PolicyDrift

PolicyDrift is a web app (with optional CLI) that continuously detects and fixes cloud security configuration drift across AWS, Azure, and GCP. Instead of trying to be a full CSPM, it focuses on the 20% of controls that cause 80% of real incidents: public storage, overly permissive IAM, exposed security groups, missing encryption, and logging gaps. It connects via read-only roles, maps current state to a small set of opinionated baselines (CIS-lite), and generates pull requests for IaC repos (Terraform/CloudFormation) to make fixes permanent. For teams without mature IaC, it can apply guarded, reversible changes with approvals and full audit trails. A lightweight AI layer summarizes risk in plain language, explains blast radius, and proposes least-privilege policy diffs, but the product remains deterministic and auditable. The goal is fewer breaches, fewer false positives, and faster remediation without hiring more cloud security engineers.