INFRAVEILLive demo →
● Free tool · runs in your browser · nothing uploaded

What can your AI agent actually destroy?

Paste an agent's IAM policy, tool list, or config and get its blast radius — exactly what it can delete, exfiltrate, spend, or execute if it misbehaves or gets compromised. Every check runs on your device.

0
blast radius
ℹ️Heuristic scan of the text you pasted — a fast first read of capability, not a full IAM/security audit. Lower is more contained.
🔒 100% client-side · your policy never leaves this page

What "blast radius" means for an AI agent

When you hand an AI agent credentials and tools, you're defining the worst thing it can do — on its best day and its worst. The agent that can read a metric is a rounding error. The agent that holds a wildcard IAM policy and a run_shell tool can delete your database, read every secret, and spend your money — and it will, the one time it reasons its way into a bad plan. Blast radius is that worst case, made explicit.

The capabilities that widen it most

How to shrink it

Scope to least privilege (kill wildcards and admin), strip destructive and financial tools the agent doesn't strictly need, never hand it raw production credentials or a shell, and — the highest-leverage move — put a control plane with a human-approval gate between the agent and anything destructive or production-changing. The agent proposes; a human approves; everything is scoped, recorded, and reversible.

This maps the blast radius. Infraveil contains it.

Infraveil is a control plane you run on your own servers. Agents act through it — never with raw production credentials — and every destructive, financial, or production-changing action stops at your approval gate, scoped to least privilege, written to a tamper-evident audit trail, with one-click rollback. The blast radius you just mapped becomes something the architecture won't let detonate.

See the live demo →

Frequently asked questions

What is an AI agent's blast radius?

The worst-case damage it can do if it misbehaves or is compromised — everything its permissions and tools allow: delete data, read secrets, move money, execute code. This tool scores it.

How do I reduce it?

Least privilege (no wildcards/admin), remove tools it doesn't need, no raw prod creds or shell, and gate destructive/production-changing actions behind human approval. That's what Infraveil does →

Is it safe to paste my IAM policy?

Yes — everything runs in your browser. Nothing is uploaded or logged; it works offline.

What's the most dangerous single permission?

A wildcard Action: "*" / AdministratorAccess — it grants delete, secret-read, spend, and execute all at once. Paired with shell access, it's the setup behind most AI-agent-wrecked-prod incidents.