4. Security & Compliance

Scans Azure environments for security misconfigurations and applies hardening recommendations using Azure Security Center, Azure Policy, and ScoutSuite.

Automates detection and masking of Personally Identifiable Information (PII) to ensure conversational AI systems comply with privacy regulations like GDPR.

Evaluates post-quantum cryptographic algorithms to ensure systems are secure against quantum computing threats during migration to quantum-safe solutions.

Analyzes security events using threat modeling, attack surface analysis, and frameworks like MITRE ATT&CK to provide vulnerability insights and defense strategies.

Ensures code aligns with amplihack's ruthless simplicity, brick philosophy, and Zen minimalism through systematic review.

Automates accessibility compliance reviews for web content, code, and design against WCAG and WAI-ARIA standards using specialized sub-agents.

Enables secure service-to-service authentication using TokenX token exchange within the Nais platform.

Conducts comprehensive security audits including dependency scanning, unsafe code detection, and secret management to identify vulnerabilities before production deployment.

Provides safety protocols for AI coaching systems to detect mental health crises, trigger emergency escalation, and integrate hotlines.

Validates child agent permissions are equal to or more restrictive than parent permissions, ensuring secure inheritance without runtime enforcement.

Scans codebases for vulnerabilities, dependencies, and secrets, generating OWASP-compliant security posture reports.

Enables passwordless authentication with passkeys (WebAuthn), OAuth (Google, Apple), magic links, and cross-device sync for secure login flows.

Configures isolation profiles (strict, moderate, permissive) for agent containment and resource boundaries to enforce security boundaries.

Enforces HIPAA compliance for handling Protected Health Information (PHI) in code, activating audit logging and security event checks.

Generates legally compliant terms of service, privacy policies, and medical disclaimers for recovery apps, ensuring HIPAA, GDPR, and CCPA adherence.

Enforces runtime file system boundaries and tool access restrictions, blocking unauthorized operations and logging violations.

Performs comprehensive Android security assessments including static/dynamic analysis, traffic interception, and OWASP Mobile Top 10 vulnerability identification.

Performs comprehensive security testing on REST, GraphQL, gRPC, and WebSocket APIs, including OWASP API Top 10 vulnerability checks and authentication/authorization testing.

Scans IaC configurations for security misconfigurations and compliance across Terraform, CloudFormation, Kubernetes, and ARM templates.

Identifies vulnerable dependencies, checks license compliance, and assesses supply chain risks via Software Composition Analysis for package security auditing.

Performs multi-cloud security assessments across AWS, Azure, and GCP, including misconfiguration scanning, IAM policy testing, and privilege escalation analysis.

Tests LLM and AI applications for security vulnerabilities including prompt injection, jailbreaking, and guardrail weaknesses.

Conducts internal network and Active Directory penetration testing, including exploitation, lateral movement, and privilege escalation in Windows/Linux environments.

Orchestrates SAST tool execution, custom rule development, and vulnerability triage for static code analysis across codebases.