Every security scanner examines resources that exist. Nobody checks whether the resources your IAM policies reference actually exist. A deleted S3 bucket name referenced in an active policy is a structural hole — the permission is live, the resource is gone, and the name is reclaimable by any attacker. The absence is the evidence. In Arthur Conan Doyle's Silver Blaze, a prize racehorse is stolen from a guarded stable. Scotland Yard investigates the crime scene, interviews witnesses, examines evidence. They focus on what happened — what they can see, measure, and catalog. Sherlock Holmes solves the case by noticing what didn't happen. Is there any point to which you would wish to draw my attention? To the curious incident of the dog in the night-time. The dog did nothing in the night-time. That was the curious incident. The guard dog should have barked at an intruder entering the stable. It didn't. Therefore the person who took the horse wasn't a stranger. The dog knew them.…