Talk to your AWS Cloud .

Sherpa is in early access — pricing will be announced before launch. Join the waitlist to be among the first to know.

It depends on what you connect. For cost and security, Sherpa is agentless — you grant scoped, revocable access through a standard cross-account IAM role, deployed by a CloudFormation template you review and approve before anything is created, and Sherpa reads what it needs through that role. For observability, Sherpa is built on OpenTelemetry: you install an OpenTelemetry (or AWS Distro for OpenTelemetry) Collector — as a host agent, an ECS/EKS sidecar, or a DaemonSet — that forwards your metrics, logs, and traces to your Sherpa endpoint. We provide ready-to-use Collector configs for every compute type, so you can review exactly what gets deployed before you install it. Permissions are least-privilege and tier with the plan: read-only on lower tiers, with additional write permissions only for the surfaces you opt into. You can revoke access at any time by removing the role, and remove observability by uninstalling the Collector. Questions about what's installed? Reach our team at info@sherpa-agent.com.

Most teams adopting Sherpa consolidate at least one or two of these single-purpose tools. For cost, Sherpa ingests your full cost and usage data and connects each line item back to the account, service, and idle resource driving spend — going further than dashboard-style cost tools. For security, Sherpa runs agentless cloud security posture management (CSPM) including identity and entitlements (CIEM), external attack surface analysis (ASM), and shift-left source-code scanning. For observability, Sherpa is compatible with open telemetry standards so you can either replace your existing observability tool or forward signals into Sherpa for cross-domain correlation. The thesis is that fragmented telemetry across four tools is the actual problem — Sherpa unifies them, not wins a one-on-one against any single category leader.

Your AWS environment data is stored in infrastructure scoped to your organization and kept fully separate from every other customer's — your data never co-mingles with another tenant's in the product. It is encrypted at rest and in transit, with least-privilege access, short-lived credentials, and role-based access control on every internal query path. You remain the owner and data controller of that data, and Sherpa acts as the processor. Sherpa is also actively pursuing SOC 2 Type II certification, with more certifications to follow as we grow.

The Knowledge Graph is a connected map of every resource, access role, cost line item, security finding, observability signal, and infrastructure-as-code artifact in your cloud environment — plus the relationships between them. When you ask Sherpa why your bill spiked, the graph traces the increase from the dollar amount back to the workload that drove it, back to the deployment that scaled it, back to the change request that introduced it. It is what lets Sherpa answer cross-domain questions — "which security findings sit on resources that also drive my top 10 cost lines?" — that traditional dashboards cannot. Layered with vector semantic search, it is the foundation everything else in Sherpa sits on top of.

Sherpa Automate is the action layer that turns a recommendation into a concrete, ready-to-apply change. Open any cost, security, observability, or cloud-inventory finding and Sherpa generates a step-by-step remediation plan for that exact resource — rightsize or schedule idle compute, stop or terminate unused instances, clean up unattached storage, fix risky security-group rules, and more — along with ready-to-deploy artifacts: a CloudFormation template (or change-set) and the equivalent CLI commands you can review and run. Nothing changes in your account on its own: every plan sits behind a Human-in-the-Loop approval gate that is on by default, decisions are tracked (resolved, acknowledged, or snoozed), and actions are recorded to an audit trail. Deeper auto-execution and multi-step orchestration are on the roadmap as higher-tier capabilities.

You've built the environment. Sherpa has shown you the cost picture, the security posture, the observability signals — the basecamp view. Now you want to explore the next frontiers: should we migrate this database to a managed service? What would a least-privilege access rollout across 40 accounts look like? How do we modernize this monolith without a 12-month rewrite? That's Sherpa Research. You give it a goal, it runs deep multi-source investigation grounded against your real environment data, drafts an architectural blueprint citing every source, and hands you a board-grade report in minutes instead of the weeks a human consultant would take. The roadmap adds proactive deep research (Sherpa kicks off investigations on its own when it spots anomalies) and cross-cloud comparative research as multi-cloud lands.

Sherpa is built for organizations running multiple cloud accounts under a single corporate umbrella. You connect once at the top of your account hierarchy and Sherpa unifies the data across every member account, preserving your existing access controls and business-unit boundaries. The data shows as a single estate but stays filterable by account, business unit, environment, or any tag dimension you already use. Permissions inherit from whatever cloud governance you already have in place — Sherpa never sees more than your existing controls allow.

Generic LLMs are excellent at general reasoning but they do not have your cloud environment data, your access structure, your bill, your security findings, or the relationships between them. Sherpa is a domain-specific agent — its underlying models are fine-tuned for cloud operations (infrastructure-as-code, access policy, cloud APIs), grounded against your live Knowledge Graph through retrieval-augmented generation, and constrained by guardrails that prevent hallucinated resource IDs or fabricated cost numbers. Every Sherpa Research report and every recommendation is explainable. No black-box answers.

Today Sherpa is AWS-only and we are going deep on AWS first. Native Azure and Google Cloud support is on the longer-term roadmap as part of a multi-cloud expansion. The architecture is already provider-agnostic underneath, which is why the expansion is a planned extension rather than a multi-year rewrite.

Sherpa is launching in 2026 in early-access waves to a small set of design partners first, then expanding outward. The waitlist is the single source of truth for access — there is no other way in right now. Smaller teams are getting first access; broader waves follow as the onboarding flow is polished and our SOC 2 Type II certification progresses.

Both. A grown environment sees the fastest savings because there's accumulated waste and usage history to mine, while a fresh build benefits from establishing cost, security, and governance guardrails from day one — with the data-driven savings recommendations sharpening over the first few weeks as usage accrues.

Ongoing. Sherpa continuously ingests your cost and usage data and refreshes its analysis — tracking cost trends, top movers, and Savings Plan coverage as you scale — so FinOps stays a living view rather than a one-time audit.

Sherpa is for everyone who interacts with the cloud — both the technical hands-on engineers running deployments day-to-day and the non-technical leaders trying to understand where the budget is going and whether the environment is secure. On the executive side: CFOs, CTOs, CISOs, and engineering VPs get plain-language briefings and dollar-impact summaries without clicking through dashboards. On the executioner side: FinOps practitioners, platform and security engineers, application developers, and operations teams get the detailed views, recommendations, and action surfaces they need to do the actual work. Same data, framed for the person reading it.

Sherpa isn't strictly read-only. To give you a complete, connected view, Sherpa sets up and maintains a small set of supporting resources in your account that are purpose-built for collecting your cloud data — all deployed through standard CloudFormation templates that you review and approve before anything is created, so you stay fully in control of what's added. And when it's time to act on what Sherpa finds, Sherpa Automate can carry out optimizations for you behind a Human-in-the-Loop approval gate, with every change logged to your audit trail.