Skip to main content
2026-03-05
  1. Say hello to new more AI-SPM checks: We’ve shipped 86 new checks across Amazon SageMaker and Amazon Bedrock, covering encryption, IAM privileges, network exposure, and runtime configuration.
  • [PLERION-AWS-919] SageMaker AutoML job is encrypted with AWS-owned key
  • [PLERION-AWS-920] SageMaker feature group is encrypted with AWS-owned key
  • [PLERION-AWS-921] SageMaker model card is encrypted with AWS-owned key
  • [PLERION-AWS-922] SageMaker domain is encrypted with AWS-owned key
  • [PLERION-AWS-923] SageMaker training job is encrypted with AWS-owned key
  • [PLERION-AWS-924] SageMaker transform job is encrypted with AWS-owned key
  • [PLERION-AWS-925] SageMaker processing job is encrypted with AWS-owned key
  • [PLERION-AWS-926] SageMaker hyperparameter tuning job is encrypted with AWS-owned key
  • [PLERION-AWS-927] SageMaker compilation job is encrypted with AWS-owned key
  • [PLERION-AWS-928] SageMaker data quality job definition is encrypted with AWS-owned key
  • [PLERION-AWS-931] SageMaker endpoint config is encrypted with AWS-owned key
  • [PLERION-AWS-932] SageMaker flow definition is encrypted with AWS-owned key
  • [PLERION-AWS-933] SageMaker geospatial earth observation job is encrypted with AWS-owned key
  • [PLERION-AWS-934] SageMaker geospatial vector enrichment job is encrypted with AWS-owned key
  • [PLERION-AWS-935] SageMaker inference experiment is encrypted with AWS-owned key
  • [PLERION-AWS-936] SageMaker inference recommendations job is encrypted with AWS-owned key
  • [PLERION-AWS-937] SageMaker labeling job is encrypted with AWS-owned key
  • [PLERION-AWS-938] SageMaker model bias job definition is encrypted with AWS-owned key
  • [PLERION-AWS-939] SageMaker explainability job definition is encrypted with AWS-owned key
  • [PLERION-AWS-940] SageMaker model package is encrypted with AWS-owned key
  • [PLERION-AWS-941] SageMaker model quality job definition is encrypted with AWS-owned key
  • [PLERION-AWS-942] SageMaker monitoring schedule is encrypted with AWS-owned key
  • [PLERION-AWS-943] SageMaker notebook instance is encrypted with AWS-owned key
  • [PLERION-AWS-944] SageMaker optimization job is encrypted with AWS-owned key
  • [PLERION-AWS-946] SageMaker user profile is encrypted with AWS-owned key
  • [PLERION-AWS-947] Bedrock automated reasoning policy is encrypted with AWS-owned key
  • [PLERION-AWS-948] Bedrock data source is encrypted with AWS-owned key
  • [PLERION-AWS-949] Bedrock evaluation job is encrypted with AWS-owned key
  • [PLERION-AWS-950] Bedrock flow is encrypted with AWS-owned key
  • [PLERION-AWS-951] Bedrock imported model is encrypted with AWS-owned key
  • [PLERION-AWS-952] Bedrock model copy job is encrypted with AWS-owned key
  • [PLERION-AWS-953] Bedrock model customization job is encrypted with AWS-owned key
  • [PLERION-AWS-954] Bedrock model import job is encrypted with AWS-owned key
  • [PLERION-AWS-955] Bedrock prompt is encrypted with AWS-owned key
  • [PLERION-AWS-956] Bedrock session is encrypted with AWS-owned key
  • [PLERION-AWS-957] SageMaker algorithm has admin privileges
  • [PLERION-AWS-958] SageMaker AutoML job has admin privileges
  • [PLERION-AWS-959] SageMaker cluster has admin privileges
  • [PLERION-AWS-960] SageMaker domain has admin privileges
  • [PLERION-AWS-961] SageMaker earth observation job has admin privileges
  • [PLERION-AWS-962] SageMaker endpoint config has admin privileges
  • [PLERION-AWS-963] SageMaker hyperparameter tuning job has admin privileges
  • [PLERION-AWS-964] SageMaker image has admin privileges
  • [PLERION-AWS-965] SageMaker MLflow tracking server has admin privileges
  • [PLERION-AWS-966] SageMaker model has admin privileges
  • [PLERION-AWS-967] SageMaker model package has admin privileges
  • [PLERION-AWS-968] SageMaker notebook instance has admin privileges
  • [PLERION-AWS-969] SageMaker pipeline has admin privileges
  • [PLERION-AWS-970] SageMaker processing job has admin privileges
  • [PLERION-AWS-971] SageMaker training job has admin privileges
  • [PLERION-AWS-972] SageMaker user profile has admin privileges
  • [PLERION-AWS-973] SageMaker vector enrichment job has admin privileges
  • [PLERION-AWS-974] SageMaker notebook domain allows egress internet access to bypass VPC
  • [PLERION-AWS-975] SageMaker AutoML job has overly permissive privileges
  • [PLERION-AWS-976] SageMaker earth observation job has overly permissive privileges
  • [PLERION-AWS-977] SageMaker hyperparameter tuning job has overly permissive privileges
  • [PLERION-AWS-978] SageMaker processing job has overly permissive privileges
  • [PLERION-AWS-979] SageMaker training job has overly permissive privileges
  • [PLERION-AWS-980] SageMaker vector enrichment job has overly permissive privileges
  • [PLERION-AWS-981] SageMaker cluster has overly permissive privileges
  • [PLERION-AWS-982] SageMaker domain has overly permissive privileges
  • [PLERION-AWS-983] SageMaker endpoint config has overly permissive privileges
  • [PLERION-AWS-984] SageMaker algorithm has overly permissive privileges
  • [PLERION-AWS-985] SageMaker image has overly permissive privileges
  • [PLERION-AWS-986] SageMaker MLflow tracking server has overly permissive privileges
  • [PLERION-AWS-987] SageMaker model has overly permissive privileges
  • [PLERION-AWS-988] SageMaker model package has overly permissive privileges
  • [PLERION-AWS-989] SageMaker notebook instance has overly permissive privileges
  • [PLERION-AWS-991] SageMaker pipeline has overly permissive privileges
  • [PLERION-AWS-992] SageMaker user profile has overly permissive privileges
  • [PLERION-AWS-993] SageMaker notebook instance has root access enabled
  • [PLERION-AWS-994] SageMaker notebook instance allows egress internet access to bypass VPC
  • [PLERION-AWS-995] SageMaker endpoint without data capture enabled
  • [PLERION-AWS-996] SageMaker pipeline allows privilege escalation
  • [PLERION-AWS-997] SageMaker algorithm allows privilege escalation
  • [PLERION-AWS-998] SageMaker AutoML job allows privilege escalation
  • [PLERION-AWS-999] SageMaker cluster allows privilege escalation
  • [PLERION-AWS-1000] SageMaker domain allows privilege escalation
  • [PLERION-AWS-1001] SageMaker earth observation job allows privilege escalation
  • [PLERION-AWS-1002] SageMaker endpoint config allows privilege escalation
  • [PLERION-AWS-1003] SageMaker hyperparameter tuning job allows privilege escalation
  • [PLERION-AWS-1004] SageMaker image allows privilege escalation
  • [PLERION-AWS-1009] SageMaker processing job allows privilege escalation
  • [PLERION-AWS-1010] SageMaker training job allows privilege escalation
  • [PLERION-AWS-1011] SageMaker user profile allows privilege escalation
  • [PLERION-AWS-1012] SageMaker vector enrichment job allows privilege escalation
All checks are live now. Go see what lights up.
2026-03-03
  1. CloudFormation updates, minus the manual effort: Auto stack update keeps your Plerion stack current with secure, controlled rollouts. Review changelogs, skip versions if needed, and rely on cryptographic verification and isolated execution for peace of mind. Learn more in the platform docs →
2026-02-04
  1. Plerion check updates: This release includes a second round of improvements to existing Plerion checks, making findings clearer and more reliable. The following checks were improved:
  • [PLERION-AWS-78] Redshift cluster does not have encryption in transit enforced
  • [PLERION-AWS-89] SNS topic is publicly accessible
  • [PLERION-AWS-102] Lambda layer is publicly accessible
  • [PLERION-AWS-103] Serverless Application Repository application is publicly accessible
  • [PLERION-AWS-122] MSK cluster does not have encryption in transit enforced for broker-to-broker traffic
  • [PLERION-AWS-123] MSK cluster does not have encryption in transit enforced for client-to-broker traffic
  • [PLERION-AWS-131] MemoryDB cluster does not have encryption in transit enabled
  • [PLERION-AWS-138] SageMaker endpoint does not have a KMS key configured for volume encryption
  • [PLERION-AWS-166] ElastiCache for Redis cluster does not have encryption in transit enabled
  • [PLERION-AWS-180] DocumentDB cluster parameter group does not have encryption in transit enforced
  • [PLERION-AWS-572] EventBridge event bus is publicly accessible
  • [PLERION-AWS-824] RDS cluster does not have encryption in transit enforced
  • [PLERION-AWS-825] RDS instance does not have encryption in transit enforced
  • [PLERION-AWS-844] EFS file system enforces encryption in transit
The following checks have been removed to ensure you receive clear, actionable findings:
  • [PLERION-AWS-128] Ensure Amazon Neptune cluster parameter groups use SSL connections so that they have encryption in transit enabled
  • [PLERION-AWS-840] Ensure Amazon S3 Glacier vaults are encrypted at rest
  • [PLERION-AWS-841] Ensure Amazon S3 Glacier vaults have encryption in transit enabled
  • [PLERION-AWS-845] Ensure Amazon DynamoDB tables have encryption in transit enabled
  • [PLERION-AWS-846] Ensure Amazon EC2 AMIs have encryption in transit enabled
  • [PLERION-AWS-847] Ensure Amazon Elastic Block Store (EBS) volumes have encryption in transit enabled
  • [PLERION-AWS-848] Ensure Amazon Elastic Block Store (EBS) snapshots have encryption in transit enabled
  • [PLERION-AWS-853] Ensure AWS Glue data catalogs have encryption in transit enabled
  • [PLERION-AWS-856] Ensure Amazon DynamoDB tables are encrypted at rest
2026-02-02
  1. Environment wrangling, simplified: Manage Production and Non-production classifications for every cloud integration from one place.
    Open the Environments page →
2026-01-13
  1. New year, newly improved checks: We’re starting the year strong with a round of improvements to existing Plerion checks, helping you identify misconfigurations more clearly and keep your cloud environments secure. Here is the first batch of improved checks, with clearer and more consistent language:
  • [PLERION-AWS-149] EMR cluster does not have encryption in transit enabled
  • [PLERION-AWS-157] OpenSearch domain does not enforce HTTPS
  • [PLERION-AWS-229] CloudFront distribution does not enforce HTTPS for viewers and origins
2025-12-11
  1. Meet your new workload scanning metronome: Define how often your workloads are scanned with daily, recommended or custom schedules. More control and clearer coverage, your way.
2025-11-28
  1. Go global with the new global filter: Set your context across the platform using top-level filters on environment, asset group or integration. More improvements coming soon!
2025-11-24
  1. Environment classification has arrived: Bring order to your cloud universe by classifying your integrations as Production or Non-production. Zoom into the environment you care about and understand issues with sharper context.
2025-10-08
  1. Attack paths for Azure environments: Azure joins the lineup! You can now explore how risks link across your environment and see exactly where to focus your fixes.