Connecting the Cloud-Dots: Constructing a Knowledge Layer from Autonomous Attack Simulation
Itay Gabbay
fwd:cloudsec Europe 2025 · Day 1 · Main Room
Itay Gabbay, CTO and co-founder of **Brava Security**, introduced **CloudDots**, an open-source research system that uses AI-driven autonomous agents to simulate cloud attacks across AWS, Azure, and GCP, capture the resulting telemetry, and build a knowledge base mapping every cloud event to the specific attack techniques that trigger it. The tool addresses a fundamental problem in cloud detection engineering: without knowing exactly what an attack looks like in your logs, defenders are reduced to guesswork. CloudDots provides the empirical mapping — complete with MITRE ATT&CK alignment, timing characteristics, and signal fidelity scores — that turns cloud detection from art into engineering.
AI review
A genuinely useful tool and research system that addresses a real gap in cloud detection engineering. The empirical mapping between attacks and telemetry — including undocumented APIs, silent documented APIs, and signal fidelity scoring — provides the kind of ground-truth data that detection engineers have been building by hand. The Azure audit log blind spots for console read operations are a particularly concerning finding.