NSAuditor AI Enterprise 0.18.3 is a false-negative hardening release. A false negative is the one defect class an audit tool must never ship: a false positive wastes an analyst’s time, but a false negative hands the customer a “you’re secure” verdict over a live hole. This release closes three more of them — each previously read CLEAN, each now fails closed.

Azure Key Vault: narrow-verb custom roles (plugin 1222)

Plugin 1222 flagged a custom Azure RBAC role as Key-Vault-privileged only when it granted a wildcard. But a role granting only a narrow data-plane verb read clean — even though that single verb is enough to walk off with your key material:

• keys/decrypt — use every vault key as a decryption oracle
• keys/unwrap — unwrap the CMK-wrapped data-encryption keys protecting Storage, Disk, and SQL data-at-rest
• keys/sign — impersonate the key
• keys/release / keys/backup — exfiltrate key material
• secrets/getSecret / secrets/setSecret — read or poison secret values

The detector now flags the full crypto/extraction verb set at RBAC parity with the legacy access-policy path, while read-metadata verbs (read, list, verify) stay excluded so least-privilege application roles aren’t over-flagged. The adversarial review caught a namespace bug in the first cut — the Azure RBAC dataAction operation IDs are keys/wrap / keys/unwrap, not the legacy access-policy spellings wrapKey / unwrapKey — which would have silently missed the most-deployed crypto grant.

GCP IAM: impersonation-BFS depth-cap truncation fail-close (plugin 1025)

The service-account impersonation breadth-first search bounds transitive chains at a fixed depth. A privileged service account reachable only via a hop beyond that cap was silently dropped — contributing to a confident “zero reachability paths” clean-graph verdict over an exploration that was actually truncated. The search now reports when it hits the cap with an unexplored frontier, which fires a completeness evidence-gap and suppresses the clean-graph PASS — the last completeness axis after the 0.18.x input-degradation fail-closes.

GCP IAM: SDK-absent fail-close + compliance routing (plugin 1025)

Three of the plugin’s six dimensions — custom-role permission audit, service-account key custody, and the entire SA-impersonation analysis — depend on an optional SDK. When it wasn’t installed, those dimensions silently emitted nothing: a scan reported zero impersonation findings and no gap, a false-clean over the whole privileged-access surface. They now fail-close to explicit evidence-gaps. The review then caught that two of those gaps matched no compliance anchor and routed to zero controls — a deeper, verdict-layer false-clean — now closed by additive routing anchors mapping them to SOC 2 CC6.1 + C1.1 and HIPAA §164.312(a)(1).

Why it matters

NSAuditor AI now degrades each of these to “we couldn’t verify this” instead of “looks fine” — and, crucially, routes that disclosure to the compliance controls it affects so the gap is visible at the verdict layer, not swallowed. Every fix was test-driven and put through an independent adversarial false-negative review, which caught a real defect in all three.

Plugin count is unchanged at 28; all six compliance matrices are unchanged at the count level (SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8) — additive routing anchors on already-covered controls, no new controls.

Availability

npm i -g nsauditor-ai@latest (Community Edition) and @nsasoft/nsauditor-ai-ee@latest (Enterprise, licensed). Paired agent-skill nsauditor-ai-agent-skill@0.2.4. 28 plugins across AWS / Azure / GCP and six compliance frameworks. Enterprise is a restricted package — see nsauditor.com/ai/enterprise/.