Why It Matters How It Works Features About White Paper
AI-Powered Cloud Advisor

Your AWS account is

Exposed.

Let's change that.

Not just a scanner — a full security advisor. Run 27+ risk checks across 10 AWS services, get an AI-generated fix plan with exact console steps. Free. No signup.

27 Risk Rules
10 AWS Services
<60s Scan Time
$0 Free
Scroll
Why It Matters

The threats you
don't see.

Most developers launch on AWS without ever auditing their infrastructure. One misconfigured security group. One user without MFA. One public S3 bucket. That is all an attacker needs.

01
🔓
Open to the Internet

SSH port 22 exposed to 0.0.0.0/0 means automated scanners find your server within minutes. They never stop.

73%
of breaches start with exposed ports
02
🔑
No MFA Protection

One leaked password. Full account access. No second check standing between an attacker and everything you have built.

99%
of account takeovers prevented by MFA
03
📂
Silent Data Exposure

Public S3 buckets serve your files to anyone who finds the URL. Most owners never know until it is too late.

$4.88M
average cost of a data breach in 2024
How It Works From access to clarity.
Step 01 · Connect
Deploy a read-only role via CloudFormation

No manual IAM setup. Click the link, deploy our one-click CloudFormation stack, and paste the Role ARN. We assume that role for the scan — read-only, nothing else.

# One-click deploy — no manual IAM needed
1. Click "Deploy Stack" in Emfirge
2. AWS Console opens — click "Create stack"
3. Copy the RoleArn from Outputs tab
4. Paste it into Emfirge and scan
 
# What the stack creates
EmfirgeReadOnlyRole ReadOnlyAccess only
Step 02 · Scan
60 second deep infrastructure scan

We check EC2, S3, RDS, IAM, CloudTrail, CloudWatch, Cost Explorer, Budgets, GuardDuty, Lambda, and Secrets Manager across 27 security rules simultaneously.

EC2 instances & security groups
S3 bucket ACLs & encryption
IAM users, MFA, root keys
CloudTrail audit logging
Analyzing with Gemini AI...
Step 03 · Advise
AI advisor gives you exact fix steps

Not just what is wrong. Why an attacker would target it. And the precise AWS console clicks to fix it today.

[01] Lock SSH Access
  RISK: sg-059631727117595f4
  WHY: Scanners probe port 22 every minute
  FIX: EC2 → Security Groups → Edit rules
Features Everything your account needs.
Risk Assessment
58
/100
49
Security
100
Availability
93
DR
93
Cost
0–100 Risk Score

Weighted across Security (40%), Availability (25%), Disaster Recovery (15%). Higher is safer. Always.

AI Advisor
🤖 AI ANALYSIS · GEMINI 2.5 FLASH
01 Lock Down SSH Access
02 Enable MFA for dev-admin
03 Stop Using Root Account
04 Enable CloudTrail
05 Enable S3 Versioning
Priority Action Plan

Ranked by impact × ease. Fix these 5 things and your score improves 40 points.

Findings
CRITICAL
SSH port 22 open to internet (0.0.0.0/0)
↳ Automated scanners find you in minutes
→ EC2 > Security Groups > Edit rules
MODERATE
Root account used recently
↳ Root has unlimited unrestricted power
→ IAM > Create admin user > Switch now
GOOD
All S3 buckets are private
Three-Layer Findings

What is wrong. Why it is dangerous. How to fix it. Every single finding.

Live Output
EC2 scan complete — 1 issue
S3 scan complete — 0 issues
IAM audit — 2 issues
CloudTrail — checking...
· Gemini analyzing findings...
Live Scan Output

Watch your infrastructure being analyzed in real time. Every service. Every check.

Coverage
EC2
S3
RDS
IAM
CloudTrail
CloudWatch
Cost Explorer
Budgets
GuardDuty
Lambda
Secrets Manager
Config ↗
10 AWS Services. 27 Rules.

The checks that actually matter for a solo developer or small team. Nothing more, nothing less.

Every tool I found was built for security teams at companies with budgets I didn't have.
The Story

Built by a CS student who got frustrated.

Every tool I found cost $500/month, required a security team to interpret, and was built for enterprises with dedicated compliance people. I'm a CS student building on AWS at 2am. None of those tools were for me.

So I built Emfirge for people like me. A free advisor that speaks plain English, tells you exactly what is wrong, and gives you the steps to fix it today.

No enterprise contract. No security degree. Just clarity.

A
Ansh Sonkar
CS Student, Bennett University
theanshsonkar
Scan your account. Right now. Free · Read-only · No signup · 60 seconds
🔒 Read-only role · Keys never stored · Free
Connect · Step 01 of 02

Deploy a read-only role

One-click CloudFormation stack. No keys. No manual IAM. We assume a read-only role to scan — nothing else.

01
Deploy the CloudFormation stack

Click below. AWS Console opens with our pre-built template. Click "Create stack" — takes under 60 seconds.

Open AWS Console — Deploy Stack
Creates: EmfirgeReadOnlyRole with ReadOnlyAccess only
02
Paste the Role ARN

After the stack creates, go to the Outputs tab and copy the RoleArn value.

03
Select your region
Try Demo Mode instead →
🔒 Read-only role only · No keys stored · We never modify your account · Free
Security Report
4 resources · ap-south-1 · 35.5s · March 11 2026
MODERATE RISK
0
/100
Overall Risk Score
Category Breakdown
🛡️ Security
0
Availability
0
🔄 Disaster Recovery
0
💰 Cost
0
AI Analysis · Gemini 2.5 Flash

    Your Action Plan
    Ranked by impact × ease of fix
    All Findings
    Cost Configuration
    ✓ Cost configuration looks healthy — budgets are configured
    Report
    Your full report is ready
    Link expires in 1 hour
    Download Report
    Technical Document — Version 1.0
    Emfirge · March 2026

    Technical

    Whitepaper.
    March 2026
    Cloud Security Advisory for Developers
    Ansh Sonkar, Bennett University
    10 AWS Services
    27 Security Rules
    0–100 Risk Score
    $0 Cost
    <60s Scan Time
    01 — The Problem

    The gap between nothing and enterprise.

    Cloud misconfiguration is the leading cause of data breaches for small teams and individual developers. According to IBM's 2024 Cost of a Data Breach Report, the average breach costs $4.88 million. For a solo developer or early-stage startup, a single misconfigured S3 bucket or exposed SSH port can mean complete account compromise, data loss, and irreversible reputational damage.

    The tools that exist to prevent this fall into two categories. Enterprise platforms like Wiz, Orca, and Lacework cost thousands of dollars per month and are designed for dedicated security teams at large organizations. Free tools like AWS Trusted Advisor and Prowler produce hundreds of technical findings with no explanation of severity, no plain-English descriptions, and no actionable guidance on what to fix first.

    Between these two extremes sits an enormous underserved market — the estimated 30 million solo developers and small startups actively running workloads on AWS with no security background and no budget for enterprise tooling. These users are not careless. They are building products, moving fast, and operating without the institutional knowledge that larger teams take for granted. They need an advisor, not another dashboard full of alerts they do not understand.

    🏢
    Enterprise Tools
    Wiz, Orca, Lacework — thousands per month. Built for security teams, not developers.
    📋
    Free Tools
    AWS Trusted Advisor, Prowler — hundreds of findings, no severity, no plain-English guidance.
    🎯
    The Gap — Where Emfirge Lives
    30 million solo developers and small startups on AWS with no security background, no budget for enterprise tooling, and no tool that speaks their language.
    02 — What Emfirge Does

    A free AI-powered cloud advisor.

    Emfirge connects to an AWS account using a one-click CloudFormation role — no access keys, no manual IAM configuration — scans the infrastructure across 10 services and 27 security rules, scores the account on a 0–100 scale, and uses Gemini 2.5 Flash to generate a prioritized action plan in plain English.

    03 — The Advisor Experience

    Three layers. Every finding.

    The key distinction from every existing tool is the advisor experience. Every finding Emfirge surfaces has three layers — not just a label and a description, but a complete picture of what happened, why it matters, and exactly what to do about it today.

    01
    What is wrong
    A specific, resource-aware explanation of the misconfiguration. Not "SSH is open" but "sg-059631727117595f4 allows port 22 from 0.0.0.0/0."
    02
    Why it is dangerous
    A concrete attacker scenario. Not "could lead to unauthorized access" but "automated scanners probe port 22 every minute. If your SSH key is weak, the server can be compromised within hours."
    03
    How to fix it
    Exact AWS console steps. Not "restrict SSH" but "Step 1: EC2 → Security Groups. Step 2: Select sg-059631727117595f4. Step 3: Edit inbound rules. Step 4: Delete port 22 from 0.0.0.0/0. Step 5: Add rule restricted to your IP."

    This three-layer structure is what separates Emfirge from a scanner. A scanner tells you what is wrong. An advisor tells you what to fix first, why it matters, and exactly how to fix it today.

    04 — How Users Connect

    CloudFormation role. No keys.

    Emfirge uses AWS cross-account role assumption instead of access keys. This is a fundamentally more secure and user-friendly approach.

    1
    Deploy Stack
    The user clicks "Deploy Stack." AWS Console opens with a pre-built CloudFormation template that creates a read-only IAM role called EmfirgeReadOnlyRole with the AWS managed ReadOnlyAccess policy attached.
    2
    Copy Role ARN
    AWS creates the role in under 60 seconds. The user copies the RoleArn value from the CloudFormation Outputs tab.
    3
    Scan
    The user pastes the Role ARN into Emfirge and clicks Scan. Emfirge assumes the role using STS AssumeRole, performs the scan, and temporary credentials expire automatically after the session ends.
    🔑
    No long-lived credentials
    Temporary STS credentials expire automatically — typically in one hour.
    🗑️
    Instantly revocable
    Delete the CloudFormation stack at any time to permanently revoke all access.
    💾
    Nothing to store
    Nothing to store, nothing to rotate, nothing to leak. Only the Role ARN is retained — it carries no permissions on its own.
    AWS best practices
    Follows AWS security best practices for cross-account access. Zero access after scan completes.
    05 — Technical Architecture

    Built to last.

    BackendPython 3.11
    FastAPI
    FastAPI with automatic OpenAPI documentation, Pydantic request validation, and high-performance request handling. Four endpoints — /analyze, /health, /logs, /logs/{id}. Rate limiting at 2 scans per day per AWS account.
    Collectionboto3
    AWS SDK
    Every API call uses a 10-second timeout to prevent hanging. Credential validation via AWS STS happens before any scanning begins — if role assumption fails, the scan fails immediately with a clear error message.
    AI LayerGemini 2.5
    Flash
    Findings passed to Google Gemini 2.5 Flash via google-genai. Returns a prioritized action plan of up to 5 items. If Gemini fails for any reason, the scan completes successfully and returns all findings without the AI layer — graceful degradation.
    PersistenceSupabase
    PostgreSQL
    Every completed scan is logged — risk scores, category scores, finding counts, scan duration, region, and full AI response. Historical record enables future score trending and scan comparison.
    ReportsAWS S3
    Presigned URL
    Full scan report saved as JSON to S3 immediately after each scan. A presigned URL valid for one hour is returned to the user for download — no authentication against the Emfirge backend required.
    DeploymentDocker
    EC2 · CI/CD
    Containerised with Python 3.11-slim base image, runs as non-root user. Built and pushed to DockerHub automatically via GitHub Actions on every push to main. Runs on AWS EC2 behind nginx.
    ObservabilityAgentOps
    Every scan session tracked via AgentOps — visibility into success/failure rates, latency, and AI model performance. Each session marked Success or Fail based on scan completion.
    06 — Services Covered

    10 services. 27 rules.

    The collector covers every service that matters for a solo developer or small team — the checks that cause real breaches, not theoretical audit items.

    EC2
    Instances, security groups, load balancers, auto scaling groups
    S3
    Bucket ACLs, default encryption, versioning status
    RDS
    Automated backups, public accessibility, storage encryption
    IAM
    Root access keys, MFA per user, access key age, root account activity
    CloudTrail
    Logging status, multi-region coverage, log file validation
    Cost Explorer
    Budget alerts, billing alarms, service cost distribution
    CloudWatch
    Alarm configuration, billing alarm coverage
    GuardDuty
    Threat detection enablement status
    Lambda
    Function IAM roles, timeout configuration, runtime versions
    Secrets Mgr
    Plaintext secrets detection in Lambda environment variables
    07 — Scoring System

    Penalty-based. Always honest.

    Every account starts at 100. Each finding that fires deducts points based on severity. The score never goes below 0. A higher score always means a safer account — the scale is never reversed.

    Critical Finding
    −15
    points deducted
    Moderate Finding
    −7
    points deducted
    Low Finding
    −2
    points deducted

    The overall score is a weighted average across categories:

    40%
    Security
    25%
    Availability
    15%
    Disaster Recovery
    20%
    Reserved

    Cost is scored separately on the same penalty system and reported independently from the overall risk score.

    LOW 75 – 100
    Healthy
    MODERATE 50 – 74
    Needs work
    HIGH 25 – 49
    Urgent
    CRITICAL 0 – 24
    Immediate
    08 — AI Advisory Layer

    Gemini 2.5 Flash. Plain English.

    After scoring is complete, findings are passed to Google Gemini 2.5 Flash via the google-genai library. Gemini returns a prioritized action plan of up to 5 items, ranked by impact multiplied by ease of fix.

    Each action contains a plain-English explanation of what is wrong, a concrete attacker scenario describing the real-world risk, and exact AWS console steps to remediate the issue. The prompt instructs Gemini to act as a knowledgeable advisor speaking directly to a developer. Jargon is explicitly prohibited in the prompt instructions.

    If Gemini fails for any reason, the scan still completes successfully and returns all findings, scores, and recommendations without the AI advisory layer. The product degrades gracefully.

    # Prompt design philosophy
    role = "knowledgeable advisor speaking to a developer"
    tone = "plain English, no jargon, no formal report language"
    ranking = impact × ease_of_fix
    max_actions = 5
    fallback = "scan completes without AI layer if Gemini fails"
    09 — Data & Persistence

    Logs, reports, observability.

    DatabaseSupabase
    PostgreSQL
    Every completed scan logged including risk score, category scores, finding counts, scan duration, region, and full AI response. Enables future score trending and scan comparison.
    ReportsAWS S3
    Presigned URL
    Full scan report saved as JSON to S3 immediately after each scan. Presigned URL valid for one hour returned to the user. No authentication against Emfirge backend required.
    MonitoringAgentOps
    Every scan session tracked — success/failure rates, latency, and AI model performance. Each session marked Success or Fail depending on whether the scan completed without errors.
    10 — Security Design

    Secure by design.

    Every architectural decision in Emfirge is made with the assumption that the user's trust is the product. These are not afterthoughts — they are constraints that shaped the entire system.

    🔒
    Read-only by design
    The CloudFormation template grants only AWS managed ReadOnlyAccess. Emfirge cannot create, modify, or delete any resource in the user's account under any circumstances.
    🗄️
    No credential storage
    Temporary STS credentials are used once for the duration of the scan and never written to disk, database, or logs. The user's Role ARN is the only value stored — it carries no permissions on its own.
    ⏱️
    Automatic access expiry
    STS temporary credentials expire automatically. The user can additionally delete the CloudFormation stack at any time to permanently revoke access.
    🛡️
    Rate limiting
    The /analyze endpoint is rate limited to 2 scans per day per AWS account to prevent abuse and protect API costs.
    📦
    Non-root container
    The Docker container runs as appuser, not root, limiting the blast radius of any container-level vulnerability.
    11 — Conclusion

    Not a report. An advisor.

    Final Word
    Emfirge exists because the gap between nothing and enterprise is enormous and completely underserved.

    Millions of developers run AWS infrastructure every day with no visibility into what they have left exposed. They are not irresponsible — they simply have no tool that speaks their language, respects their time, and gives them actionable guidance they can act on today.

    Emfirge is that tool. Free, fast, plain English, and specific. Not a report. An advisor.

    In the upcoming days, more services and rules will be added with the support of other Cloud organizations.

    A
    Ansh Sonkar
    CS Student, Bennett University
    theanshsonkar