PrivScope

PrivScope is a web app (with optional lightweight desktop agent) that continuously detects and reduces excessive privileges across SaaS and cloud tools. It connects to common identity providers and apps (Okta, Entra ID, Google Workspace, AWS) and builds a live map of who has admin, billing, data-export, and “god mode” permissions. It flags toxic combinations (e.g., user admin + mailbox access), dormant privileged accounts, and privilege creep after role changes. Instead of generic reports, it generates actionable, least-privilege change plans: which groups to split, which roles to downgrade, and which approvals to require. It also supports “privilege attestations” with evidence: managers review only the high-risk access, with clear business context and one-click remediation tickets. This is a combination traditional + AI app: AI helps summarize risk, propose remediation steps, and draft change tickets, but the core is deterministic policy and permission graphing.