Feature · Remediation

AI Remediation

From a red control to a fix you can click.

For any control that isn't passing, our trained AI model proposes a remediation — a plain-English risk assessment, the exact commands, and a validated, guided runbook — then ATAC executes it in the target account only after you approve. The model proposes; the platform validates.

From a red control to resolved — step by step

Here's exactly what happens the moment you pick a failing control to fix.

01

Start from the real failure

ATAC has already pulled the actual cause — the misconfiguration, or the CloudTrail event behind it — so you're fixing the real thing, not chasing a vague flag.

02

Why it's wrong, and how to resolve

A plain-English explanation of why the control failed and what "good" looks like — so you understand the gap, not just patch it.

03

Can you take it back?

Every proposed change gets a blast-radius rating — is it destructive, and can you roll it back? You see the risk before you touch anything.

04

The exact command — and the undo

ATAC hands you the precise CLI to make the change, plus a ready-to-run rollback in case anything looks off.

05

Run it your way

Approve it and ATAC executes the validated fix for you through a guarded, least-privilege path — or take the commands and run them yourself. Either way, it's approve-first and logged.

06

AI assists; you decide

The AI guides you through all of it, but you stay in control — armed with everything you need to move faster than ever before.

Approve-first, always

Remediation touches your live environment, so every safeguard is on by default.

  • Nothing executes without an explicit click — there is no auto-remediation.
  • The server reloads and re-validates the runbook at execution time and never trusts a client-supplied document.
  • Target accounts must be on an allowlist before anything can run against them.
  • Every execution is written to an immutable audit log.

Deterministic backbone, AI assist

AI makes remediation fast; deterministic rules make it safe.

  • The AI proposes the fix, but server-side rules constrain it so it can't produce an invalid or unsafe action.
  • A runbook is confirmed to resolve before it's ever offered to you.
  • AI-drafted language is treated as a plan — it never silently becomes your system of record.

Least-privilege scanner — fix the policy, not just the finding

AC-6 is one of the most-failed controls in any federal program. ATAC walks every customer-managed access policy, finds the over-broad grants, and proposes a narrowed policy per policy — written by our trained AI model from the policy's actual usage.

  • Per-policy walker — not just "flag the user" but "here's the narrowed policy you should ship".
  • AI proposal is bounded to the permissions the policy actually exercises — no guessing, no over-correction.
  • One-click Remediate appears directly on every priority card, so the fix flow is one click from the finding — no hunting through tabs.
  • Four vetted auto-fix patterns ready to run today (S3 encryption, public-access blocks, least-privilege narrowing, and identity hygiene).

A curated catalog, not a free-for-all

Every fix ATAC will run was vetted before it ever appeared as an option.

  • A library of safe-remediation patterns (e.g. enable S3 default encryption, block public access) — each with impact + idempotence notes baked in.
  • Re-runs are safe by design — the same fix run twice never compounds, and the change is shown before anything is applied.
  • Every executed fix is written back as a manual evidence row tagged AU-12 (Audit Record Generation) — the fix itself becomes part of the audit story.
  • Per-control remediation history: a time-ordered log of every fix run against the control. “When did we fix this last” is one tab.

It works on everything in view

Because Security Hub findings are normalized alongside ATAC's own checks, the same remediation flow covers them too.

  • Any failing control surfaces a "How to Remediate" path on its card.
  • Proposals are cached so re-opening a fix is instant.

See it on your own environment.

Install ATAC, click scan, and watch your controls come to life — agentless, serverless, and free until you run it.

Request a demo