Cloud security still feels heavily deploy → detect → respond, so I wanted to try flipping the workflow.
You connect an AWS account, Emfirge pulls infrastructure state across 18+ AWS services and builds a topology graph: SG → EC2 → IAM Role → S3 → RDS etc.
Then i keep two copies, One is real state and the other is Clone for mutations like staging environment for your security posture.
When you open a tf Pr I parse the diff, apply it to the clone and rebuild the graph, run BfS from internet. New path from internet to your database? Kinda this shows up in the PR comment before merge.
Same for simulation add any component of cloud and mutate on the actual Infrastructure.
