Scout Agent

The observation layer that makes agentic action safe.

Read-only cloud environment discovery, connected to your governance record.

“An agent that acts before it can reliably observe is dangerous.”

Most of the agentic AI conversation in 2026 is about action — autonomous agents that fix, deploy, remediate, and configure on your behalf. Very little of it is about what has to come first: a reliable, verified picture of what is actually running in your environment. Scout is that picture. It is the foundation that every autonomous action capability AIM builds in the future will stand on — and without it, “agentic AI” is just an agent acting on bad assumptions.


What Scout does

Scout connects to your cloud account — AWS, Azure, GCP, or OCI — using read-only credentials you supply. It runs discovery across five resource categories and compares what is actually running against the documented baseline in your Pulse Sustainment Mode record.

🖥
Compute
EC2, Azure VMs, GCE instances, OCI Compute
🗄
Managed databases
RDS, Azure SQL, Cloud SQL, OCI DB Systems
📦
Object storage
S3, Azure Blob, GCS, OCI Object Storage
Serverless functions
Lambda, Azure Functions, Cloud Functions, OCI Functions
Container clusters
EKS, AKS, GKE, OCI Kubernetes Engine
🔍
Delta analysis
Live state vs. your documented PSM baseline

What Scout surfaces from each scan

Undocumented resourcesRunning in your account but not in your PSM baseline — the most common source of security incidents and compliance failures.
Public-access storageObject storage buckets or containers accessible without authentication.
Unencrypted databasesManaged database instances without encryption-at-rest enabled.
End-of-life runtimesLambda, Functions, or container runtimes past vendor support dates.
Inactive resourcesStopped, deallocated, or terminated instances still present in your account.
EOL database enginesRDS, Azure SQL, and Cloud SQL instances running unsupported engine versions.
Read-only, always. Scout never modifies, deploys, creates, or deletes anything in your environment. Every API call is a GET. There is no code path in Scout that writes to your cloud account.

Why “move fast and break things” does not apply here

That ethos was coined for consumer social media apps in 2008. The consequence of breaking things at a startup building a newsfeed was: some users had a bad day, you pushed a fix, you iterated. Low stakes. Reversible. Nobody got hurt.

The organizations AIM serves operate under a fundamentally different accountability structure. Here is what “breaking things” looks like for them when an autonomous agent acts without a verified observation layer:

Federal agency

Scenario: An autonomous agent misconfigures a security group in a FedRAMP-authorized system.

Consequence: Potential ATO violation. FISMA incident. Mandatory breach reporting to CISA within 72 hours. Possible suspension of the authorization to operate — which means the system goes offline until the agency completes a full re-assessment.

Healthcare system

Scenario: An agent auto-scales a database cluster and corrupts a table in the wrong account.

Consequence: PHI exposed. OCR investigation under HIPAA. Breach notification required to every affected patient within 60 days. Fines up to $1.9M per violation category per year. Potential class action.

Defense contractor

Scenario: An agent deletes what it classifies as an inactive resource that is actually a backup node for a classified pipeline.

Consequence: CMMC Level 2 or 3 incident. Potential DFARS clause violation (252.204-7012). Contract at risk. Prime contractor liability if the failure cascades downstream to a DoD program.

Financial institution

Scenario: An agent modifies a network ACL to remediate a finding — that ACL was there for SOX audit isolation.

Consequence: Material control deficiency. SEC disclosure obligation within 4 business days for public companies. Regulatory examination exposure. Potential restatement of internal controls.

None of these organizations can apologize in a blog post and push a hotfix. The blast radius of a wrong autonomous action in a regulated cloud environment is asymmetric and often irreversible. You can always choose to act later. You cannot un-expose patient data, un-file an SEC disclosure, or un-trigger a DoD program investigation.

The regulatory environment has also moved decisively in this direction. The EU AI Act requires human oversight and post-hoc auditability for high-risk AI systems. SEC cybersecurity disclosure rules require material incident reporting. State privacy laws create individual liability for data exposure. HIPAA, CMMC, FedRAMP, FISMA — every compliance framework AIM's customers operate under creates legal accountability for what autonomous AI does in their environment. “The agent acted on its own” is not a defense. It is an aggravating factor.


What makes Scout different from “agentic AI” products

1Deterministic findings — no LLM in the analysis pipeline

Every Scout finding is generated by rule-based code that compares real API data against your documented baseline. There is no Claude call, no model inference, and no probabilistic reasoning in the discovery or delta analysis path. A public S3 bucket is flagged because a deterministic check matched hasPublicStorage() against the resource metadata — not because a model thought it sounded risky. Findings are reproducible, auditable, and explainable without qualification. You can show a regulator exactly why a finding was generated. “The AI flagged it” is not an explanation. “The bucket had public ACLs enabled as of this timestamp” is.

2Read-only by architecture, not by policy

Most autonomous agent products are built to act and can be configured to read-only mode. Scout is built read-only from the ground up — there is no write path in the codebase, no provisioning API call, no mutation endpoint. The IAM policy you grant Scout only needs read permissions because that is all the code ever calls. This is not a guardrail on top of an action-capable system. It is a deliberate architectural choice about what this phase of the roadmap is for.

3Scoped to your organization's documented baseline

Generic cloud security scanners apply generic rules to generic cloud estates. An “undocumented resource” finding in Scout means something specific: this resource is running in your account and it is not in the system inventory your team documented in AIM. The comparison is between your live environment and your own record — not a benchmark, not a compliance template, not what some other organization documented. Scout knows your architecture because AIM built it.

4Findings connect to a governed workflow, not a dashboard

Most cloud security tools produce findings that land in a vendor dashboard and require a separate ticketing process to act on. A Scout finding can become a PSM Change Request with one click. That CR goes through your Change Control Board, gets voted on by the people you designated, gets attested when the change is implemented, and becomes part of your cryptographically signed, immutable audit record. The finding doesn't live in a separate tool. It lives in the same governance layer as every other operational decision your team has made about this system.


The roadmap: observation before action

Scout is Phase 2 on AIM's agentic roadmap. Every phase must be in place before the next one unlocks — because each phase depends on the accuracy and reliability of the one before it.

Phase 1
Complete
Context Data Foundation

Accumulate per-organization context from every assessment, recommendation, project event, and operational decision. This is the institutional memory the agent will eventually draw on.

Phase 2
Active
Scout Agent — Read-Only Environment Discovery

Connect AIM to your live cloud environment. Discover what is actually running. Compare it against what you documented. Surface the gap. This is Scout.

Phase 3
Roadmap
Supervised Execution

The agent proposes a specific remediation — "upgrade this RDS instance from PostgreSQL 13 to 16" — shows a confidence score based on Phase 1 outcome data, and executes only after a named engineer explicitly approves. Every proposed action is traceable to the observation that triggered it.

Phase 4
Roadmap
Autonomous Execution with Guardrails

Pre-approved change classes (patch versions, config updates, scaling adjustments within defined bounds) execute autonomously with rollback capability. Major version changes, migrations, and anything touching production data still require human approval.

Phase 5
Roadmap
Full Agentic Modernization

Autonomous technology stack modernization within a defined scope, backed by years of accumulated organizational context. The agent knows your organization's constraints, risk tolerance, past successes, and failure patterns — enabling recommendations and actions that are specific to you.

The sequential structure is intentional. Phase 3 cannot be safe without Phase 2 — you cannot propose reliable remediations for things you have not reliably observed. Phase 4 cannot be safe without Phase 3 — autonomous execution without a supervised phase means you have skipped the step where you find out what the agent gets wrong. This is not a slow roadmap. It is the only roadmap that produces an agent organizations in regulated industries can actually trust.

How Scout connects to Pulse Sustainment Mode

Scout is a capability within PSM, not a standalone tool. The connection is deliberate: the only thing Scout knows about what should be in your environment is what PSM says. And the only way a Scout finding creates a governed response is through the PSM Change Control Board.

1
Scout scans your live cloud environment
Read-only discovery across all connected providers.
2
Delta analysis produces findings
Deterministic comparison: live state vs. PSM as-built baseline.
3
Engineer reviews and converts to a Change Request
One click. The finding becomes a CR with full context pre-populated.
4
CCB reviews and votes
The right people in your organization decide what to do — not the tool.
5
Implementation + attestation
The Lead attests when the remediation is delivered. The loop closes.
6
Immutable audit record
Finding → CR → votes → attestation, all in the cryptographic audit log.

Common questions

Is Scout an AI agent?

In the loose sense the industry uses the term, yes — it is autonomous, it connects to external systems, and it produces structured outputs without human input at each step. In the more precise sense: no. Scout has no reasoning loop, no LLM calls, and no autonomous action capability. It is deterministic observation software connected to a governed workflow. Calling it an AI agent is technically accurate for the observation phase and somewhat misleading if it implies the action-capable phases that come later.

What IAM permissions does Scout need?

Read-only permissions for the five resource categories Scout discovers. On AWS: ec2:Describe*, rds:Describe*, s3:ListBuckets, s3:GetBucketAcl, lambda:ListFunctions, eks:ListClusters and related Describe actions. AIM recommends creating a dedicated IAM role with the minimum required policies — no write, no admin, no IAM permissions.

How are credentials stored?

Cloud provider credentials are encrypted at rest using AES-256-GCM. They are stored in your organization's row-level-secured database tables and used exclusively to make the read-only API calls you initiate. Credentials are never logged, never included in API responses, and never transmitted to any party other than the cloud provider API itself. See the Data & Privacy page for full retention details.

What cloud providers does Scout support?

AWS, Microsoft Azure, Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI). All four providers are supported with equivalent discovery scope — compute, managed databases, object storage, serverless functions, and container clusters.

Does Scout replace dedicated cloud security posture tools like Wiz or Prisma Cloud?

No — and it is not trying to. Those tools are deep, continuously running cloud security platforms with hundreds of policies, real-time alerting, and deep integration with CI/CD pipelines. Scout is scoped specifically to systems AIM already knows about, focused on the baseline-vs-live comparison, and connected to your PSM governance workflow. If your organization already has Prisma or Wiz, Scout adds governance continuity. If you do not, Scout provides a meaningful baseline capability without the six-figure annual cost.

Can Scout trigger automatic remediations?

No. This is a deliberate design choice, not a roadmap gap. Automatic remediation is Phase 4 on the agentic roadmap, and it only becomes available after Phase 3 (supervised execution with human approval) has been validated in production. The sequence exists for a reason: you cannot safely automate remediations for an environment you have not reliably observed, and you cannot safely automate remediations without first understanding what the agent gets wrong in a supervised context.


Related reading

See what's actually running in your environment.

Scout is available to Engineer, Admin, and Owner roles on any active Pulse Sustainment Mode record. Connect your first cloud account from the Scout tab inside any PSM.

Open your dashboard
Freedom AIM - Architectural Insight for Modernization