Somebody on your team is going to wire an AI agent into your cloud this year. The question stops being if, and starts being which one, and what can it touch.
xplainfra is the boring answer. It reads. It explains. It cannot write, cannot delete, and cannot exfiltrate your account. That's the entire pitch.
You won't stop AI from invading your cloud this year. You can pick which agent gets there first.
An AI agent is going to be wired into your AWS account this year. Maybe by a senior with admin keys. Maybe by a junior who saw a YouTube tutorial on the weekend. Maybe by the CTO who tried something at home and liked it. The shop is open. You're not closing it.
So make the first agent through the door the one that can't break anything, but still teaches your team what working with an AI agent in the wild actually feels like. On real AWS data. On real questions. With a real audit trail.
xplainfra is the agent your engineers, your security lead, and your leadership can all agree on. Use the safe one to learn what AI agents do for ops work. Decide what you want next, once you actually know.
Reads what they'd read, faster. Doesn't deploy on their behalf. Frees up the senior who keeps getting paged for the same five questions.
Read-only IAM. Unique ExternalId. 90-day conversation log, 365-day report archive. The "is this safe?" question has a written answer.
An AI agent in your cloud, with the policy answer already on file. A line on the AI register that isn't a prohibition.
It was called Kiro. They gave it operator-level permissions. They asked it to fix a small bug in Cost Explorer. It deleted the environment and tried to rebuild it from scratch.
A 13-hour outage hit an AWS region. The Financial Times broke the story two months later. Amazon called it "user error."
A second, near-identical incident followed weeks later with a different Amazon AI tool.
If the company that wrote AWS can't keep their own agent off the delete button, what do you think yours is going to do on a Friday afternoon?
It writes reads.
The IAM role plainfra assumes has "Effect": "Allow" on Describe, List and Get. It has nothing on Create, Put, Modify or Delete. You can read the CloudFormation template before you sign up. security.html
It decides suggests.
If a change needs making, xplainfra hands you the CloudShell command or the Terraform snippet, and a human runs it. Your team is still the one with their hand on the lever.
Your data leaves stays.
xplainfra is built in Australia and hosted in Sydney. The IAM role lives in your AWS account. Your inventory, your cost figures, your security posture, they all stay where they were. No US Cloud Act exposure on the data plane. No silent training on your account.
Most "AI agents for AWS" you can buy right now are forks. They take an open-source agent framework, bolt on AWS credentials, paint a logo on the front, and ship.
When the upstream framework decides production looks tidier deleted, the wrapper has no way to stop it. It was never the wrapper's design.
xplainfra is the other thing. We built the agent loop ourselves, from scratch, for one specific job: read your AWS account and explain what's happening.
We chose the IAM policy first. The agent came second. Every tool the agent can call, we wrote. Every guardrail, we wrote. There is no upstream "agent decides to clean things up" mode that someone forgot to disable, because we never built one.
Your IT department spends its days keeping the attack surface small. Closed ports. Removed roles. Decommissioned endpoints. Every vendor adds vector. The job is to add as little as possible.
xplainfra is the agent without the risk. The vector we add is the smallest one we could make and still do useful work.
Read-only role document. No write actions in the policy. You can diff it before you deploy it.
Unique ExternalId per customer. The role can only be assumed by xplainfra, only with your ExternalId.
No agent in your VPC. No VPN. No tunnel. No inbound path from us to anything you didn't explicitly create.
No write tool exists in the agent's tool surface. There is no toggle to enable, because we never built one to toggle.
Every prompt, every API call, every reply is logged. 90 days for conversations. 365 days for reports. Bring your own compliance question, we have the trail.
Not a transcript of a model talking to itself. xplainfra reaches into your AWS account through the scoped role, returns evidence, and explains what it found in language someone non-technical can act on.
Every API call shows up in the transcript. Every transcript is retained for 90 days. Every weekly report for 365.
Same agent, scheduled. A two-phase scan, then a written report. RED / AMBER / GREEN. The thing to do first. The thing that's resolved. The thing that's still drifting.
description Sample report (PDF)Production PostgreSQL is publicly reachable. sg-0a4f2c1d allows 0.0.0.0/0 on port 5432, open since 22 April.
NAT Gateway data processing is up $386 week-on-week. The nightly export started routing through nat-0f41a9e2, with no budget alert.
EKS prod-orders is on 1.32. Standard support ended 23 March 2026. Extended support billing now applies.
ACM certificate for api.acme renewed. 9 days remaining → 397 days remaining.
"Your first baby step into AI-based efficiency. We don't hand over the keys."
the xplainfra promise · est. 2026 · made in melbourne
Free trial. Company email. No card. The whole thing is read-only, so the worst case is you stop using it.