. Whether you want to identify exposed databases, vulnerable virtual machines, or over-permissive IAM roles — Aikido gives you the power to uncover risk in seconds. No query language required, no waiting on devops.
Just describe what you’re looking for, like “Give me all VMs with CVE-2025-32433 that have port 22 open.”
Scroll down to "How It Works" to get technical. For now, let's jump right into what you can uncover with Aikido.
How it Works in Practice
After syncing your cloud environment, Aikido builds a dynamic graph of all your assets, enriched with cloud metadata (from AWS APIs) and security signals (e.g., vulnerabilities, EOL software, misconfigurations). Using natural language, you can query this asset graph — Aikido parses your input, translates it into graph logic, and returns the matching assets. Instantly gain visibility, explore related assets, understand the context of each risk, examine the search logic behind the results, and more.
See What Aikido Can Uncover
Query & Why It Matters
public s3 buckets
Public S3 buckets are frequently misconfigured and can lead to data exposure or leaks. There are also multiple ways to make a bucket public.
buckets outside eu
Helps enforce data residency compliance (e.g., GDPR), ensuring sensitive data doesn't leave allowed regions.
users without mfa
Accounts without Multi-Factor Authentication are vulnerable to account takeover via credential theft.
users with programmatic access
Identifies users who can interact with the cloud via API keys—these credentials are a common target for attackers.
databases without deletion protection
Prevents accidental or malicious deletion of critical databases.
Go Even Deeper with these Networking, IAM, CVEs/EOL Prompts
ec2 instances with open management ports
Ports like SSH (22) and RDP (3389) open to the internet are major attack vectors for unauthorized access.
rds databases allowing traffic from ec2 instances
Helps identify trust relationships and lateral movement paths that attackers could exploit.
lambda functions not running in VPCs
Functions outside VPCs may lack network controls and expose sensitive traffic to the public internet.
ec2 instances that might host databases
Helps identify data stores that may need additional protection or monitoring, even if not explicitly labeled.
lambdas with access to VPC endpoints
Misused Lambda functions with VPC access can interact with sensitive internal services or databases.
ec2 instances with access to s3 buckets
Detects possible data exfiltration paths via overly-permissive IAM roles.
lambdas that can create users
Functions with privilege to create users can be abused for persistence or privilege escalation.
iam roles accessible from other accounts
Cross-account access increases your attack surface and may be unmonitored.
users with admin privileges
Overprivileged users are a primary cause of security misconfigurations and insider threats.
overprivileged IAM roles
Detects roles with excessive permissions that exceed least-privilege best practices.
ec2 instances vulnerable to CVE-2025-21613
Allows targeted remediation of known, high-risk vulnerabilities in your infrastructure.
ec2 instances running outdated OS
Legacy systems often lack critical security patches and support, increasing risk.
vms with outdated python
Outdated runtimes can be vulnerable and incompatible with modern security libraries.
VM with critical vulnerabilities
Prioritizes remediation of VMs that have the highest likelihood of being exploited, based on vulnerability severity.
ec2 instances vulnerable to log4shell
Specific vulnerability targeting ensures you can patch critical zero-days quickly and thoroughly.
public ec2 instances vulnerable to CVE-2025-21613 with access to s3 buckets
Models an end-to-end attack chain: public exposure + vulnerability + access to sensitive data.
lambda functions created manually
Manual provisioning can bypass IaC guardrails or compliance checks.
functions exposed to the internet with admin permissions
Serverless resources with admin rights and internet exposure can be abused for privilege escalation and data exfiltration.
my riskiest datastores
Lets Aikido surface the highest-risk data assets based on exposure, vulnerability, and privilege — for prioritized protection.
Prompting Best Practices
1) Describe anything
There are no predefined prompts, terms, or rules to follow. You can describe anything you want to see from your cloud environment, and let Aikido figure out what it needs to search and generate the queries.
2) Use single keywords for broad discovery
Enter a single keyword, and Aikido will run a broad text search across your assets. For example, searching for a user’s name will return:
- that user,
- any groups they belong to,
- assets where their name appears in tags,
- and policies that mention them.
Tip: Use key terms like usernames, instance names, or tag values to quickly find relevant assets and permissions.For example, typing Alice might show you her user profile, groups she's in, EC2 instances tagged with her name, and IAM policies that mention her — all in one search.
3) Search memory
Aikido remembers your past searches, so results load faster the next time. You can also easily revisit your previous queries — they’re saved per user, just for your account. See search history for the keyterm bucket below:
How To Search Your Cloud
1. Go to Clouds then Assets.
This is your unified cloud inventory view. Filter by cloud provider, account, or region as needed.
2. Describe what you want
To query your cloud inventory, simply describe what you’re looking for in natural language. Aikido interprets your prompt, breaks it down into one or more logical steps, and retrieves the relevant assets. You’ll see intermediate results for each step as Aikido works toward the final output.
In the above example, the prompt "show me EC2 instances with access to S3 buckets" triggers the following process:
- Identify EC2 instances with IAM roles (via instance profiles)
- Find IAM roles with access to S3 (via inline or attached policies)
- Locate S3 bucket policies granting access to those roles
- Combine these findings into a final result
3. Examine Findings
Aikido will surface all related assets to your search, understanding the context of your cloud environment. Aikido checks all mechanisms and considers a wide scope of aspects in each search, providing you insight far beyond the usual CSPM and corelating issues in seconds.
You can view a step-by-step breakdown by clicking the Explain Result button in the top right. Here’s what that looks like for the prompt above:
4) Set custom rules, alerts, and tasks
Save any prompt as an alert. Stay on top of changes and emerging risks in your environment via email, Slack, Microsoft Teams or wherever you work. Create and automate tasks so your team is immediately notified when critical conditions are met, like EC2 instances accessible from the internet on management ports. With Aikido, alerts aren’t just noise — they’re tailored, actionable, and built around the exact questions your team cares about.
With that, the power of search is in your hand. Go from question to insights in seconds with Aikido. Search your cloud today. What will you find?
.jpg)
.svg)
.png)
.png)
.png)
.jpg)
.jpg)
.jpg)
.avif)
