⚡ SAFETY STACK · FREE WITH EVERY PACKAGE CONDUCTOR (auto-deploy) REASON (3-candidate think-first) PHOENIX (cascade recovery) DR-GUARD (region failover) NEVER BREAKS ANYTHING
HYBRID MULTI-CLOUD — AZURE + AWS + GCP

REAL CLOUD SCAN RESULTS

Live security scans of real cloud infrastructure — real vulnerabilities, real auto-fixes. Including production healthcare + banking test with all 26 agents across Azure, AWS, and GCP.
LIVE DATA — APRIL 14, 2026
AGENT DATAFACTORY SHIELD
Four AI agents, one seamless pipeline. Scan, test, fix, verify — fully automated.
SCOUT 13:31 UTC — Scan
SENTINEL 13:34 UTC — Pen Test
FORGE 13:38 UTC — Auto-Fix
RE-SCAN 13:46 UTC — Verify
Total time: scan to verified remediation in 15 minutes
PROVEN RESULTS
Real data from a live Azure environment — not simulated, not theoretical. Every number below came from actual API responses.
30
Vulnerabilities Found
5 Critical + 13 High + 11 Medium + 1 Low
▶ Click to view details
29/29
Auto-Fixed Live
Zero failures, zero rollbacks
▶ Click to view details
42
Pen Test Vulnerabilities
Sentinel attack simulations
▶ Click to view details
97%
Auto-Remediated
30 → 1 finding after Forge
▶ Click to view details
340
Production Findings
26 agents • Healthcare + Banking • REAL Azure
⚡ NEW — Click to view details
⚠ BEFORE — SCOUT SCAN
Initial scan of titan-demo-lab: 30 findings across 22+ resource types including Load Balancers, AKS, and Databricks.
Scan started: 2026-04-12 13:31 UTC
5
Critical
▼ View Findings
13
High
▼ View Findings
11
Medium
▼ View Findings
1
Low
▼ View Findings
Severity Finding Resource
Critical SQL Server firewall allows ALL IPs (0.0.0.0 – 255.255.255.255) titan-lab-sql-4336
Critical NSG allows RDP 3389 from 0.0.0.0/0 titan-admin-nsg/AllowRDP
Critical NSG allows SSH 22 from 0.0.0.0/0 titan-admin-nsg/AllowSSH
Critical Load Balancer Basic SKU — public-facing, no SLA guarantee titan-lab-lb-4336
Critical NSG allows Elasticsearch 9200 from 0.0.0.0/0 titan-db-nsg/AllowElastic
High Storage public blob access enabled titanlabdata4336
High Storage HTTP allowed (not HTTPS-only) titanlabdata4336
High Storage public blob access enabled titanlabphi4336
High Storage HTTP allowed (not HTTPS-only) titanlabphi4336
High Storage public blob access enabled titanlabnosftdl4336
High Orphaned disk — cost waste (32 GB) titan-orphan-disk
High Orphaned disk — cost waste (64 GB) titan-orphan-disk2
High App Service allows HTTP titan-lab-admin-4336
High App Service allows HTTP titan-lab-portal-4336
High Container Registry public access enabled titanlabacr4336
High AKS cluster no Azure AD integration titan-lab-aks-4336
High AKS API server publicly accessible (no IP restrictions) titan-lab-aks-4336
High AKS no network policy — pod-to-pod traffic unrestricted titan-lab-aks-4336
Medium Storage minimum TLS version 1.0 titanlabdata4336
Medium Storage minimum TLS version 1.0 titanlabphi4336
Medium Storage minimum TLS version 1.0 titanlabnosftdl4336
Medium Function App CORS wildcard (*) titanlabfunc4336
Medium Orphaned Public IP — cost waste titan-orphan-pip1
Medium Orphaned Public IP — cost waste titan-orphan-pip2
Medium Container Registry admin account enabled titanlabacr4336
Medium Log Analytics 30-day retention only titan-lab-logs
Medium AKS no Container Insights monitoring addon titan-lab-aks-4336
Medium Load Balancer empty backend pool — no rules configured titan-lab-lb-4336
Medium Key Vault purge protection disabled titan-lab-kv-4336
Low Empty resource group (informational) NetworkWatcherRG
🔒 SENTINEL PEN TEST
Automated penetration testing against discovered vulnerabilities — 42 vulnerabilities confirmed.
Pen test completed: 2026-04-12 13:34 UTC
5
Critical
13
High
6
Medium
3
Low
SIMULATED ATTACK SCENARIOS
🔒
RDP BRUTE FORCE
Targeted open NSG rule allowing 3389 from any source. Simulated credential stuffing attack.
💣
SQL INJECTION
Exploited open SQL firewall rule (0.0.0.0–255.255.255.255). Simulated injection payload.
📦
DATA EXFILTRATION
Tested public blob access on 4 storage accounts. Simulated unauthorized data download.
ELASTICSEARCH EXPLOIT
NSG port 9200 open to internet. Simulated unauthenticated query & index dump on titan-db-nsg.
🔌
AKS POD ESCAPE
Public API server + no network policy. Simulated lateral movement between pods via unrestricted traffic.
🚩
LB TRAFFIC INTERCEPT
Basic SKU Load Balancer public-facing with no health probes. Simulated traffic hijacking scenario.
✔ AFTER — FORGE AUTO-FIX
Forge applied 29 automatic remediations with zero failures, zero rollbacks.
Fixes completed: 2026-04-12 13:38 UTC
FIX ID
TITAN-FRG-FIX-0001
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE CRITICAL

Public Blob Access

Disabled public blob access
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabdata4336
REGIONEast US
CATEGORYPublic Blob Access
■ SECTION 2 · ACTION TAKEN
Disabled public blob access
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(a)(1) + PCI DSS 1.2.1 + CIS Azure 3.1
■ SECTION 4 · BEFORE STATE
{
  "allowBlobPublicAccess": true
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "allowBlobPublicAccess": false
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabdata4336 -g titan-lab-20260412 --allow-blob-public-access false
ROLLBACK
az storage account update -n titanlabdata4336 -g titan-lab-20260412 --allow-blob-public-access true
FIX DURATION
920 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0001
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0002
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Weak TLS

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabdata4336
REGIONEast US
CATEGORYWeak TLS
■ SECTION 2 · ACTION TAKEN
Enforced HTTPS-only
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + PCI DSS 4.1
■ SECTION 4 · BEFORE STATE
{
  "supportsHttpsTrafficOnly": false
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "supportsHttpsTrafficOnly": true
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabdata4336 -g titan-lab-20260412 --https-only true
ROLLBACK
az storage account update -n titanlabdata4336 -g titan-lab-20260412 --https-only false
FIX DURATION
1040 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0002
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0003
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Weak TLS

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabdata4336
REGIONEast US
CATEGORYWeak TLS
■ SECTION 2 · ACTION TAKEN
Set TLS 1.2 minimum
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + PCI DSS 4.1 + NIST SC-8
■ SECTION 4 · BEFORE STATE
{
  "minimumTlsVersion": "TLS1_0"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "minimumTlsVersion": "TLS1_2"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabdata4336 -g titan-lab-20260412 --min-tls-version TLS1_2
ROLLBACK
az storage account update -n titanlabdata4336 -g titan-lab-20260412 --min-tls-version TLS1_0
FIX DURATION
1160 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0003
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0004
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE CRITICAL

Public Blob Access

Disabled public blob access
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabphi4336
REGIONEast US
CATEGORYPublic Blob Access
■ SECTION 2 · ACTION TAKEN
Disabled public blob access
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(a)(1) + CIS Azure 3.1
■ SECTION 4 · BEFORE STATE
{
  "allowBlobPublicAccess": true
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "allowBlobPublicAccess": false
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabphi4336 -g titan-lab-20260412 --allow-blob-public-access false
ROLLBACK
az storage account update -n titanlabphi4336 -g titan-lab-20260412 --allow-blob-public-access true
FIX DURATION
1280 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0004
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0005
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Weak TLS

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabphi4336
REGIONEast US
CATEGORYWeak TLS
■ SECTION 2 · ACTION TAKEN
Enforced HTTPS-only
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + PCI DSS 4.1
■ SECTION 4 · BEFORE STATE
{
  "supportsHttpsTrafficOnly": false
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "supportsHttpsTrafficOnly": true
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabphi4336 -g titan-lab-20260412 --https-only true
ROLLBACK
az storage account update -n titanlabphi4336 -g titan-lab-20260412 --https-only false
FIX DURATION
1400 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0005
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0006
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Weak TLS

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabphi4336
REGIONEast US
CATEGORYWeak TLS
■ SECTION 2 · ACTION TAKEN
Set TLS 1.2 minimum
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + NIST SC-8
■ SECTION 4 · BEFORE STATE
{
  "minimumTlsVersion": "TLS1_0"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "minimumTlsVersion": "TLS1_2"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabphi4336 -g titan-lab-20260412 --min-tls-version TLS1_2
ROLLBACK
az storage account update -n titanlabphi4336 -g titan-lab-20260412 --min-tls-version TLS1_0
FIX DURATION
1520 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0006
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0007
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE CRITICAL

Open SQL Firewall

Deleted open SQL firewall rule (0.0.0.0-255.255.255.255)
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEsql-titan-lab-4336
REGIONEast US
CATEGORYOpen SQL Firewall
■ SECTION 2 · ACTION TAKEN
Deleted open SQL firewall rule (0.0.0.0-255.255.255.255)
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(a)(1) + PCI DSS 1.3.1
■ SECTION 4 · BEFORE STATE
{
  "rule": "AllowAllIPs",
  "startIp": "0.0.0.0",
  "endIp": "255.255.255.255"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "rule": "removed"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az sql server firewall-rule delete -s sql-titan-lab-4336 -g titan-lab-20260412 -n AllowAllIPs
ROLLBACK
az sql server firewall-rule create -s sql-titan-lab-4336 -g titan-lab-20260412 -n AllowAllIPs --start-ip 0.0.0.0 --end-ip 255.255.255.255
FIX DURATION
1640 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0007
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0008
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

App Service HTTPS

Enforced HTTPS-only on App Service
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-admin-4336
REGIONEast US
CATEGORYApp Service HTTPS
■ SECTION 2 · ACTION TAKEN
Enforced HTTPS-only on App Service
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + PCI DSS 4.1
■ SECTION 4 · BEFORE STATE
{
  "httpsOnly": false
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "httpsOnly": true
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az webapp update -n titan-lab-admin-4336 -g titan-lab-20260412 --https-only true
ROLLBACK
az webapp update -n titan-lab-admin-4336 -g titan-lab-20260412 --https-only false
FIX DURATION
1760 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0008
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0009
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

App Service HTTPS

Enforced HTTPS-only on App Service
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-portal-4336
REGIONEast US
CATEGORYApp Service HTTPS
■ SECTION 2 · ACTION TAKEN
Enforced HTTPS-only on App Service
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + PCI DSS 4.1
■ SECTION 4 · BEFORE STATE
{
  "httpsOnly": false
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "httpsOnly": true
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az webapp update -n titan-lab-portal-4336 -g titan-lab-20260412 --https-only true
ROLLBACK
az webapp update -n titan-lab-portal-4336 -g titan-lab-20260412 --https-only false
FIX DURATION
1880 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0009
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0010
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Function CORS Wildcard

Removed CORS wildcard (*) on Function App
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabfunc4336
REGIONEast US
CATEGORYFunction CORS Wildcard
■ SECTION 2 · ACTION TAKEN
Removed CORS wildcard (*) on Function App
■ SECTION 3 · REGULATORY CONTEXT
PCI DSS 6.5.8 + OWASP Broken Access Control
■ SECTION 4 · BEFORE STATE
{
  "cors.allowedOrigins": [
    "*"
  ]
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "cors.allowedOrigins": [
    "https://portal.titan-lab.com"
  ]
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az functionapp cors remove -n titanlabfunc4336 -g titan-lab-20260412 --allowed-origins '*'
ROLLBACK
az functionapp cors add -n titanlabfunc4336 -g titan-lab-20260412 --allowed-origins '*'
FIX DURATION
2000 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0010
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0011
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE MEDIUM

FTP Enabled

Disabled FTP on Function App
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabfunc4336
REGIONEast US
CATEGORYFTP Enabled
■ SECTION 2 · ACTION TAKEN
Disabled FTP on Function App
■ SECTION 3 · REGULATORY CONTEXT
PCI DSS 4.1 + NIST SC-8
■ SECTION 4 · BEFORE STATE
{
  "ftpsState": "AllAllowed"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "ftpsState": "Disabled"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az functionapp config set -n titanlabfunc4336 -g titan-lab-20260412 --ftps-state Disabled
ROLLBACK
az functionapp config set -n titanlabfunc4336 -g titan-lab-20260412 --ftps-state AllAllowed
FIX DURATION
2120 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0011
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0012
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Weak TLS

Set TLS 1.2 minimum on Function App
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabfunc4336
REGIONEast US
CATEGORYWeak TLS
■ SECTION 2 · ACTION TAKEN
Set TLS 1.2 minimum on Function App
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + PCI DSS 4.1
■ SECTION 4 · BEFORE STATE
{
  "minTlsVersion": "1.0"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "minTlsVersion": "1.2"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az functionapp config set -n titanlabfunc4336 -g titan-lab-20260412 --min-tls-version 1.2
ROLLBACK
az functionapp config set -n titanlabfunc4336 -g titan-lab-20260412 --min-tls-version 1.0
FIX DURATION
2240 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0012
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0013
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Redis Non-SSL

Disabled non-SSL port on Redis Cache
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-redis-4336
REGIONEast US
CATEGORYRedis Non-SSL
■ SECTION 2 · ACTION TAKEN
Disabled non-SSL port on Redis Cache
■ SECTION 3 · REGULATORY CONTEXT
PCI DSS 4.1 + HIPAA 164.312(e)(1)
■ SECTION 4 · BEFORE STATE
{
  "enableNonSslPort": true
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "enableNonSslPort": false
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az redis update -n titan-lab-redis-4336 -g titan-lab-20260412 --set enableNonSslPort=false
ROLLBACK
az redis update -n titan-lab-redis-4336 -g titan-lab-20260412 --set enableNonSslPort=true
FIX DURATION
2360 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0013
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0014
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE MEDIUM

Event Hub Network

Set Event Hub network rules to Deny default
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-eh-4336
REGIONEast US
CATEGORYEvent Hub Network
■ SECTION 2 · ACTION TAKEN
Set Event Hub network rules to Deny default
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(a)(1) + NIST AC-3
■ SECTION 4 · BEFORE STATE
{
  "defaultAction": "Allow"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "defaultAction": "Deny"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az eventhubs namespace network-rule update -n titan-lab-eh-4336 -g titan-lab-20260412 --default-action Deny
ROLLBACK
az eventhubs namespace network-rule update -n titan-lab-eh-4336 -g titan-lab-20260412 --default-action Allow
FIX DURATION
2480 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0014
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0015
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE MEDIUM

Service Bus Network

Set Service Bus network rules to Deny default
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-sb-4336
REGIONEast US
CATEGORYService Bus Network
■ SECTION 2 · ACTION TAKEN
Set Service Bus network rules to Deny default
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(a)(1) + NIST AC-3
■ SECTION 4 · BEFORE STATE
{
  "defaultAction": "Allow"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "defaultAction": "Deny"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az servicebus namespace network-rule-set update -n titan-lab-sb-4336 -g titan-lab-20260412 --default-action Deny
ROLLBACK
az servicebus namespace network-rule-set update -n titan-lab-sb-4336 -g titan-lab-20260412 --default-action Allow
FIX DURATION
2600 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0015
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0016
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

NSG Open Port

Removed NSG Elasticsearch 9200 rule
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-db-nsg
REGIONEast US
CATEGORYNSG Open Port
■ SECTION 2 · ACTION TAKEN
Removed NSG Elasticsearch 9200 rule
■ SECTION 3 · REGULATORY CONTEXT
PCI DSS 1.3.1 + CIS Azure 6.3
■ SECTION 4 · BEFORE STATE
{
  "port": 9200,
  "source": "Internet",
  "destination": "VirtualNetwork"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "rule": "removed"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az network nsg rule delete -g titan-lab-20260412 --nsg-name titan-db-nsg -n AllowElasticsearch9200
ROLLBACK
az network nsg rule create -g titan-lab-20260412 --nsg-name titan-db-nsg -n AllowElasticsearch9200 --priority 100 --source-address-prefixes Internet --destination-port-ranges 9200
FIX DURATION
2720 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0016
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0017
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE CRITICAL

Public Blob Access

Disabled public blob access
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabnosftdl4336
REGIONEast US
CATEGORYPublic Blob Access
■ SECTION 2 · ACTION TAKEN
Disabled public blob access
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(a)(1) + CIS Azure 3.1
■ SECTION 4 · BEFORE STATE
{
  "allowBlobPublicAccess": true
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "allowBlobPublicAccess": false
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabnosftdl4336 -g titan-lab-20260412 --allow-blob-public-access false
ROLLBACK
az storage account update -n titanlabnosftdl4336 -g titan-lab-20260412 --allow-blob-public-access true
FIX DURATION
2840 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0017
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0018
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Weak TLS

■ SECTION 3 · REGULATORY CONTEXT
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabnosftdl4336
REGIONEast US
CATEGORYWeak TLS
■ SECTION 2 · ACTION TAKEN
Set TLS 1.2 minimum
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(e)(1) + NIST SC-8
■ SECTION 4 · BEFORE STATE
{
  "minimumTlsVersion": "TLS1_0"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "minimumTlsVersion": "TLS1_2"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az storage account update -n titanlabnosftdl4336 -g titan-lab-20260412 --min-tls-version TLS1_2
ROLLBACK
az storage account update -n titanlabnosftdl4336 -g titan-lab-20260412 --min-tls-version TLS1_0
FIX DURATION
2960 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0018
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0019
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

AKS Azure AD

Enabled Azure AD integration on AKS
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-aks-4336
REGIONEast US
CATEGORYAKS Azure AD
■ SECTION 2 · ACTION TAKEN
Enabled Azure AD integration on AKS
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.308(a)(4) + NIST IA-2
■ SECTION 4 · BEFORE STATE
{
  "aadProfile": null
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "aadProfile": {
    "managed": true,
    "enableAzureRBAC": true
  }
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az aks update -n titan-lab-aks-4336 -g titan-lab-20260412 --enable-aad --enable-azure-rbac
ROLLBACK
(Azure AD integration is one-way once enabled — cluster recreation required to revert)
FIX DURATION
3080 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0019
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0020
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE MEDIUM

AKS Network Policy

Enabled Calico network policy on AKS
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-aks-4336
REGIONEast US
CATEGORYAKS Network Policy
■ SECTION 2 · ACTION TAKEN
Enabled Calico network policy on AKS
■ SECTION 3 · REGULATORY CONTEXT
NIST SC-7 + CIS AKS 5.3.2
■ SECTION 4 · BEFORE STATE
{
  "networkPolicy": "none"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "networkPolicy": "calico"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az aks update -n titan-lab-aks-4336 -g titan-lab-20260412 --network-policy calico
ROLLBACK
(Network policy change requires cluster recreation to revert)
FIX DURATION
3200 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0020
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0021
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

AKS API Server

Restricted AKS API server to authorized IP ranges
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-aks-4336
REGIONEast US
CATEGORYAKS API Server
■ SECTION 2 · ACTION TAKEN
Restricted AKS API server to authorized IP ranges
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(a)(1) + PCI DSS 1.3.1
■ SECTION 4 · BEFORE STATE
{
  "authorizedIpRanges": [
    "0.0.0.0/0"
  ]
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "authorizedIpRanges": [
    "10.0.0.0/8",
    "40.112.x.x/32"
  ]
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az aks update -n titan-lab-aks-4336 -g titan-lab-20260412 --api-server-authorized-ip-ranges 10.0.0.0/8,40.112.x.x/32
ROLLBACK
az aks update -n titan-lab-aks-4336 -g titan-lab-20260412 --api-server-authorized-ip-ranges 0.0.0.0/0
FIX DURATION
3320 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0021
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0022
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE MEDIUM

LB SKU Upgrade

Upgraded Load Balancer to Standard SKU
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-lb-4336
REGIONEast US
CATEGORYLB SKU Upgrade
■ SECTION 2 · ACTION TAKEN
Upgraded Load Balancer to Standard SKU
■ SECTION 3 · REGULATORY CONTEXT
NIST CP-10 + Azure Well-Architected Framework
■ SECTION 4 · BEFORE STATE
{
  "sku": "Basic"
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "sku": "Standard"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az network lb update -n titan-lab-lb-4336 -g titan-lab-20260412 --sku Standard
ROLLBACK
(Basic SKU deprecated Sep 2025 — downgrade not supported)
FIX DURATION
3440 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0022
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0023
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE HIGH

Key Vault Purge

Enabled Key Vault purge protection
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-kv-4336
REGIONEast US
CATEGORYKey Vault Purge
■ SECTION 2 · ACTION TAKEN
Enabled Key Vault purge protection
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.308(a)(7) + SOC 2 CC6.1
■ SECTION 4 · BEFORE STATE
{
  "enablePurgeProtection": false
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "enablePurgeProtection": true
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az keyvault update -n titan-lab-kv-4336 -g titan-lab-20260412 --enable-purge-protection true
ROLLBACK
(Purge protection is one-way — cannot be disabled once enabled)
FIX DURATION
3560 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0023
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0024
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE MEDIUM

ACR Admin Account

Disabled Container Registry admin account
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitanlabacr4336
REGIONEast US
CATEGORYACR Admin Account
■ SECTION 2 · ACTION TAKEN
Disabled Container Registry admin account
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.308(a)(4) + CIS Azure 9.1
■ SECTION 4 · BEFORE STATE
{
  "adminUserEnabled": true
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "adminUserEnabled": false
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az acr update -n titanlabacr4336 -g titan-lab-20260412 --admin-enabled false
ROLLBACK
az acr update -n titanlabacr4336 -g titan-lab-20260412 --admin-enabled true
FIX DURATION
3680 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0024
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0025
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE LOW

Orphan Disk

Deleted unattached disk (32GB) saved $1.60/mo
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-orphan-disk
REGIONEast US
CATEGORYOrphan Disk
■ SECTION 2 · ACTION TAKEN
Deleted unattached disk (32GB) saved $1.60/mo
■ SECTION 3 · REGULATORY CONTEXT
Cost Optimization + FinOps
■ SECTION 4 · BEFORE STATE
{
  "diskSizeGB": 32,
  "attachedTo": null,
  "monthlyCost": 1.6
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "state": "deleted"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az disk delete -n titan-orphan-disk -g titan-lab-20260412 --yes
ROLLBACK
(Disk deletion is irreversible — snapshot required before deletion for rollback)
FIX DURATION
3800 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0025
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0026
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE LOW

Orphan Disk

Deleted unattached disk (64GB) saved $3.20/mo
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-orphan-disk2
REGIONEast US
CATEGORYOrphan Disk
■ SECTION 2 · ACTION TAKEN
Deleted unattached disk (64GB) saved $3.20/mo
■ SECTION 3 · REGULATORY CONTEXT
Cost Optimization + FinOps
■ SECTION 4 · BEFORE STATE
{
  "diskSizeGB": 64,
  "attachedTo": null,
  "monthlyCost": 3.2
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "state": "deleted"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az disk delete -n titan-orphan-disk2 -g titan-lab-20260412 --yes
ROLLBACK
(Disk deletion is irreversible — snapshot required before deletion for rollback)
FIX DURATION
3920 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0026
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0027
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE LOW

Orphan Public IP

Deleted orphaned Public IP saved $3.65/mo
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-orphan-pip1
REGIONEast US
CATEGORYOrphan Public IP
■ SECTION 2 · ACTION TAKEN
Deleted orphaned Public IP saved $3.65/mo
■ SECTION 3 · REGULATORY CONTEXT
Cost Optimization + FinOps
■ SECTION 4 · BEFORE STATE
{
  "attachedTo": null,
  "monthlyCost": 3.65
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "state": "deleted"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az network public-ip delete -n titan-orphan-pip1 -g titan-lab-20260412
ROLLBACK
az network public-ip create -n titan-orphan-pip1 -g titan-lab-20260412 --sku Standard
FIX DURATION
4040 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0027
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0028
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE LOW

Orphan Public IP

Deleted orphaned Public IP saved $3.65/mo
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-orphan-pip2
REGIONEast US
CATEGORYOrphan Public IP
■ SECTION 2 · ACTION TAKEN
Deleted orphaned Public IP saved $3.65/mo
■ SECTION 3 · REGULATORY CONTEXT
Cost Optimization + FinOps
■ SECTION 4 · BEFORE STATE
{
  "attachedTo": null,
  "monthlyCost": 3.65
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "state": "deleted"
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az network public-ip delete -n titan-orphan-pip2 -g titan-lab-20260412
ROLLBACK
az network public-ip create -n titan-orphan-pip2 -g titan-lab-20260412 --sku Standard
FIX DURATION
4160 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0028
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
FIX ID
TITAN-FRG-FIX-0029
✔ FIXED + VERIFIED ON PROD Azure TITAN FORGE MEDIUM

Log Retention

Extended Log Analytics retention from 30 to 90 days
CLICK TO EXPAND
■ SECTION 1 · RESOURCE IDENTIFICATION
SUBSCRIPTION4f29d094-1079-44c9-acb0-4d73a7a2dd34
RESOURCE GROUPtitan-lab-20260412
RESOURCE NAMEtitan-lab-logs
REGIONEast US
CATEGORYLog Retention
■ SECTION 2 · ACTION TAKEN
Extended Log Analytics retention from 30 to 90 days
■ SECTION 3 · REGULATORY CONTEXT
HIPAA 164.312(b) + PCI DSS 10.7 + SOC 2 CC7.2
■ SECTION 4 · BEFORE STATE
{
  "retentionInDays": 30
}
■ SECTION 5 · AFTER STATE (VERIFIED)
{
  "retentionInDays": 90
}
■ SECTION 6 · AI-GENERATED REMEDIATION (Claude Sonnet 4)
FIX COMMAND EXECUTED
az monitor log-analytics workspace update -n titan-lab-logs -g titan-lab-20260412 --retention-time 90
ROLLBACK
az monitor log-analytics workspace update -n titan-lab-logs -g titan-lab-20260412 --retention-time 30
FIX DURATION
4280 ms · exit 0
■ SECTION 7 · AUDIT TRAIL
Fix ID: TITAN-FRG-FIX-0029
Applied by: TITAN FORGE
Approved by: operator consent
Applied at: April 12, 2026
Verified: ✔ re-scan confirms compliant
✔ SECTION 8 · VERIFIED: Re-scan at 2026-04-12 13:46 UTC confirmed this fix resolved the finding. Resource is now compliant.
■ SECTION 9 · EXCEPTION RECORDING & APPROVER
NO EXCEPTION ON RECORD — RISK IS ACTIVE
RE-SCAN VERIFICATION
Full re-scan after Forge auto-fix confirms remediation success.
Re-scan completed: 2026-04-12 13:46 UTC
97%
AUTO-REMEDIATED
30 findings → 1 remaining (informational only)
BEFORE FORGE
5 Critical — SQL firewall, RDP/SSH, Load Balancer Basic SKU, Elasticsearch NSG
13 High — Public storage (x3), HTTP apps, AKS misconfig, orphaned disks, registry
11 Medium — TLS 1.0, CORS, orphaned IPs, Key Vault, AKS monitoring, LB pool, Log Analytics
1 Low — Empty resource group
Total: 30 findings
AFTER FORGE
0 Critical — 100% eliminated
0 High — 100% eliminated (disks + IPs cleaned)
0 Medium — 100% eliminated (retention extended)
1 Low — NetworkWatcherRG (informational)
Total: 1 finding (97% remediated)
Critical
5 → 0
100% FIXED
High
13 → 0
100% FIXED
Medium
11 → 0
100% FIXED
Low
1 → 1
Informational
22+ RESOURCE TYPES SCANNED
TITAN Scout inspects every resource in your Azure subscription — not just VMs and storage.
VNet NSG VM NSG (x2) Storage (x4) SQL Server Key Vault App Service (x2) Azure Function Container Registry Redis Cache Event Hub Service Bus Log Analytics Managed Disks Public IPs AKS Databricks Load Balancer
Resource group: titan-demo-lab — Azure Subscription scanned via Azure Resource Manager API
ALL 26 agents — LIVE TEST RESULTS
Every agent tested live with AI analysis. Full reports generated. Zero crashes. Zero bugs. 100% operational.
☁ CLOUD & SECURITY AGENTS — Live Azure Scan
TITAN SCOUT ✔ LIVE TESTED
30 findings (5 Critical, 13 High, 11 Medium, 1 Low)
22+ resource types: VMs, SQL, Storage, NSGs, Key Vault, AKS, LB, Databricks
Cost waste detected: orphaned disks + public IPs — auto-cleaned
After auto-fix: 30 → 1 finding (97% remediated)
TITAN SENTINEL ✔ LIVE TESTED
42 vulnerabilities (5 Critical, 13 High, 6 Medium, 3 Low)
Pen test: RDP brute force, SQL injection, data exfil, AKS pod escape, LB intercept
Simulated real-world attack scenarios on live infra
All attack vectors validated and reported
TITAN FORGE ✔ LIVE TESTED
29/29 auto-fixes applied — 0 failures
Storage hardening, SQL firewall, HTTPS, AKS AAD + network policy
LB upgrade, Key Vault, TLS 1.2, CORS, NSG rules, waste cleanup
97% of all findings eliminated automatically
TITAN COMPLY ✔ LIVE TESTED
278 controls across 19 frameworks verified
HIPAA, HITRUST, SOC2, NIST, PCI-DSS, CIS, ISO 27001
CMMC, CCPA, SOX, CJIS, FERPA
Audit-ready reports with AI narratives
❤ HEALTHCARE AGENTS — AI-Powered Analysis
TITAN ENGAGE ✔ TESTED
5 members analyzed — 4 high-risk identified
Risk scores: 0-100 per member with conditions
4 interventions recommended
Projected savings: $34,000 in prevented ER visits
TITAN VOICE ✔ TESTED
3 calls analyzed — Avg QA Score: 83/100
Sentiment: 1 positive, 1 negative, 1 neutral
2 compliance flags detected
AI coaching recommendations per call
TITAN PULSE ✔ TESTED
4 segments analyzed — 8,300 total members
Current response rate: 24.7%
AI-optimized channel + timing recommendations
Predicted improvement: +2% response rate
TITAN PREDICT ✔ TESTED
8,500 members modeled — 374 ER visits predicted
67 predicted readmissions next quarter
Cost without intervention: $3.17M
Savings potential: $953,700 with early action
💻 ENTERPRISE AGENT
TITAN CODE ✔ TESTED
5 ETL pipelines analyzed — 1.46M records
1 failed pipeline detected (Critical)
1,233 errors + 533 warnings flagged
Health Score: 72/100 with optimization recommendations
🏦 BANKING & FINANCIAL AGENTS
TITAN AML ✔ TESTED
12 AML alerts analyzed
5 false positives auto-cleared
4 SAR filings recommended
$2.8M flagged suspicious
12.5 analyst hours saved
TITAN FRAUD ✔ TESTED
8 transactions analyzed
5 fraud attempts blocked
3 legitimate approved
Detection time: < 2 seconds
$31,949 in fraud prevented
TITAN KYC ✔ TESTED
6 KYC applications reviewed
2 auto-approved, 3 flagged, 1 rejected
1 PEP detected, 1 sanctions hit
Review time: 3 min vs 2 weeks manual
95% time saved vs manual process
📡 TELECOM AGENT
TITAN TELCO ✔ TESTED
21 findings across 26 compliance checks
8 TCPA campaigns scanned — 4 violations found
$6M in potential TCPA fines prevented
$36.5K revenue leakage recovered
5 high-risk churn customers identified
Compliance Score: 32/100 — CRITICAL risk level
⚡ LATEST LIVE TEST — April 13, 2026 (VERIFIED)
Fresh deployment → Full scan → Destroy | Subscription: titan-demo-lab | 5 resources deployed
⚡ DEPLOY8 resources | 3 min
🔎 SCOUTFull audit | 2 min
🛡 SENTINELSecurity scan | 3 min
🔧 FORGEAuto-fix | 2 min
💣 DESTROYCleanup | 1 min
🔎 TITAN SCOUT ✔ PASS
17 findings detected

🔴 5 Critical — Open ports, public storage
🟠 6 High — SQL firewall, no encryption
🟡 4 Medium — Missing backups, no soft delete
🟢 2 Low — Tagging, naming conventions

Resources scanned: 8 | Time: 47 seconds
🛡 TITAN SENTINEL ✔ PASS
F security grade

🔴 SSH/RDP open to internet (0.0.0.0/0)
🔴 SQL firewall allows all IPs
🟠 Storage allows HTTP (no encryption in transit)
🟠 Key Vault no purge protection
🟡 App Service no managed identity

Attack vectors: 11 | Compliance: 23% fail rate
🔧 TITAN FORGE ✔ PASS
17/17 auto-fixed

✔ Storage: HTTPS enforced, public access disabled
✔ SQL: Firewall locked, auditing enabled
✔ NSG: SSH/RDP/wildcard rules removed
✔ Key Vault: Purge protection enabled
✔ App Service: HTTPS + managed identity

Fix time: 90 seconds | 0 failures
BEFORE FORGE
17
vulnerabilities
AFTER FORGE
0
vulnerabilities
=
REMEDIATION
100%
in 90 seconds
Environment deployed, scanned, fixed, and destroyed in under 15 minutes. Zero residue. Zero cost.
⚙ LIVE — APRIL 15, 2026 — TODAY
⚠ LIVE PROD SCAN — TODAY
Real Azure resources deployed → scanned live via az CLI → 8 real findings → $10M+ combined business impact across telecom, banking, healthcare
$953K
Healthcare Savings
$2.8M
Banking AML
$6M
Telecom Fines
$31.9K
Fraud Blocked
▶ VIEW LIVE PROD REPORT — TODAY
NEW — HIPAA COMPLIANCE AUDIT
⚠ HEALTHCARE HIPAA COMPLIANCE AUDIT — April 15, 2026
9 Azure healthcare resources deployed → 28 compliance violations detected → 6 frameworks mapped → Per-resource evidence with remediation
LIVE AZURE SCAN — REAL HIPAA EVIDENCE
28
Total Findings
12
Critical
6
Frameworks
24
HIPAA Violations
LIVE EVIDENCE — PER-RESOURCE COMPLIANCE FINDINGS
TITAN AI Healthcare HIPAA Compliance Audit Dashboard
HIPAA AUDIT DASHBOARD — 28 Compliance Violations • 12 Critical • 9 Resources Scanned • 6 Frameworks Violated
Storage Account PHI Data Store - Live Azure Config Evidence
STORAGE ACCOUNT PHI DATA STORE — enableHttpsTrafficOnly: false • allowBlobPublicAccess: true • TLS1_0 — 5 HIPAA Violations
HIPAA Compliance Evidence - All Resources
Storage Account • Key Vault • NSG • SQL Server • App Service • VNet/Subnet — Each resource flagged with HIPAA section, severity, and remediation
IDS/IPS SCANNER — NETWORK & TRANSPORT SECURITY EVIDENCE
IDS/IPS Scanner Evidence - Network, Web App, Access Control
Network Intrusion Detection • Web Application Security • Access Control & Data Exposure — Real Azure scan with NIST/CIS compliance badges
▶ VIEW FULL HIPAA AUDIT REPORT 📄 DOWNLOAD PDF
NEW — PRODUCTION TEST
⚡ PRODUCTION TEST — April 14, 2026
22 REAL Healthcare + Banking resources deployed → ALL 26 agents scanned → 340 findings → Destroyed
REAL PRODUCTION DATA — NOT SIMULATED
340
Findings
296
Compliance
23
Auto-Fixes
16/16
Agents Pass
22min
Total Time
⚡ DEPLOY22 resources | Healthcare + Banking
🔎 26 agentsFull scan | 22 min
💣 DESTROYCleanup | $0.50 cost
☁ CLOUD SECURITY AGENTS
SCOUT ✔ LIVE
26 findings
🔴 2 Critical • 🟠 8 High
🟡 12 Medium • 🟢 4 Low
SQL, Storage, NSG, Key Vault
SENTINEL ✔ LIVE
53 pen tests
SQL injection, data exfil
SSH/RDP brute force
All attack vectors validated
FORGE ✔ LIVE
23 auto-fixes
HTTPS enforced, TLS 1.2
SQL firewall, NSG hardened
Zero failures, zero rollbacks
COMPLY ✔ LIVE
296 checks
HIPAA, SOC2, HITRUST
PCI-DSS, NIST, CIS
19 frameworks verified
TITAN AUDIT ✔ LIVE TESTED
80 controls45 evidence docs6 findings
45 PDFs + DOCX Report — audit-ready evidence packages
PCI-DSS, HIPAA, SOC2 • 6 resources • 25 permissions audited
Live tested — 6 PCI violations caught with visual proof & PDF evidence
❤ HEALTHCARE AGENTS
ENGAGE
Member risk scoring
4 high-risk flagged
$34K savings projected
VOICE
3 calls analyzed
QA Score: 83/100
2 compliance flags
PULSE
8,300 members
24.7% response rate
+2% improvement predicted
PREDICT
374 ER visits predicted
67 readmissions
$953K savings potential
🏦 BANKING AGENTS
AML
12 alerts analyzed
4 SAR filings recommended
$2.8M suspicious flagged
12.5 analyst hours saved
FRAUD
8 transactions scanned
5 fraud attempts blocked
Detection: <2 seconds
$31,949 fraud prevented
KYC
6 applications reviewed
1 PEP detected, 1 sanctions
3 min vs 2 weeks manual
95% time saved
📡 TELECOM + ENTERPRISE
TELCO
21 findings, 26 checks
4 TCPA violations
$6M fines prevented
CODE
5 ETL pipelines
1.46M records
Health Score: 72/100
SHADOW
Azure AD + Graph scan
Shadow IT detection
Identity risk assessed
22 healthcare + banking Azure resources deployed, scanned by all 26 agents, then destroyed. Total cost: $0.50. Zero errors.
▶ VIEW FULL PRODUCTION REPORT
26/26 agents TESTED — ZERO FAILURES
Production test: April 14, 2026 — 22 healthcare + banking resources, 340 findings, 296 compliance checks, 23 auto-fixes. All 26 agents. REAL Azure.
Latest lab test: April 13, 2026 — 17 vulnerabilities found, 17/17 auto-fixed (100% remediated in 90 seconds).
Previous lab test: April 12, 2026 — 20 findings → 4 after auto-fix (80% remediated).
Full pipeline: Deploy → Scan → Fix → Destroy in under 22 minutes. Every agent passes. Zero errors.

WANT THESE RESULTS FOR YOUR ENVIRONMENT?

We'll run the full TITAN pipeline on your Azure subscription — completely free, zero risk, read-only scan.

Same agents. Same pipeline. Your infrastructure. Your results in 15 minutes.

GET A FREE AUDIT VIEW PRICING