Fog Security revealed methods to evade AWS Trusted Advisor's S3 security checks, allowing public access to S3 buckets without triggering alerts. Despite reporting these issues to AWS, initial fixes were incomplete, leading to continued inaccurate assessments of bucket security. Their communication regarding the problem's severity was also criticized as insufficient.

AWS default IAM roles have been identified as posing security risks, enabling unauthorized access and potential data breaches. Researchers discovered that these roles could allow malicious actors to exploit vulnerabilities in cloud environments. Immediate action is recommended to review and tighten role permissions to enhance security.

The tool analyzes IAM Role trust policies and S3 bucket policies in AWS accounts to identify third-party vendor access. It uses a reference list of known AWS accounts to highlight potential vulnerabilities, such as IAM roles lacking the ExternalId condition, and generates a detailed markdown report of the findings. Users can customize trusted accounts to differentiate between internal and external access.