Increased Delay and Errors in Asset Scanning (AWS Only)

Update timeline

1. investigating Dec 09, 2025, 07:27 AM UTC

   We are currently investigating an issue affecting Orca Security scans. At this time, AWS (only) scans will be blocked, and some assets may be missing or not updated, as a result of the ongoing issue. We are still determining the full scans impact. There is no impact to the Orca Security UI or API, and all non-AWS vendor scans continue to operate normally. Our engineering team is actively working to identify the root cause and restore full service. We will provide updates as more information becomes available.

2. identified Dec 09, 2025, 08:29 AM UTC

   The issue has been identified and a fix is being implemented.

3. identified Dec 09, 2025, 02:36 PM UTC

   We have deployed a fix across all regions and have begun validation. The following regions have been fully restored and validated: SA, ID, AU. We are continuing work to restore functionality in the remaining regions: US, EU, IN.

4. identified Dec 09, 2025, 04:41 PM UTC

   We are currently recovering from an issue that caused some AWS assets to be mistakenly hidden in the platform and certain alerts to be incorrectly marked as closed. The following regions have been fully restored and validated: SA, ID, IN, AU We are continuing work to restore functionality in the remaining regions: US, EU A fix has been deployed, and we are re-scanning impacted accounts to restore all missing assets and alerts. We will fully unblock AWS scans after the process will complete.

5. identified Dec 09, 2025, 07:02 PM UTC

   We continue AWS scans recovery - The following regions have been fully restored and validated: SA, ID, IN, AU, EU We are continuing work to restore functionality in the remaining regions: US We are re-scanning impacted accounts to restore all missing assets and alerts. We will fully unblock AWS scans after the process will complete.

6. monitoring Dec 09, 2025, 10:05 PM UTC

   AWS scan recovery has been completed. The US region has now been fully restored and validated, and all AWS scans are operating normally across all regions. We are currently assessing the full impact and conducting a root-cause analysis. We will share additional details once the review is complete. The environment is currently under close monitoring to ensure continued stability.

7. resolved Dec 10, 2025, 12:20 PM UTC

   The issue has been identified and fully remediated. All services are now functioning as expected. A comprehensive incident report, including the root cause analysis and corrective measures, will be provided once the review is complete. We appreciate your patience and understanding.

8. postmortem Dec 10, 2025, 01:25 PM UTC

   **Post-Incident Report & Root Cause Analysis** On 8th December, Orca's AWS asset-visibility pipeline experienced an unexpected interruption that temporarily affected how a limited subset of AWS assets appeared within the platform. Some customers observed a brief period where certain assets appeared missing and later re-appeared as newly or updated discovered assets. This document provides a high-level explanation of what occurred, the customer-facing impact, and the long-term corrective actions we have taken. ‌ **What Happened** Orca's cloud-asset modeling relies on a combination of AWS-hosted public endpoint and internal logic, to determine service availability. During the incident window, an unexpected change in the output of that AWS-hosted endpoint - caused Orca to incorrectly treat some AWS services as temporarily unavailable. As a result, some assets that relied on those API responses were not modeled during that cycle, which led them to appear temporarily unavailable in the platform. Once our engineering team identified and resolved the issue, a full re-scan of affected accounts restored complete and accurate asset visibility. However, it led to creation of some assets, as if they were newly discovered. ‌ **Customer Impact** The impact was limited to asset visibility only and affected a small subset of AWS accounts. No security, monitoring, alert logic, or runtime protection was disabled. ‌ **Root Cause** The underlying cause was the interaction of: - An AWS service change, affecting Orca's visibility of a certain API's availability - Our monitoring worked correctly, halting affected modeling to prevent propagation of incorrect data - but resulting in temporary asset suppression. - While the detection mechanisms behaved as designed, this combination created a unique scenario where asset visibility was interrupted before full context was available. ‌ **Resolution** Our engineering team implemented a fix to restore stable modeling logic and eliminate reliance on the affected API behavior. Scanning was re-enabled after validation and a full asset refresh was completed. Impacted assets should have now re-appeared and are accurately represented. ‌ **Closing Statement** We understand that uninterrupted asset visibility is essential for operational awareness and downstream automations. While this type of upstream behavior change is very unlikely and uncommon, our alerting and monitoring acted as intended - halting propagation of uncertain data until the issue was understood and resolved. Our R&D teams are already working on enhanced safeguards to reduce the likelihood of similar issues in the future. We acknowledge the temporary inconvenience caused particularly around "new asset" and alerts, and we are committed to ensuring even smoother resilience in the future.