CloudGuard

An AI security copilot that detects cloud risks, reduces cost waste, and recommends fixes using Amazon Nova.

Comment

Inspiration

Cloud infrastructure is growing rapidly, but security teams often struggle to keep up with the scale and complexity of modern cloud environments. Misconfigured storage buckets, overly permissive network rules, and unused compute resources can quietly increase both security risk and operational cost.

While many tools provide dashboards or alerts, they rarely explain what to fix first or why it matters. Engineers often need to manually investigate logs, correlate alerts, and prioritize remediation.

We built CloudGuard to address this gap — an AI-powered cloud security copilot that continuously analyzes infrastructure, detects security risks and cost inefficiencies, and provides prioritized remediation guidance through natural language queries.

By combining Amazon Nova's reasoning capabilities with Elasticsearch analytics, CloudGuard acts like a virtual cloud security analyst that helps teams understand and improve their security posture in real time.

What it does

CloudGuard is a GenAI-powered Cloud Security Copilot that monitors and analyzes cloud infrastructure.

The platform:

• Scans cloud resources for security misconfigurations
• Detects cost waste from underutilized resources
• Calculates an overall security posture score
• Stores infrastructure findings in Elasticsearch for analytics
• Uses Amazon Nova 2 Lite to reason over infrastructure data
• Provides natural-language security recommendations

The dashboard provides several operational views:

  • Security Dashboard – overall posture score, severity distribution, and trend analysis
  • Findings Explorer – detailed security vulnerabilities across all resources
  • Cost Analysis – identifies idle infrastructure and wasted spend
  • System Logs – real-time engine output and detection events
  • AI Security Copilot – conversational interface for querying infrastructure risks

Users can ask questions like:

  • What should I fix first?
  • Which resources are exposing data publicly?
  • How much money are we wasting on idle servers?

The AI agent analyzes the indexed infrastructure data and generates prioritized, actionable recommendations.

How we built it

CloudGuard is built as a multi-layer cloud security analysis platform.

1. Data Generation Layer

A Python dataset generator simulates 290 AWS resources, including:

  • EC2 instances
  • S3 buckets
  • IAM users
  • Security groups
  • RDS databases

Intentional misconfigurations are injected to simulate real-world cloud security issues.

2. Security Rule Engine

A custom Python rule engine analyzes infrastructure data using 15 security detection rules, such as:

  • Publicly accessible S3 buckets
  • Security groups exposing SSH to the internet
  • IAM users without MFA
  • Databases without encryption
  • Underutilized EC2 instances

Each rule produces a finding with severity, description, remediation guidance, and business impact.

3. Risk Scoring System

CloudGuard computes an overall Security Posture Score using a weighted penalty model:

[ Score = max(0, 100 - (C \times 20) - (H \times 10) - (M \times 5) - (L \times 2)) ]

Where:

  • (C) = Critical findings
  • (H) = High severity findings
  • (M) = Medium severity findings
  • (L) = Low severity findings

This creates a simple 0–100 security health score that organizations can track over time.

4. Elasticsearch Analytics Layer

All resources and findings are indexed into Elasticsearch, enabling:

  • high-speed analytics queries
  • severity aggregations
  • infrastructure trend analysis
  • resource risk ranking

These indexed datasets also power the AI agent's reasoning tools.

5. AI Agent with Amazon Nova

The CloudGuard Copilot uses Amazon Nova 2 Lite through Amazon Bedrock to perform multi-step reasoning.

Each query follows a pipeline:

  1. Plan – Nova determines which tools to use
  2. Execute – Elasticsearch queries retrieve relevant findings
  3. Contextualize – results are combined into structured context
  4. Synthesize – Nova generates a prioritized explanation

This allows the agent to dynamically analyze infrastructure data and provide security insights on demand.

6. Web Dashboard

The frontend dashboard is built using:

  • React + TypeScript
  • Tailwind CSS
  • Recharts for data visualization

The interface includes:

  • Security posture overview
  • Findings explorer
  • Cost waste analytics
  • AI Copilot chat
  • Infrastructure scan logs

Challenges we ran into

Building CloudGuard involved several technical challenges.

Designing meaningful detection rules
We had to translate cloud security best practices into deterministic rules with realistic thresholds and meaningful severity levels.

Creating an interpretable risk scoring system
The scoring model needed to balance simplicity and usefulness while reflecting the real-world impact of different vulnerabilities.

Connecting AI reasoning with structured data
Integrating Amazon Nova with Elasticsearch required designing tools that return structured outputs Nova could reason over effectively.

Ensuring realistic infrastructure data
Simulated cloud resources had to resemble real AWS environments so the platform could demonstrate realistic findings.

Accomplishments that we're proud of

We are particularly proud of several aspects of CloudGuard.

  • Designing a multi-step AI agent architecture using Amazon Nova
  • Building a full-stack cloud security platform with analytics and visualization
  • Creating a security scoring model that translates complex risk into a simple metric
  • Combining security detection and cost optimization in a single system
  • Implementing a real-time conversational security copilot

Together, these components demonstrate how AI can move beyond static dashboards to actively assist engineers in managing cloud security.

What we learned

This project taught us several important lessons about building AI-powered systems.

We learned how agentic AI systems interact with external tools and data sources, and how structured data can significantly improve the quality of AI reasoning.

We also gained deeper insight into cloud security best practices, including IAM policies, network access control, encryption requirements, and infrastructure cost management.

Finally, we learned how combining analytics platforms like Elasticsearch with generative AI models like Amazon Nova can unlock powerful real-world applications.

What's next for CloudGuard

There are several exciting directions for expanding CloudGuard.

Future improvements could include:

  • Integration with real AWS accounts instead of simulated datasets
  • Automated remediation actions through infrastructure APIs
  • Machine learning–based anomaly detection for security events
  • Multi-cloud support for Azure and Google Cloud
  • Policy compliance frameworks such as CIS, SOC2, and NIST

Our long-term goal is to evolve CloudGuard into a fully autonomous cloud security assistant that continuously monitors infrastructure, explains risks, and helps organizations secure their systems proactively.

Built With

  • amazon-web-services
  • amazonnovalite
  • analytics-queries
  • and-ai-agent-endpoints-amazon-nova-2-lite-(amazon-bedrock)-?-multi-step-ai-reasoning-and-security-copilot-elasticsearch-?-infrastructure-indexing
  • elasticagentbuilder
  • elasticsearch
  • fakerpython
  • fastapi
  • python
  • react
  • recharts
  • scoring
  • tailwindcss
  • typescript
  • vite
Share this project:

Updates