KeyScope

KeyScope is a web app (with optional CLI) that continuously scans your cloud estate for exposed secrets and risky identity artifacts—API keys, access tokens, kubeconfigs, SSH keys, and overly-permissive IAM roles. It connects read-only to AWS, Azure, and GCP, inspects common leak paths (object storage, container registries, serverless env vars, CI logs, parameter stores, and public endpoints), and correlates findings with actual reachability and privilege. The AI layer helps triage by explaining blast radius in plain language, mapping to MITRE techniques, and generating step-by-step remediation tickets (least-privilege policy suggestions, rotation steps, and guardrails). It also monitors for re-exposure after fixes and provides an “exposure timeline” to prove when secrets were accessible. This is not a full CSPM replacement; it’s a focused exposure detector that aims to be fast to deploy and brutally clear about what’s exploitable now.