Meet Apex
Your AI-powered cloud cost agent. Ask questions in plain English, get instant answers, and execute guided cloud cost operations directly from your data.
us-east-1 launched 12 m5.2xlarge instances.View Resources →
Approve & Delete →
Create Purchase Plan →
See It In Action
Four real conversation flows — from simple queries to multi-step pipelines and commitment purchases.
How much are we spending this month?
Your 30-day spend shows $14,250 across 3 AWS accounts. Projected monthly: $16,400. Budget utilization: 75% of $22,000. Top drivers: EC2 ($5,420), RDS ($2,880), S3 ($1,340). No anomalies. 2 open high-severity findings.
Show me those high-severity findings
2 findings match severity=high: 1. Underutilized RDS (db.r5.xlarge, 12% CPU) — $620/mo savings 2. 7 unattached EBS volumes — $214/mo savings Recommended: Request auto-remediation for both.
Everything You Can Do
Organized into five categories — from read-only queries to approval-gated write actions.
Observability
4 capabilities"Give me an executive FinOps briefing""How much are we spending this month?""What are our top 5 AWS services by cost?""Any cost anomalies this week?"Governance
5 capabilities"Show open findings""What enforcement rules do we have?""Are we above budget thresholds?""What actions are waiting for approval?""Show our operational posture"Configuration
2 capabilities"Show connected cloud accounts""Is auto-remediation enabled?"Operations
6 capabilities"Load demo spend data for 30 days""Resolve the latest finding""Approve latest auto-remediation""Request auto-remediation for latest high finding""Verify the latest connected account""Negotiate our RI portfolio for next quarter"Knowledge
1 capability"Research latest AWS Graviton pricing trends"Four Steps, Every Time
You Type a Message
Natural language — questions, action requests, multi-step instructions, or contextual follow-ups.
AI Plans a Response
Identifies intent, extracts parameters, checks permissions, and builds an execution plan.
You Review the Plan
See capability, parameters, risk level, and action mode. Read actions run instantly; writes need APPROVE.
Results Delivered
Structured responses with summaries, data tables, recommendations, and links to dashboards.
Adapts to Your Style
Four instruction profiles control how the AI responds — from terse data tables to guided explanations.
Five Layers of Protection
The AI can never run arbitrary commands, access other workspaces, or execute without your explicit confirmation.
Capability Allow-List
Only registered capabilities execute. No arbitrary commands, scripts, or API calls.
Workspace & Identity Scoping
Every action is bound to your workspace and user identity. Zero cross-tenant access.
Single-Use Tokens
Write actions generate a unique JTI token. Once used, it cannot be replayed.
Explicit Approval
All write actions require APPROVE. The system shows exactly what will happen first.
Approval Workflows
High-impact actions go through full approval. An approver must review before execution.
Available on Every Plan
Core AI capabilities are free. Advanced features unlock with Pro and above.
| Feature | Explorer | Pro | Business | Enterprise |
|---|---|---|---|---|
| AI Queries | 10/day | Unlimited | Unlimited | Unlimited |
| Read Capabilities (13) | ✓ | ✓ | ✓ | ✓ |
| Write Capabilities (6) | ✓ | ✓ | ✓ | ✓ |
| Multi-Step Pipelines | — | — | ✓ | ✓ |
| Commitment Negotiator | — | — | ✓ | ✓ |
| Web Research | — | ✓ | ✓ | ✓ |
| Knowledge Base | — | ✓ | ✓ | ✓ |
| Instruction Profiles | Default | All | All | All + Custom |
| History Retention | 7 days | 90 days | 365 days | Unlimited |
Apex FAQ
Can the AI access my cloud credentials?
No. It uses the same secure connection layer as the rest of FinOps Co-Pilot. Credentials are never exposed in the conversation interface.
What if I APPROVE a write action by accident?
Write tokens are single-use. If the action succeeds, it runs once and only once. High-risk actions also require approval before execution.
Can I use it from Slack or Teams?
Approval actions are available via ChatOps (/finops approve, /finops reject). Full conversational access from Slack/Teams is on the roadmap.
How accurate is the spend data?
Apex queries the same underlying data as every dashboard. If ingestion is up to date, responses match what you see everywhere else.
Can I restrict who uses Apex?
Yes. It respects page and action permissions. Users without access won't see it in navigation, and can't execute restricted actions.
Is my conversation data used for AI training?
No. Conversations are stored in your workspace database only. They are not sent to any external training pipeline.
Try Apex
Free trial. Guided workflows unlocked. No credit card required.