Cloud IAM: measure blast radius, not policy count
The security of a cloud account isn't the sum of its policies; it's the reachability graph they create.
Taking shape. Has structure and at least one real source or experiment.
Most cloud security reviews audit policies one at a time. But identities compose: role A can assume role B, B can write the deployment bucket, the deployment touches everything. The real object of study is the graph, and the metric that matters is blast radius: from this credential, what is transitively reachable?
Working hypotheses:
- Privilege escalation in the cloud is usually a path-finding problem, not a misconfiguration problem. Each edge looked reasonable in isolation.
- Defaults are destiny. The service roles a platform hands out for free define the ambient blast radius most orgs never look at.
- The fix is rarely “tighten this policy” and usually “cut this edge.”
This is systems thinking in its purest form: emergent reachability from locally sensible rules. It’s also why I rank capability confinement first in prompt-injection-is-untrusted-input: an AI agent is just another identity in the graph, and its credentials define what a successful injection is worth.
Current experiment: building a small crawler that renders an account’s identity graph and scores nodes by reachable-resource count. Status lives on the public quest log. Notes will graduate here as it grows.
Paths that lead here
- Prompt injection is an untrusted-input problem wearing a new costume · We've spent thirty years learning to separate code from data. LLMs gleefully merge them again.
- The attacker's mindset is systems thinking · Attackers don't break rules; they discover that the rules compose differently than the designers believed.
- Threat-modeling this garden · Eating my own dog food: a security person's website should survive its own methodology.
- You will never know enough, and that's the job · Imposter syndrome in security isn't a character flaw; it's an accurate readout of an unbounded field, misfiled as a personal deficiency. The fix is a traversal strategy, not more knowledge.
Where this note points
- The attacker's mindset is systems thinking · Attackers don't break rules; they discover that the rules compose differently than the designers believed.
- Prompt injection is an untrusted-input problem wearing a new costume · We've spent thirty years learning to separate code from data. LLMs gleefully merge them again.
- Learning in public · The operating philosophy of this whole garden: publish the process, not just the conclusions.