CCloudScout Book demo

Read-only IAM · ledger-verified · billing-safe

AWS waste, found and verified in your ledger.

CloudScout runs three agents on your CUR + describe APIs. Scout files the finding. Advisor drafts the PR with a what-if delta. Verifier replays against the next CUR cut and writes one ledger event per validated dollar — the only thing that ever reaches billing.

Book a demo See how it works
SOC 2 controls catalog GDPR Article 17 path 30-day dispute window $5 chaos-lab cap
cloudscout · agent stream live
verified · 30d$31,420+18% week / week
findings shipped17all PR-attributed
disputes upheld2 / 41refunds auto-issued
scout brier (30d)0.092improving

What makes CloudScout different

A research-grade agent loop, not a dashboard with alerts.

Three primitives no other cost tool ships. Each one closes a specific failure mode of dashboard-only cost tools, and each one has a test that breaks if the safeguard regresses.

time-machine

Onboard against your last 90 days, not against an empty dashboard.

Day 0: paste your CUR. CloudScout replays Scout + Advisor + Verifier across the last 90 days and shows what the ledger would have looked like. The first sale no longer requires faith.

Why it matters: removes the “trust me, savings will show up” gap that kills cost-tool deals.

counterfactual lab

Every advisory carries the “what if we hadn’t shipped this” delta.

For each advisory, the lab runs the same workload against the un-modified IaC for 30 days and compares CUR slices. Counterfactual cost is what AWS would have charged. Realized cost is what they did. The gap is what the ledger pays out on.

Why it matters: separates “notional savings” from “actually cheaper bill”. Auditors love it. Finance teams pay only on the gap.

self-eval ledger

The agents grade themselves in public, every cycle.

Scout calibration (30d Brier), Advisor expected-value vs realized, Verifier dispute-overturn rate — all written to agent_eval_events with a replay hash. When an agent regresses, the ledger says so before a customer notices.

Why it matters: an agent product that can’t prove it’s improving is just a chatbot with extra steps.

How it works

Six steps. Read-only credentials throughout.

The only thing CloudScout ever holds is an ExternalId-bound read-only role. Mutations happen via PRs in your repo, on your runners, with your approvals.

  1. 01

    Connect

    CFN Launch-Stack URL with ExternalId-bound trust policy. iam:* mutation deny is unconditional.

  2. 02

    Scout

    CUR + describe APIs sweep IaC and unmanaged resources. Findings carry attribution + replay hash.

  3. 03

    Advise

    Advisor drafts a PR with a what-if delta + counterfactual cost. You accept, decline, or dispute.

  4. 04

    Ship

    Your CI ships the PR. CloudScout never holds a credential that can mutate infra.

  5. 05

    Verify

    Verifier replays the next CUR cut, writes one savings_verified event per validated $.

  6. 06

    Bill

    Only ledger-verified $ ever reach the invoice. 30-day dispute window. 30% hard cap.

Receipts, not slides

Every ledger event has a replay hash.

A real CloudScout pilot produces append-only paper. Below are three from a recent pilot — one verified, one in advisory, one disputed and reversed.

led-7421verified

+$8,420

ebs-gp2-to-gp3 · finding fnd-204 · advisor PR acme/infra#447 · replay hash 9f11…ad22 · CUR slice 2026-03 · cut 2026-04-01

adv-198advisory · pending

−$340/mo

sqs-short-poll · finding fnd-411 · 78% empty receives over 14d · counterfactual delta confirmed · awaiting customer merge of acme/infra#612

dsp-019dispute upheld · reversed

−$1,210

s3-incomplete-multipart · customer flagged that the abort was already configured upstream · verifier re-replayed against pre-change CUR · reversal written to override_outbox · refund auto-issued

Pricing

Pay on verified savings. Notional savings never billed.

Every percentage fee is gated by a savings_verified ledger event with a replay hash. Disputes raised within 30 days suppress the cut. Hard cap: CloudScout invoice never exceeds 30% of net AWS savings delivered that month.

Pilot

$0· 30 days, billing suppressed

  • Time-machine onboarding on your CUR
  • Findings + advisor PRs against your repo
  • Self-eval ledger fully populated
  • 30-day extended dispute window

Verify

$199/mo + 15% verified savings

  • Up to 3 AWS accounts, 90-day history
  • Counterfactual lab on every advisory
  • Slack alerts on high-σ anomalies
  • Replay-hashed receipts on every $ billed

Scale

$799/mo + 10% verified savings

  • Unlimited accounts, 365-day history
  • SSO/SAML, RBAC, audit log export
  • PagerDuty + custom webhooks
  • 24h SLA, priority dispute review

Enterprise

Custom· from $3K/mo + 7% verified

  • Self-host on your VPC (Postgres + DuckDB)
  • SOC 2 Type II report, BAA on request
  • Per-customer skill IDs + custom dispute SLA
  • Legal-reviewed contract, custom retention

30-minute demo · pilot enrolment optional

Bring a redacted CUR. Leave with a ledger you can audit.

We’ll run CloudScout against the last 90 days of your spend live on the call. You see the findings, the advisor PRs, the counterfactual deltas, and the receipts you’d be paid on under the verified-savings model.

  • Read-only IAM role; no mutating credential ever holds.
  • CUR ingested in-memory for the call; nothing persisted unless you opt into a 30-day pilot.
  • Pilot tier: 30 days, billing suppressed, every receipt written to a real ledger.
  • If we don’t find at least 5% verifiable AWS waste in the pilot, you owe nothing — that’s a contractual term, not a slogan.

Prefer email first? Send a redacted CUR to shubham@infivector.com and we’ll come back with the time-machine output inside 24h.

Tell us about your AWS spend

Used only to scope the live demo; never shown to anyone but us.