NSAuditor AI Enterprise 0.18.2 — Your Cloud Auditor Now Shows the “We Couldn’t Verify This” Gaps

MobNS

NSAuditor AI Enterprise 0.18.2 is live on npm, paired with Community Edition 0.2.3 and agent-skill 0.2.3. The release closes an honesty gap in the audit pipeline: the “we couldn’t verify this” evidence-gaps the cloud plugins emit are now visible end-to-end across AWS, Azure, and GCP — so an incomplete scan never quietly reads as a clean one.

Honest disclosures that the transport was dropping

Recent hardening cycles taught NSAuditor AI to fail closed: whenever a scan can’t read every input — a region errors, a response is truncated, a call hits AccessDenied — it emits an honest evidence-gap rather than a false-clean. But through the Claude Desktop / MCP transport, those gaps appeared only as a silent “LOW: N” severity count. A reviewer or AI agent could mistake an unread surface for a verified-clean one.

What’s new in 0.18.2

  • A collector that itemizes the gaps. The MCP scan_cloud summary now renders a dedicated “Evidence gaps (unverified)” section listing every gap-marked finding — severity-agnostic, and labeled so the agent reads it as “unverified posture, NOT clean.”
  • A CI producer-contract. A new build-time check fails the build if any cloud plugin discloses a gap as plain text without the machine-readable marker. It flagged five plugins — AWS S3, Azure Storage / NSG / Key Vault, and AWS IAM — and each was retrofitted, so their gaps now reach the transport too (GCP already did).
  • A read-only security fix. A scanner hardening closes a way a crafted plugin could have masked a mutating cloud call from the read-only enforcement check. The tool’s read-only-by-design guarantee is now enforced by a correct scanner.
  • Licensing / IP-protection. A proprietary LICENSE and the full EULA now ship inside the package, with strengthened anti-reuse, confidentiality, and ownership terms. No behavior change.

The bottom line

For teams and MSPs running cloud audits, the worst outcome is a “you’re secure” verdict over a surface the scanner never read. 0.18.2 makes sure that whoever — or whatever — is reading the report actually sees the gaps, across all three clouds, and the producer-contract keeps it that way for every future plugin.

Plugin count is unchanged at 28; all six compliance matrices are unchanged (SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8) — transport-layer and packaging hardening, no new controls.

Availability

npm i -g nsauditor-ai@latest (Community Edition) + @nsasoft/nsauditor-ai-ee@latest (Enterprise, licensed). Details at nsauditor.com/ai/enterprise.

Related Posts:

  • nsauditor-ai-ee-0-16-7-cloudtrail-multi-region
  • nsauditor-ai-ee-0-17-0-aws-region
  • nsauditor-ai-ee-0-18-1-readonly-gcp
  • nsauditor-ai-ee-0-16-0-per-account-cloud-scanning
  • nsauditor-ai-ee-0-18-0-gcp-false-negative-hardening