Sonrai Security Unveils WALLy: An AI Agent That Fixes Privilege Risk Before It Breaks the Cloud

Sonrai Security is bringing automation to one of the toughest headaches in cloud security — fixing excessive privilege access — with the launch of WALLy, a purpose-built AI security agent that doesn’t just detect risks, it resolves them.

The company, best known for pioneering Cloud Privilege Access Management (PAM) and the Cloud Permissions Firewall, says WALLy represents the next evolution of operationalized least-privilege enforcement: an AI assistant that acts like a policy engineer and incident responder rolled into one.

Fixing Risk, Not Just Finding It

Traditional tools in the identity and access management space can flood security teams with alerts about over-permissioned accounts, orphaned identities, and risky roles — but rarely take the next step of remediation. WALLy changes that calculus by automatically removing unused privileges, enforcing just-in-time (JIT) access, and quarantining suspicious identities across users, workloads, and even other AI agents.

“The hardest part of cloud security isn’t spotting risk—it’s fixing it without breaking things,” said Brendan Hannigan, CEO and co-founder of Sonrai Security. “With natural language queries and real-time privilege intelligence, teams ask a simple question, get a clear answer, and safely approve the fix. It’s a new way to enforce privilege security in the cloud.”

Every WALLy action is staged for human approval, wrapped in guardrails, and logged for auditability. In other words, the AI doesn’t freewheel—it operates as an intelligent, compliant co-pilot.

Beyond Chatbots: AI That Understands IAM

Unlike generic AI chatbots, WALLy is contextually aware of cloud IAM environments. It can distinguish between routine administrative behavior and dangerous privilege drift, offering concise, plain-language explanations for proposed actions.

In testing, the agent can execute complex remediation tasks such as:

• Removing ransomware-related privilege exposure in production systems

• Quarantining unused service accounts in staging

• Cleaning up stale access rights for AI agents across multiple clouds

• Summarizing user activity with natural queries like “What did Susan do in production yesterday?”

“Least privilege has always been a balancing act,” said Brendan Putek, Director of DevOps at Relay Network. “Tighten policies too much and you break workloads, leave them loose and you add risk. WALLy finally takes that burden off my team, giving us strong security policies without slowing down development.”

Integrating With the Cloud’s Native Controls

WALLy works hand-in-glove with Sonrai’s Cloud Permissions Firewall, leveraging AWS Service Control Policies, GCP Organization Policies, Azure equivalents, and other native IAM mechanisms to implement changes safely. It integrates directly with enterprise AI ecosystems, CI/CD pipelines, and compliance frameworks, so remediation decisions remain transparent and aligned with governance requirements.

The beta program is currently underway, with general availability planned for Q4 2025 for all existing Cloud Permissions Firewall customers.

A Broader Vision for Secure Automation

With WALLy, Sonrai Security is aiming to redefine what “intelligent remediation” looks like in the age of AI-driven infrastructure. The company argues that as machine identities, ephemeral workloads, and autonomous agents proliferate across cloud environments, privilege risk must be continuously managed by systems that understand both human intent and machine behavior.

If Sonrai succeeds, WALLy could represent the missing bridge between today’s fragmented IAM workflows and the self-healing cloud environments enterprises have long envisioned.