TITAN AI · CONDUIT Agent
CONDUIT TICKET REPORT
INCIDENT
GCP
Medium
New
Opened by TITAN AI · CONDUIT · Scanner found the finding, CONDUIT forwarded this incident via CONDUIT generic-API layer, assigned identity_and_access, populated every ticket field, The ticket is routed and awaiting team approval — CONDUIT will update it after TITAN FORGE applies the fix.
Finding Summary
- Short description
- [TITAN] Medium — security on sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceacco
- Severity
- Medium
- Priority
- 4 - Low
- Resource
- sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com
- Resource type
- iam.googleapis.com/ServiceAccount
- Cloud
- GCP
- Subscription / Account
- 4f29d094-1079-44c9-acb0-4d73a7a2dd34
- Resource group / Project
- GCP
The Security Finding
GCP service account 'sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com' has no usage in 120 days and no key rotation schedule. Orphan credentials widen credential-theft blast radius.
ITIL Change Management Fields
Justification
Medium: GCP service account 'sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com' has no usage in 120 days and no key rotation schedule. Orphan credentials widen credential-theft blast radius.
Implementation Plan
1. Pre-change snapshot captured by TITAN (auto-rollback available).
2. Execute fix command:
gcloud iam service-accounts delete sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com --project=adroit-terminus-234522 (after confirming no active consumers).
3. TITAN FORGE verifies the fix was applied.
4. Post-change rescan by TITAN SCOUT — finding must no longer appear.
5. Close ticket with Successful close_code.
Risk & Impact Analysis
Risk level: MEDIUM risk — weaker control, should be hardened.
Business impact if unremediated: Control weakness that compounds with other gaps.
Scope: single resource (sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com).
Blast radius: change is idempotent; pre-change snapshot captured by TITAN; auto-rollback available if rescan fails.
Finding detail: GCP service account 'sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com' has no usage in 120 days and no key rotation schedule. Orphan credentials widen credential-theft blast radius.
Backout / Rollback Plan
1. TITAN auto-captured snapshot of sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com before change (baseline: titan-3cloud-20260421T223919Z).
2. If post-change rescan still shows the finding OR a new issue appears within 15 min:
a. TITAN FORGE fires rollback automatically using stored snapshot.
b. Incident reopens and escalates to on-call.
3. Manual rollback command path (human override) is documented in close notes.
Test Plan
1. TITAN SCOUT rescans sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com immediately after FORGE applies the change.
2. PASS criteria: the specific finding no longer appears in SCOUT results.
3. PASS criteria: no new CRITICAL or HIGH findings introduced by the change.
4. Automated compliance check: HIPAA/PCI/SOC2 controls re-evaluated.
5. If any check fails, backout plan fires automatically.
Recommended Fix
gcloud iam service-accounts delete sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com --project=adroit-terminus-234522 (after confirming no active consumers).
Compliance Mapping
CIS 1.x IAMNIST AC-2SOC 2 CC6.1PCI DSS 3.5
Routing Metadata
- Assignment group
- identity_and_access
- Change type
- Incident
- Approval required
- No
- Planned start
- —
- Planned end
- —
- Scan ID
- titan-3cloud-20260421T223919Z
- Generated at
- 2026-04-21T22:42:21.083122+00:00
- Opened
- 2026-04-21 15:42:21
- Closed
- 2026-04-21 15:42:21
- Close code
- —
Attached Security Ticket
SERVICENOW · INCIDENT
SEC-8099 · [TITAN] Medium — security on sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceacco
Priority: Medium
INCIDENT
GCP
Ticket Description
GCP service account 'sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com' has no usage in 120 days and no key rotation schedule. Orphan credentials widen credential-theft blast radius.
Recommended Fix: gcloud iam service-accounts delete sa-titan-orphan-1324@adroit-terminus-234522.iam.gserviceaccount.com --project=adroit-terminus-234522 (after confirming no active consumers).
AI Close Notes
2026-04-21 15:42:21 - System Administrator (Work notes)
[TITAN CONDUIT] Incident auto-filed from security scan.
Detecting agent: unknown (scan titan-3cloud-20260421T223919Z).
Severity: Medium (priority 3).
This is a hygiene/access-control issue that does not require a formal approval window. Assign to the listed team and resolve per their standard runbook. TITAN will auto-detect clearance on the next scan.