NSAuditor AI Enterprise 0.18.1 is live on npm. It makes the tool’s read-only promise structural — a continuous-integration check that makes it impossible to ship a mutating cloud API call across all 28 plugins — and pairs it with the customer-facing read-only-credential requirement. Alongside it, three deeper GCP detection fixes close exposures the scanner had been silently walking past on already-covered controls. Plugin count is unchanged at 28, and all six compliance matrices (SOC 2, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, ISO/IEC 27001:2022, CIS Controls v8) are unchanged. This is substrate depth, not new scope.

Why false negatives are the dangerous defect class

A false positive wastes an analyst’s time. A false negative ships a “you’re secure” verdict over a live hole. The three GCP fixes in this release are exactly that class: the whole internet allowed through a split firewall rule, an offline-impersonable service-account estate hidden behind an unread graph edge, and a bucket whose every future object is born public.

Split-range firewall full-IPv4 coverage (plugin 1021)

A GCP INGRESS firewall rule whose sourceRanges are split but together cover the entire IPv4 internet — for example ["0.0.0.0/1","128.0.0.0/1"] — is functionally identical to 0.0.0.0/0, but it dodged the exact-string equality check and read clean. An attacker, or a careless template, opens the whole internet without ever writing the string a scanner greps for. A new zero-dependency helper parses each CIDR to a 32-bit interval, merges them, and flags the rule as the existing 0.0.0.0/0 exposure only when the union covers the whole space — a single /1 or partial coverage is not flagged. The emission preserves the existing anchor, so it routes to the same SOC 2 CC6.6 control across all six frameworks with no matrix change.

IAM impersonation-graph completeness (plugin 1025)

The service-account impersonation breadth-first search now fails closed instead of emitting a confident “no impersonation paths” over a graph it could not fully read. An evidence-gap now emits and suppresses the over-confident clean verdict whenever any input is degraded — a per-SA getIamPolicy denied, custom roles unavailable, or either the service-account list or the custom-role list paginated past the scan cap. Org- and folder-inherited IAM becomes an explicit disclosure caveat on the pass rather than a silent clean. Routes SOC 2 CC6.1 and HIPAA §164.312(a)(1).

Default-object-ACL public exposure (plugin 1024)

A bucket whose default object ACL grants allUsers or allAuthenticatedUsers makes every future object born public — and the auditor never read it. A new dimension reads the bucket’s default object ACL and raises the finding; an empty or non-array default ACL is anomalous and fails closed to an evidence gap, not a pass. Routes SOC 2 CC6.6, HIPAA §164.312(a)(1), and CIS Controls v8 3.3.

Read-only by construction

A new CI meta-test scans all 28 plugins plus the cloud utilities and fails the build on any mutating AWS command import or any Azure/GCP mutating method call. The tool now structurally cannot ship a create, write, modify, or delete cloud call. That engineering guarantee is paired with a binding requirement that customers supply read-only / least-privilege credentials: AWS ReadOnlyAccess or SecurityAudit, Azure Reader, GCP roles/viewer. NSAuditor AI reads configuration and metadata only and never needs write access — read-only scoping guarantees an audit cannot change your environment.

Availability

npm i -g nsauditor-ai@latest for the Community Edition, with the Enterprise package @nsasoft/nsauditor-ai-ee@latest (licensed) and the paired agent-skill nsauditor-ai-agent-skill@0.2.2. Twenty-eight plugins across AWS, Azure, and GCP; six compliance frameworks from one scan. Details at nsauditor.com/ai/enterprise.