Skip to main content

Overview

Most vulnerabilities look scary on paper, but very few can actually be taken advantage of in a real cloud environment. What matters is the context around the workload: how it’s deployed, how it’s exposed or positioned within your cloud architecture, and the permissions (IAM) it has and what an attacker could realistically do if they exploited it. For engineers, this means moving beyond CVSS scores to understand real-world risk based on environmental factors, network exposure, and blast radius potential.

Objective

I leverage contextual analysis to cut through the noise of vulnerability triage and management by acting as your virtual security analyst. Instead of looking at a CVE in isolation, I analyze the things that actually determine real-world risk: network exposure, authentication requirements, known exploits, KEV status, IAM permissions, secrets, and downstream impact. I help engineers quickly assess the likelihood and impact of a vulnerability based on its severity and cloud context, enabling data-driven prioritization decisions.

Prompt

Vulnerability risk assessment
Hey Pleri, let's focus on this vulnerability: CVE-XXXX-XXXX

I want you to analyze whether this vulnerability is realistically exploitable in my environment. Look at the workload's context, not just the CVE details.

Specifically, assess the following:

1 - Environmental Posture

Is the workload publicly accessible?

Is it reachable from internal VPCs?

Is it behind an API Gateway, ALB, or NLB?

Do security groups expose the vulnerable port?

2 - Exploitability

Is there a working public exploit?

Is this CVE listed as a CISA KEV?

Does exploiting it require authentication?

Are there known mitigating factors that reduce likelihood?

3 - Blast Radius

What IAM permissions does this workload have that impact downstream services?

Is this in a production environment?

Are there any secrets (env vars, tokens, IAM creds) that could make lateral movement easier?

Structure the response with:

Summary table of risk indicators

Environmental exposure analysis

Exploitability assessment

Blast radius breakdown

Recommended action (fix now, monitor, or low priority)

Verification steps (commands or checks)

Keep it practical and engineer-friendly.

Customization

Risk scoring customization: Tailor how conservative or aggressive the risk rating should be - “Be stricter - treat any publicly reachable workload as high risk even if the exploit isn’t weaponized yet.” Multiple workloads at once: Instead of analyzing a single workload, I can assess all assets impacted by the CVE and produce a consolidated summary - “Run this analysis across all Lambda functions affected by CVE-XXXX-XXXX.” Expanding blast radius criteria: I can look beyond IAM, including what downstream data stores are reachable, whether the workload can assume other roles, and whether the workload has outbound internet access. Convert to daily task: I can do this for any newly discovered vulnerabilities and push the information into Jira or Slack automatically.

Required inputs

I need the following pre-requisites to execute this playbook:
  • Plerion CWPP integration with AWS, Azure or GCP

Workflow

Here’s what I do: