AWS Security,
Reimagined.

Plexavo scans for misconfigurations and privilege-escalation paths — open-source core, runs on your own credentials, no black box between you and the findings.

One email when hosted access opens. No spam, no sharing your address.

An open-source scanner, not a black box.

Point Plexavo at an AWS profile and it walks IAM, storage, logging, and networking for misconfigurations — including privilege-escalation chains most scanners don't chain together. The core is AGPL-3.0 and public, so every check is something you can read before you trust it.

Open-source core, AGPL-3.0
Runs on your own local credentials
Custom privilege-escalation detection
Low-noise, signal-first output

Built for people who'd rather read the code than trust a vendor.

No sales calls. No black-box agent running with standing access to your account.

Cloud security engineers

Auditing an AWS estate without paying for a platform you can't inspect, or waiting on a vendor's roadmap for a check you could write yourself.

DevOps & platform teams

Who want a fast, scriptable misconfig sweep before a release — something that runs in CI, not a dashboard someone has to remember to check.

Solo builders on AWS

Running production on a personal or small-team account and want enterprise-grade checks without an enterprise budget or an enterprise sales process.

The open-source core stays free. The hosted version adds the parts that need infrastructure.

Everything below is what the waitlist is for — the scanner itself already works today, right now, on GitHub.

01

Dual-mode AI narration

Plain-language explanations of every finding, no API key required.

02

Compliance tagging

Findings mapped to SOC 2, HIPAA, and PCI control references.

03

One-click auto-fix

Generate the exact IAM or config change to close a finding.

04

Active monitoring

Continuous scans instead of point-in-time, with drift alerts.

05

Risk prioritization

Rank findings by real blast radius, across every account you own.

Free, auditable, yours to run today.

The scanner core is public right now under AGPL-3.0. Read every check, run it against your own account, and open a PR if you find something worth adding.

$ pip install plexavo && plexavo scan --profile prod
View on GitHub Read the contributing guide
Licensed AGPL-3.0 · zero telemetry