Coming soon · Join the waitlist

Ask Claude what's broken
in your AWS account

TroveSec scans your cloud environment and exposes findings as tools inside any MCP-aware AI assistant. Live in Claude Desktop today — ChatGPT and more next.

No spam. Early access only. Unsubscribe anytime.

No write permissions

Cannot modify, delete, or write to your Cloud resources. Ever.

Your data, isolated

Postgres, scoped per user · Never shared

Security-first

SOC2 Type II in progress · No third-party data sharing

Encrypted end-to-end

TLS 1.3 in transit · AES-256 at rest · No plaintext credentials stored

What TroveSec does

Scans your cloud account

Connects via a read-only IAM role. Runs 400+ security checks. Takes about 3 minutes.

Maps to SOC2 controls

Every finding is automatically mapped to the relevant SOC2 trust criterion — CC6.1, CC7.2, and so on.

Answers questions in Claude

Connects to your AI assistant over MCP — Claude Desktop today, ChatGPT and more next. Ask in plain English. Get real answers.

What it looks like in Claude Desktop

Claude Desktop — TroveSec MCP
What are my most critical AWS security findings right now?
U
C
I found 4 critical findings in your Production account:
  1. S3 bucket prod-user-uploads is publicly readable — enable Block Public Access
  2. IAM role deploy-bot has AdministratorAccess, unused for 142 days
  3. RDS prod-db has no encryption at rest (CC6.7)
  4. CloudTrail disabled in us-west-2 (CC7.2)
Which of these block my SOC2 audit?
U
C
All 4 are blockers. They map to:
CC6.1access controls ·CC6.7data protection ·CC7.2monitoring

Want me to generate a prioritised remediation plan with exact CLI commands?

Why not just use…

What makes TroveSec different

Enterprise CNAPP

vs Wiz / Orca

Self-serve. $299/mo. No 6-week procurement, no SE call, no enterprise contract.

Compliance automation

vs Vanta / Drata

Actually scans. They map questionnaires; we map real findings to SOC2 controls.

In-house tooling

vs DIY scripts

Maintained, opinionated, mapped to SOC2. Queryable from your AI assistant — not buried in S3.