Appearance

Introduction

Escher is a CloudOps AI Agent — not a dashboard, not a copilot, not a runbook executor.

It autonomously executes multi-step analysis and remediation across AWS and Azure, covering cost optimization, security, compliance auditing, IAM review, infrastructure operations, DevOps, and data management.

What Escher is

Cloud operations today is dominated by dashboards that overwhelm, runbooks that drift, tribal knowledge that disappears, and automation that is either too brittle or too scary to trust.

Escher's design goal is to become the "Claude Code moment" for cloud estate management: a system where cloud operations becomes a conversation grounded in evidence, and where every persona — founder, SRE, FinOps analyst, compliance officer — becomes dramatically more productive.

What makes it an agent, not a copilot

A copilot assists a human who drives. Escher drives.

  • It reads your cloud estate autonomously
  • It produces Findings with attached evidence
  • It proposes Plans with blast-radius analysis
  • It materializes exact execution Bundles for your review
  • It executes, pauses, and produces an Evidence trail — without you scripting each step

The human remains in the loop at each approval gate. Autonomy is not the starting point — it is the outcome of trust built through transparency and consistent correctness.

Who it's for

PersonaWhat Escher does for them
Founder / ArchitectInstant estate visibility. Cost and security posture on day one, without hiring a dedicated FinOps or SecOps team.
SRE / OpsIncident triage with estate-grounded context. Automated playbook execution with full step-by-step audit trail.
FinOps AnalystContinuous cost anomaly detection across AWS and Azure. Savings recommendations with evidence, not guesswork.
Security / ComplianceSOC 2, GDPR, HIPAA, ISO 27001, PCI-DSS audits on demand. Per-control findings with remediation paths.
Platform / Infra EngineerIAM analysis, privilege escalation detection, configuration drift. Plans that can be reviewed before execution.

The ARR Loop

Every interaction in Escher follows the same cycle:

Analyze → Recommend → Resolve

Analyze: Observe the cloud estate under the current Observer Context. Materialize an EstateView. Produce Reports. Derive Findings with rationale and evidence.

Recommend: Turn Findings into Plans (developed intent). Materialize Bundles (exact execution steps). Surface blast radius and tradeoffs. Encourage deliberate review.

Resolve: Execute approved Bundles step-by-step. Produce Evidence. Close Findings. Feed learning back into the system.

Each phase produces durable artifacts. Nothing is lost, nothing is rewritten.

Seven skill verticals

VerticalWhat it covers
FinOpsCost anomaly detection, idle resource identification, savings modelling across AWS and Azure
SecOpsNetwork exposure, public ingress/egress, storage misconfiguration, security posture baseline
ComplianceSOC 2, GDPR, HIPAA, ISO 27001, PCI-DSS control mapping and gap analysis
IAMRole trust chain analysis, privilege escalation paths, access key audit, CloudTrail/Activity Log queries
Infra OpsEstate inventory, resource topology, drift detection, environment-scoped analysis
DevOpsDeployment health, change risk assessment, incident triage, RCA drafting
Data OpsDatabase configuration, backup compliance, data residency, access controls

Architecture in one paragraph

Escher is a local-first desktop application (Tauri, cross-platform) connected to a thin backend of stateless agents. The desktop app holds your cloud credentials, assembles estate context locally via an embedded RAG layer, and routes prompts through a Gateway to the appropriate domain agent. The backend agents are stateless — they receive fully-assembled context, reason over it, and return structured responses. Nothing about your cloud estate is persisted on Escher's servers.

Next steps

Escher — Agentic CloudOps by Tessell

© 2026 Tessell, Inc.