Agent tools & MCP servers
Tool definitions, MCP server manifests, and agent permission scopes. The most common finding class in AI estates: tools that can do far more than the agent ever needs — excessive agency waiting for an injection to use it.
Research
After an incident, the real question is what in your code or configuration let it happen. Code audit is how IronSOC's structural recommendations become concrete: a reviewed finding, a PR-able fix, and a detection that fires if the pattern ever comes back.
Audit scope
We audit the code paths incidents actually trace through — ranked by the same risk model that drives detection, so effort goes where exploitation is likely, not where the checklist starts.
Tool definitions, MCP server manifests, and agent permission scopes. The most common finding class in AI estates: tools that can do far more than the agent ever needs — excessive agency waiting for an injection to use it.
Terraform, CloudFormation, and Kubernetes RBAC. Where an incident's root cause is a trust boundary that never existed, the fix is a diff to the IaC — segment the network, split the trust zone, retire the pattern.
Secrets handling, artifact provenance, and who-can-trigger-what. Pipelines are the highest-blast-radius code most organizations never review as an attack surface.
OAuth grant flows, token lifetimes, service-account key hygiene, and session handling. The audit traces what a stolen credential could actually reach, not what the diagram says it should.
What a finding becomes
Every finding lands as a specific change to specific code or config — reviewable, revertable, and owned. Not 'improve secrets hygiene'; a diff.
Alongside the fix, a detection ships that fires if the vulnerable pattern reappears — in a new repo, a new pipeline, a new agent. The audit keeps working after the engagement ends.
Structural findings feed the daily analysis. If the same root cause keeps producing incidents, the recommendation escalates in every report until the fix ships. It does not get tired of asking.
Our own code
An auditor whose own code is unreviewable has no standing. Ours is built to be inspected.
Honest status
Code audits run inside engagements, tied to real incidents and real estates. There are no public audit reports yet, and we will not list anonymized “selected findings” that cannot be verified. When a customer approves publication, it appears here.
Scope an audit