Cloudanix Joins AWS ISV Accelerate Program
Text2SQL · over your security graph

Ask your cloud what's wrong.
In English.

Type the question you'd ask a senior cloud engineer if they were sitting next to you — "every public S3 bucket in production touched by a service account that can assume into the data lake" — and get the answer in seconds, with rows you can pivot, export, and act on. Text2SQL for fast questions. Visual builder for repeatable queries. SQL still open for power users.

✓ Across AWS · Azure · GCP ✓ One graph, three modes of asking ✓ Human reviewable, SQL transparent
cloudanix · ask · live
ask> show me every rds instance in production with no encryption-at-rest|
SQL · auto-generated
SELECT account, region, db_instance_id, engine, created_at
FROM rds_instance
WHERE environment = 'prod'
  AND encryption_at_rest = FALSE
ORDER BY created_at DESC;
results · 4 rows
accountregioninstanceengine
prod-fintechus-east-1billing-3postgres
prod-fintechus-east-1analytics-7aurora-pg
prod-indiaap-south-1kyc-shadowpostgres
prod-eueu-central-1events-mirrormysql
English → SQL → graph → rows. One pane.
The problem

Most security questions never get asked because they're too hard to ask.

"Which IAM roles can reach PII storage through a chain of assume-role, and were any of them used by a service account that hasn't authenticated in 30 days?" is a reasonable question. In most tools it's a 4-day SIEM project or never gets asked. The barrier isn't the data — it's the syntax. We removed the syntax.

Three modes

Pick the mode that fits the question.

01

Text2SQL — for fast, conversational questions

Type the question. Cloudanix translates to SQL against the graph schema, executes, returns rows. SQL is always visible — you can verify it, edit it, save it as a saved query, share it.

try "Find me iam roles with no MFA whose last login was inside the last hour"
02

Dynamic Query Builder — for repeatable, composable queries

Visual filter composer. Drag-and-drop predicates ("public_read = true", "has_attack_path = true", "environment = prod"). Save as a custom dashboard tile or scheduled report. Same graph, same engine — just a different surface.

try s3.public_read = true AND s3.has_attack_path_to_pii = true
03

Raw SQL — for power users

Drop into a SQL editor with the full graph schema autocomplete, query history, saved-query namespacing, and the ability to schedule queries and pipe results to webhook / S3 / Slack. For your senior security engineers who think in joins.

try SELECT … FROM iam_role JOIN reach_path …
Real queries

Six questions you can actually ask.

These are real, working English queries from customer environments.

Inventory

"Show me every S3 bucket in production with public read on, not encrypted with a customer-managed key"

Returns: account, region, bucket name, encryption status, public-access-block status. Pivot to attack-path view to see if any are reachable from external identities.

Identity

"Which IAM roles can assume into our data-lake account and haven't been used in 60+ days?"

Returns: source account, role name, last activity, target account, target role. Candidate list for safe deprovisioning.

Posture

"List every Kubernetes ServiceAccount with a workload-identity binding to an AWS IAM role"

Returns: cluster, namespace, SA name, IAM role ARN, attached policies. Foundation for K8s-to-cloud privilege auditing.

Detection

"Find me all CloudTrail events in the last 24 hours where a console user changed an SCP from a flagged ASN"

Returns: timestamp, user, principal, change type, source IP, ASN flag context. Top-of-funnel for SOC investigation.

Compliance

"Show evidence for RBI control 7.2 — encryption at rest across our India workloads"

Returns: control description, applicable resource types, current pass/fail count, list of non-compliant resources. Pipe to compliance report.

Code-to-Cloud

"Which production EC2 instances were deployed from the payments-svc repo in the last week?"

Returns: instance, instance launch time, source commit, PR number, deployer, the chain back to code. Lineage view for incident scoping.

What Our Users Are Saying

Customer Reviews

Cloudanix is trusted by security leaders worldwide to deliver proactive, reliable, and cutting-edge cloud security.

One day, I changed the password of a root account, and my CTO called me within less than a minute to confirm if I did so. I was not expecting a reaction this quick. He told me Cloudanix alerted him of this password change and that he wanted to confirm as it was a critical security notification. I couldn't believe it!

Ritesh Agarwal
Ritesh Agarwal
CEO, Airgap Networks

Compliance is one way of staying secure, but what I want is the ability to go deeper and attain 'true security.' Cloudanix provides us the capability to do so.

Vishal Madan
Vishal Madan
Head of Engineering, iMocha

Cloudanix is building for the future of the cloud, which makes the product all the more desirable.

Ritesh Agarwal
Ritesh Agarwal
CEO, Airgap Networks

Cloudanix gave us the visibility we were missing. Being able to move from permanent access to a robust Just-In-Time (JIT) workflow has fundamentally changed our security posture without slowing down our engineering velocity.

Pavan Kumar Lekkala
Pavan Kumar Lekkala
SRE Lead, HugoHub

We are excited to leverage Cloudanix's comprehensive multi-cloud DevSecOps solution to secure our production workloads on AWS. Cloudanix has demonstrated that it can solve many challenges that DevSecOps teams face while continually adding new features such as SOC2 compliance and drift detection.

Satish Mohan
Satish Mohan
Co-founder & CTO, Airgap Networks

Managing third-party partner access was once a major concern for our security posture. With Cloudanix JIT Cloud, we've effectively achieved zero third-party risk. We can now grant access confidently, knowing that it is temporary, audited, and automatically revoked, resulting in a 100% reduction in our privileged access exposure.

Okesh Badhiye
Okesh Badhiye
Head of Technical Engineering, Finfinity

The snooze feature and responsible alerts have helped us save time and prioritize what to tackle first.

Satish Mohan
Satish Mohan
Co-founder & CTO, Airgap Networks

Implementing Cloudanix JIT internally allowed us to practice what we preach. By eliminating permanent access to our own clouds and databases, we've neutralized the risk of standing privileges, ensuring our own 'keys to the kingdom' are never left exposed.

Girish Manghnani
Girish Manghnani
Managing Partner, Tech Inspira

The problem with permissions is a lot of times, the gaps are left open due to oversights from inside the organization itself. With Cloudanix's CIEM, we get a complete view of user permissions and access. This enables us to update the permissions, reducing the attack surface.

Nilesh Pethani
Nilesh Pethani
Application Architect, iMocha

In the world of Fintech, trust is our currency. Cloudanix provided the frictionless visibility we needed to secure our EKS workloads across AWS, ensuring we stay audit-ready for SOC2 and GDPR without slowing down our engineering velocity.

Amol Naik
Amol Naik
Head of Security & Infrastructure, HugoHub

Cloudanix delivered value within 5 minutes of onboarding. Continuous monitoring, timely detection, and excellent documentation helped us attain a great cloud security posture.

Divyanshu Shukla
Senior DevSecOps, Meesho

Technology strategies and business strategies are in a state of constant change which includes centralization and decentralization of responsibilities. Regardless of strategic shift, we still have intellectual property to protect. Cloudanix are critical partners for us in our public cloud security posture across our three cloud providers.

Jerry Locke
Jerry Locke
Senior Director Global Solutions Engineering, Eversana

Cloudanix has been amazing. They opened up a common Slack channel with us — and it feels like we are talking to our own team and getting things done with Cloud security. The support team is always available, friendly, helpful, and ready to go out of their way.

Satish Mohan
Satish Mohan
CTO, Airgap Networks

Beyond just access management, Cloudanix CSPM has given us a unified view of our AWS environment. The real-time alerting and anomaly detection allow us to prevent any untoward activity before it happens, which is critical for a marketplace connecting 50+ financial institutions.

Okesh Badhiye
Okesh Badhiye
Head of Technical Engineering, Finfinity

For a Fintech company, data is our most valuable — and most sensitive — asset. Cloudanix DAM hasn't just improved our visibility; it has given us control. The ability to mask data and prevent unauthorized queries in real-time is a game-changer for our compliance and customer trust.

Jiten Gala
Jiten Gala
President Engineering and Product, Kapittx

Our clients, especially in the Middle East financial sector, demand absolute accountability. Cloudanix JIT Cloud has been a competitive differentiator for us, allowing us to provide secure, governed access to customer accounts that meet their strictest audit and compliance requirements.

Girish Manghnani
Girish Manghnani
Managing Partner, Tech Inspira

Cloudanix is always on my team's lips because of its exceptional support. Be it a small or big query, Cloudanix has gone above and beyond to resolve them. This one's a keeper for us.

Sujit Karpe
Sujit Karpe
CTO, iMocha

For a long-lasting partnership, great support goes a long way. Cloudanix has delivered exceptional support whenever required. Their edge is their team is always ready to go beyond to solve any issues that we have. This speaks volumes about the culture at Cloudanix.

Akash Maheshwari
Akash Maheshwari
Co-founder, MoveInSync

Beyond the technology, Cloudanix feels like an extension of our own team. Their willingness to stand up a dedicated Middle East tenant for us and provide exceptional support at a sensible price makes them a long-term partner for Hugosave.

Surya Tamada
Surya Tamada
CTO, HugoHub

The real-time notifications that Cloudanix provides are a real lifesaver. Their adaptive notifications ensure that my team stays productive and doesn't get interrupted all the time.

Digvijay Singh
Staff Security Engineer, Meesho

The whole point in technological evolution is to help improve the world we live in. We must protect that and to do so requires an effective and efficient security strategy. The Cloudanix team helped make our public cloud security posture management strategy a reality. The symbiotic relationship we have allows for a continuous feedback loop which is how business should operate.

Larry Wheat
Larry Wheat
Staff Solutions Engineer, Eversana
Common questions

Asking, asked plainly.

Does Text2SQL send my cloud data to an LLM?

No. Text2SQL translates your question into SQL — the LLM sees the question and the schema, not your data. The generated SQL then executes against your graph inside Cloudanix's normal data plane, and the rows come back to you directly. The LLM never sees customer rows. Per-tenant model boundaries and the default model surface are documented in the standard DPA on enterprise contracts.

What if the LLM gets the SQL wrong?

The SQL is always visible — you see it before the query executes, and you can edit it freely. If a generated query doesn't match what you meant, edit a token, rerun. If you frequently re-edit the same kind of question, save the corrected query as a named template — Cloudanix learns your team's vocabulary over time within your tenant.

Can I save queries and schedule them?

Yes. Any query — Text2SQL-generated, DQB-built, or raw-SQL-authored — can be saved into your tenant's query library, namespaced by team, scheduled to run on a cadence, and configured to pipe results to webhook / S3 / Slack / email / Jira. Saved-query versions track diffs, so you can see how a question's logic has evolved.

Can my team use SQL directly without Text2SQL?

Yes — SQL is a first-class surface, not an escape hatch. The query editor has full graph-schema autocomplete, query history, and execution plan visibility. Many senior security engineers prefer SQL because the question they want to ask is too specific or too multi-step for natural language. Both surfaces hit the same engine.

What's the schema like?

The graph schema mirrors the resource types Cloudanix discovers across cloud providers, with common abstractions (compute_instance, storage_object, identity_principal, network_endpoint) plus cloud-specific tables (rds_instance, eks_cluster, azure_blob, gcs_bucket, etc.). Relationships are first-class — joins between an identity, the role it can assume, the resource that role can reach, and the data classification of that resource are all single-statement queries.

Can I use this for compliance evidence generation?

Yes. The query library includes pre-built evidence queries for the major compliance frameworks (SOC 2, PCI, HIPAA, ISO 27001, plus DPDPA / RBI / SAMA / IRDAI for regional regulators). Each can be scheduled, results exported to PDF / CSV / Confluence-friendly format, and attached as audit evidence. Custom evidence queries for internal frameworks are first-class too.

Related

What "ask" sits on top of.

Foundation

Cloud inventory

The continuous, multi-cloud asset graph that every query reads from.

Read →
Capability

Attack-path analysis

How graph queries become prioritized stories: who can reach what, and how.

Read →
Position

LLM-native security

How LLMs are used elsewhere in the product — and where humans stay in the loop.

Read →

Ready to see your graph?

Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.

Book a Demo