SOC 2 · AWS · AI/Agentic Risk

Know your SOC 2 posture.
Including your AI stack.

Flintwood delivers automated monthly SOC 2 readiness reports for AWS environments — with a dedicated AI and agentic tool risk layer your auditor hasn't seen before.

Request a free pilot report See how it works →

Continuous readiness. Not a one-time snapshot.

🔍

Read-only AWS scan

Deploy a single read-only IAM role via CloudFormation or Terraform. We assume it monthly — nothing runs in your account.

📋

SOC 2 TSC mapping

Every finding maps to Trust Service Criteria: CC6 access controls, CC7 operations, CC8 change management, and more.

📈

Month-over-month drift

See exactly what changed: new gaps, resolved findings, regressions. Your readiness score trends over time.

✅

Human-reviewed delivery

Every report is reviewed before it reaches you. No raw scanner output. Context, severity, and prioritized remediation.

Flintwood exclusive

The AI risk layer your auditor
doesn't have a checklist for yet.

Every month we analyze your AI and agentic footprint: over-permissioned Bedrock roles, autonomous Lambda chains, unlogged model invocations, shadow AI usage, and more.

As your AI stack grows, so does your attack surface. Flintwood tracks it before your auditor asks about it.

Bedrock and SageMaker access control gaps
Agentic IAM role over-permission detection
Shadow AI usage via CloudTrail analysis
Missing human-in-the-loop controls
AI training data access logging

CRITICAL

Agent role bedrock-agent-prod has bedrock:InvokeModel on * with S3 write access and no MFA condition.

HIGH

Bedrock model invocation logging is disabled. No audit trail for model calls in production.

MEDIUM

3 Lambda functions with AI invocation permissions are not tagged as AI workloads.

Know your SOC 2 posture.Including your AI stack.