Skip to main content

Overview

Cloud Discovery extends Ayliea’s AI usage detection beyond network traffic analysis. By connecting your cloud provider accounts, Ayliea can directly read API audit logs to discover which AI models your organization is using. Currently supported:
ProviderSourceAI Services Detected
AWS CloudTrailCloudTrail LookupEvents APIAmazon Bedrock (Claude, Titan, Llama, etc.)
GCP Cloud LoggingCloud Logging entries.list APIVertex AI (Gemini, PaLM, etc.)

How It Works

Connection

  1. You create a read-only service account in your cloud provider
  2. Enter the credentials in Ayliea’s Organization settings
  3. Ayliea validates the credentials and saves them encrypted

Daily Polling

Ayliea polls your cloud provider once per day at 7:00 AM UTC:
  1. Reads API audit logs since the last successful poll
  2. Extracts model identifiers from each API call
  3. Maps model IDs to Ayliea’s AI tool catalog
  4. Creates a discovery scan record with the results
  5. Generates alerts for newly discovered platforms
  6. Checks results against your AI usage policies

Model Mapping

Cloud providers use internal model identifiers (e.g., anthropic.claude-3-sonnet-20240229-v1:0). Ayliea normalizes these identifiers and maps them to entries in the AI tool catalog, which provides:
  • Human-readable names
  • Vendor information
  • Risk classifications
  • Category assignments
Unmapped models appear with their raw cloud identifier and a default risk level.

Integration with Policy Engine

Discovered AI models are automatically checked against your organization’s AI usage policies. If a newly discovered model violates a policy rule:
  • A policy violation record is created
  • Webhook notifications are dispatched (if configured)
  • The violation appears on your Policy Compliance dashboard

Privacy

Cloud Discovery reads API call metadata only:
  • Model identifiers
  • Caller identities (IAM users, service accounts)
  • Timestamps and regions
  • API method names
Ayliea never accesses:
  • Prompt content or model inputs
  • Model responses or outputs
  • Request/response payloads
  • Any other cloud resources (storage, compute, databases)

Getting Started

AWS CloudTrail

Connect your AWS account to discover Bedrock usage.

GCP Cloud Logging

Connect your GCP project to discover Vertex AI usage.