Comment by alexsmolen

I'm working on TrailTool, which aggregates CloudTrail for analysis in both UI and AI contexts. I've always found it tough to tie together CloudTrail logs into meaningful narratives useful not only for security investigations but also "role engineering" (i.e. reducing privileges on human-operated IAM roles). The idea is to make this info available via MCP for agent workflows as well, so you can get high quality, low latency, manageable context size CloudTrail data.

If you want to kick the tires, you an deploy a CloudFormation stack to a Sandbox AWS account - see https://trailtool.io/install.html