CodeShield is a cloud security platform focused on identifying and remediating insecure IAM (Identity and Access Management) permissions and privilege escalation vulnerabilities in cloud environments, primarily AWS. The platform analyzes IAM policies, roles, and permissions to uncover attack paths that adversaries could exploit to move laterally within a cloud environment and gain unauthorized access to critical assets. It maps discovered attack scenarios to the MITRE ATT&CK framework and classifies findings by severity. Key capabilities include: - Attack path visualization: CodeShield generates graph-based views of how an attacker could chain together misconfigured IAM policies, over-privileged roles, and vulnerabilities (including CVEs such as Log4Shell/CVE-2021-44228) to escalate privileges and compromise cloud accounts. - Pre-deployment scanning: The platform integrates with infrastructure-as-code workflows to detect breaking security changes before they are deployed to cloud environments, helping developers understand the effective permissions introduced by code changes. - Cloud impact assessment: For each identified privilege escalation or attack scenario, CodeShield identifies which specific cloud resources are at risk, enabling teams to prioritize remediation efforts. - Whitebox analysis: The platform takes a whitebox approach, analyzing the actual configuration of cloud environments to surface complex, multi-step attack chains that may not be apparent through manual review. CodeShield targets cloud developers and security teams working in AWS environments. The company has received support from academic and research institutions including CISPA and the University of Paderborn, as well as German innovation programs, suggesting a German origin.