Privacy-first AWS security in your AI: attack paths & fix simulation, IDs never sent to the LLM.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-theanshsonkar-emfirge": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Privacy-first AWS security in your AI: attack paths & fix simulation, IDs never sent to the LLM.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationBe the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in cloud
MCP Server for GCP environment for interacting with various Observability APIs.
⚡ A Simple / Speedy / Secure Link Shortener with Analytics, 100% run on Cloudflare.
IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.
Apideck Unified API MCP — 229 tools across 200+ SaaS connectors (accounting, HRIS, file storage).
MCP Security Weekly
Get CVE alerts and security updates for io.github.theanshsonkar/emfirge and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Privacy-first AWS security, inside your AI.
Trace attack paths from the internet to your sensitive data, calculate blast radius, and prove fixes before you apply them — without your resource IDs ever reaching the LLM.
[Website][website] · [Source][repo] · [MCP Registry][registry] · [Privacy][privacy] · [Report an issue][issues]
Your AI can read your code, but it can't see your cloud. Emfirge fixes that. It scans your live AWS account, builds a graph of every resource and how they connect, then lets your assistant walk attack paths, simulate breaches, and verify fixes — all from a conversation.
The AI never guesses. Emfirge clones your infrastructure graph, applies the change, and re-runs 58 deterministic rules. Your assistant reads back what the engine proved.
| 🕸️ Graph-based | Maps every AWS resource and relationship — not isolated resource linting like Checkov/tfsec. |
| 🎯 Attack paths | Weighted-Dijkstra routes from the internet to your data, ranked by exploit difficulty, not hop count. |
| 💥 Blast radius | See exactly what an attacker reaches once they land on a resource. |
| 🔒 Privacy-first | Resource IDs are tokenized on your machine before anything reaches the LLM. The mapping never leaves. |
| ✅ Proven fixes | Clone the graph → apply the change → re-run every rule → diff. A real simulation, not a hunch. |
| 📋 Compliance | CIS AWS Foundations 1.5 + SOC 2, per-control pass/fail, mapped to MITRE ATT&CK. |
npx @emfirge/mcp install
Auto-detects and wires up Claude Desktop, Cursor, Kiro, Cline, Continue, and Codex CLI, then asks you to pick a privacy mode. Restart your client and just ask:
"Scan my AWS account, role
arn:aws:iam::123456789012:role/EmfirgeReadOnly, region us-east-1"
No role yet? Say "help me set up Emfirge" — your assistant hands you a one-click CloudFormation deploy link for a read-only IAM role.
Free. 5 scans/day per AWS account. No signup. No API keys.
Use the demo ARN — fake infrastructure, the real engine:
arn:aws:iam::194722410583:role/EmfirgeReadOnly region: us-east-1
"Scan with
arn:aws:iam::194722410583:role/EmfirgeReadOnlyinus-east-1"
Want a visual graph instead? [emfirge.cloud][website] — same engine, browser UI, free during beta.
| Tool | What it does |
|---|---|
emfirge_setup_help | Returns a clickable CloudFormation deploy link (for first-time setup). |
emfirge_scan | Scan an AWS account — returns risk score, finding counts, and an analysis_id. |
emfirge_get_findings | Full findings list for a scan, filterable by severity. |
emfirge_attack_paths | Attack paths from the internet to internal resources, plus chokepoints. |
emfirge_verify_fix | Simulate a fix and see the real score delta — no changes to your AWS. |
emfirge_check_compliance | CIS AWS Foundations / SOC 2 per-control status. |
emfirge_simulate_breach | Full kill-chain walkthrough — attack stages, blast radius, follow-up moves. |
All seven tools are deterministic on the backend — no LLM calls inside the MCP path.
Your host LLM (Claude / Cursor / etc.) is the only AI in the loop, and in strict mode it
only ever sees tokenized data.
In strict mode (the default), every AWS identifier is tokenized locally before it
reaches your LLM:
What the LLM sees: "SG_001 has SSH open → reaches S3_001"
What's on your disk: SG_001 = sg-0a1b2c3
... [View full README on GitHub](https://github.com/theanshsonkar/emfirge#readme)