Social Dolphin Services
SDS · Field notes

Introducing Solon: a cloud security agent that runs in your account, not ours

Solon shows you who and what can reach what in your cloud, cites every finding to real evidence, and runs inside your own account so your configuration never leaves it.

Type
Field note
Date
6 June 2026
Audience
Security leaders, CTOs, and anyone responsible for what their cloud can reach

The tool we wanted and could not buy

Every serious cloud security tool works the same way: it copies your configuration up to the vendor's cloud, turns it into their own private model, and reasons about your security on their servers. That copy is the product, and it is also the problem. It goes stale between syncs. It means a vendor is holding a map of who and what can reach what across your whole cloud. And it is a subscription that lapses behind a portal your team has to log into.

We wanted the opposite: an agent that reads our cloud where it lives, reasons about it inside our own account, shows its work, and leaves the record in our own hands. We could not buy that, so we built it. It is called Solon.

What Solon does, in plain words

Solon answers one question better than anything we could find: who and what can reach what in your cloud, across both your network and your identities, and is that what you intended. It runs inside your own AWS or GCP account (Azure on a limited, emerging basis), reads everything read-only, and never changes a thing. You can:

  • Ask it anything about your cloud and get a straight answer, with every claim backed by what it actually saw. The answer that used to mean an afternoon in the console comes back in a minute, with the evidence attached.
  • Audit yourself against the rulebook (CIS Foundations, PCI DSS, and NIST 800-53, machine-verified so a rule number is never invented) and see exactly where you stand, each finding naming the exact rule and the exact resource. Walk into the audit already knowing the result.
  • Get the exact fix, not a vague warning when something is wrong: the precise, minimal change, with the resources it weighed.
  • Design it right from the start, mapped to the AWS Well-Architected Security standard, the gold standard for cloud security design.

You do all of this from one screen. Solon ships a lightweight console that runs in your own cluster: an issue-first decision queue that reads your own audit log, ranks what matters, shows each finding's blast radius, and drafts the fix for you to approve. The same bar answers questions in plain language. The console never writes. It shows you the decision and waits for your call.

The thread through all of it: if Solon cannot back a claim with real evidence, it flags it instead of guessing. For a security tool that is the whole point, because a confident answer you cannot check is worse than no answer.

Three things the incumbents cannot say

1. It runs in your cloud, not ours. Solon deploys into your own account. Your configuration never leaves it. There is no vendor service holding a copy of your setup to go stale, to leak, or to be pulled into someone else's legal discovery. 2. Every answer is cited. Each finding traces to the real resource and the real rule behind it, so your team and your auditors can trust it instead of taking it on faith. 3. Your audit log, not our portal. Every run lands in your own tamper-evident record. You can show a regulator exactly what the agent did and why, from your own systems, without logging into anyone else's.

It also complements what you already run. If you use Terraform or CloudFormation, keep using it: that answers "does my cloud match my code." Solon answers a different question, "is what my cloud can reach actually safe, and can you prove it."

A family, staged honestly

Solon is the flagship and it is available now. Two siblings are in private pilot, built and proven but not yet generally available:

  • Praktor is the only one that can change your cloud, and only a change Solon recommended, with a dry run first, a refusal to lock you out, automatic undo on failure, and a record of every action. It applies the fix you approve. It is not an autonomous bot.
  • Tamias finds the cloud savings your provider has no reason to point out, each one cited to the real resource with the math shown.

What we will not pretend

Solon is not a scanner, a SIEM, or an intrusion detector. It is a focused agent for cloud access posture.

It is not equally mature on every cloud. AWS and GCP are primary and proven; Azure is supported on a limited, emerging basis. We will tell you exactly what it covers on your cloud before you commit.

Reachability analysis and identity blast-radius, which we used to call roadmap, now ship: Solon traces what an exposed resource or a compromised principal can actually reach and shows the path. What is still emerging is depth on Azure and the breadth of changes Praktor can safely apply. We would rather name that line precisely than imply an evenly finished product. The deeper mechanics, the deployment model, and how the proof works are written up for your engineers, and we are glad to walk your security lead through all of it.

One-sentence takeaway

Solon is a cloud security agent that runs inside your own account, shows you who and what can reach what, cites every finding to real evidence or flags it, and never sends your configuration to a vendor, so you get a tool you own instead of a portal you rent.

Request private pilot access

Solon is available now, and Praktor and Tamias are open to a small group of pilot and design-partner customers. If you want to see Solon run against your own cloud, or to join the pilot, request access and we will be in touch to talk through your scope and what success looks like.

We do not take every engagement, and we will tell you on the call whether we are the right partner.

Sources