AI FinOps & Cloud Cost Agent

We fix your
cloud waste.
You don't
lift a finger.

Most FinOps tools hand you a dashboard and walk away. ScaleToZero is an agent — it finds waste across your entire AWS and AI stack, surfaces it in Slack with exact dollar amounts, and executes the fix the moment you approve. Human in the loop. Zero manual work.

Discover Your Hidden Cloud Waste → See how it works
5-min setup
Read-only access
Free Day 1 report
scaletozero — aws/prod — live scan
$ scaletozero scan --account prod --all → Authenticating via temporary STS role… ok → 17 detectors initializing… ok → Scanning EC2, EBS, Lambda, S3, SageMaker…   detector/zombie-gpu -$4,200/mo 3 instances detector/orphaned-ebs -$860/mo 12 volumes detector/stale-snapshots -$340/mo 47 snapshots detector/oversized-ec2 -$496/mo 2 instances detector/savings-plan-gap +$1,204/mo opportunity detector/weekend-idle -$320/mo 14 instances   RECOVERABLE $7,420/mo → $89,040/yr Report → Slack #finops ✓ $
$85K
Average annual savings per customer
$30–70K/mo AWS baseline
5 min
From signup to your first waste report
One IAM role. One CLI command.
17
Detectors across your entire stack
EC2, EBS, S3, Lambda, SageMaker, AI
Why ScaleToZero

Other tools point.
We fix.

Every other FinOps product gives you recommendations and expects your engineers to act on them. They never do. ScaleToZero closes that loop — it proposes the fix, waits for your approval, and executes. Nothing ever changes without your say-so. But when you say so, it's done in seconds, not sprints.

Every other FinOps tool
ScaleToZero
"You have 47 stale snapshots"
Deletes them on your one-click approval
Dashboard you check monthly, maybe
Slack alert the moment waste appears
Recommendations your team ignores
Fixes your team clicks in <10 seconds
Billed whether you save or not
Free until you see real $ on Day 1
No rollback, no undo, no safety net
24-hour undo on every single action
30%
of every bill
Across all organizations, an average of 30% of cloud budgets is pure waste — idle resources, forgotten instances, and oversized infrastructure silently draining every bill, every month.
McKinsey & Company  →  Read the full article
Built for teams running on
AWS
Slack
Terraform
Kubernetes
Datadog
How it works

Four steps from signup
to money back.

01

Create IAM Role

One CLI command generates a read-only IAM role via CloudFormation. No write permissions, no stored keys, no risk. Takes under 2 minutes. Revoke it any time from your AWS console with one click.

aws cloudformation deploy --template-file iam.yml
02

We Scan Everything

17 detectors sweep your account across EC2, EBS, Lambda, S3, SageMaker, and all AI spend. Real dollar amounts per resource — not estimates, not percentages, not vague categories. Done in under 5 minutes.

03

Get Your Free Report

Day 1 is completely free. You receive a full waste report: every finding named, every dollar quantified, every fix proposed. No action is taken. You can walk away with the report and never hear from us again.

04

Approve Fixes in Slack

From that point on, alerts land in your Slack channel the moment new waste appears. Click Approve and we execute the fix instantly. Changed your mind? Click Undo in the same thread — you have 24 hours.

The Slack experience

The fix is one
tap away.

No new tool to learn. No dashboard to check. ScaleToZero lives in the Slack your team already has open. Alerts arrive, you approve with a tap, confirmation lands in the same thread. The entire workflow happens without leaving your phone.

Slack
ScaleToZero 11:42 AM
#finops  ·  ScaleToZero
3 zombie GPU instances found in prod-us-east-1
Burning $4,200/mo at 2% CPU. Approve to stop + snapshot.
Slack
ScaleToZero 11:44 AM
#finops  ·  ScaleToZero
Done. 3 instances stopped & snapshotted.
Saving $4,200/mo from now. Undo available 24h.
Slack
ScaleToZero 9:00 AM
#finops  ·  ScaleToZero
Weekly report: Saved $6,840 this month.
12 fixes applied · 0 reverted · 3 pending your review.
What we detect

17 detectors.
Every dollar found.

DETECTOR 01

Zombie GPU Instances

EC2 with GPUs at near-zero utilization. The most expensive idle resource in any AWS account.

$1,500–4,000/mo each
DETECTOR 02

Orphaned EBS Volumes

Storage detached from any instance. Paying for disk connected to nothing, serving no one.

$50–200/mo each
DETECTOR 03

Stale EBS Snapshots

Old backups past any retention window, accumulating month after month in silence.

$200–800/mo total
DETECTOR 04

Oversized EC2 Instances

m5.4xlarge running at 8% CPU. Capacity you've never used, billed every single hour.

$200–500/mo each
DETECTOR 05

Weekend Idle Resources

Dev environments running Saturday and Sunday because no stop schedule was ever configured.

28% off dev spend
DETECTORS 06–17

+11 More Detectors

Lambda memory, S3 storage class, SageMaker notebooks, AI/LLM routing, Savings Plan gaps, and more.

Full list on request
Pricing

Start free. Pay when
the savings are real.

T0 — Free
Free Scan
$0

One-time, no commitment

  • Full scan, all 17 detectors
  • Exact $ amounts per finding
  • Read-only — nothing changed
  • Complete Day 1 waste report
Discover Your Hidden Cloud Waste
Most Popular
T1 — Observer
Observer
$499/mo

14-day free trial

  • Continuous 24/7 monitoring
  • Slack alerts for every finding
  • Human-approved fixes only
  • 24-hour undo on all actions
  • Full audit trail
  • Production always protected
Start 14-Day Trial →
T2 — Assistant
Assistant
$999/mo

 

  • Everything in Observer
  • Auto-execute low-risk fixes
  • 70% fewer manual approvals
  • Smart risk classification
  • Priority support
Get In Touch
T3 — Advisor
Advisor
$999/mo
+ 15% of savings

 

  • Everything in Assistant
  • Savings Plan management
  • AI Gateway + smart routing
  • PII shield for LLM calls
  • Semantic caching
Get In Touch
Security & Trust

We thought about safety
before you had to ask.

Read-Only by Default

Day 1 is a scan only. No write permissions until you explicitly upgrade. We cannot change anything you haven't allowed.

Human Approval Required

Every fix requires a click from your team. We show the finding, cost, and proposed action. You decide — always.

24-Hour Undo

All reversible actions can be undone within 24 hours directly from Slack. No support ticket, no delay, no questions.

Production Always Protected

Production-tagged resources are never auto-executed. They always require explicit manual approval on every tier.

Temporary Credentials

Credentials expire after 1 hour. No persistent tokens, no stored keys. We assume role, act, and release every time.

Full Audit Trail

Every scan, action, and approval is logged with timestamp and actor. A complete record of everything we've done.

This is a no-brainer

Find out what you're wasting.
It takes five minutes.

Read-only access. No commitment. Real dollar amounts on Day 1.
We fix what we find — only when you say so.

Discover Your Hidden Cloud Waste →
×
Free Cloud Waste Audit
See exactly where your cloud budget is leaking—in dollars.

Five short questions. Then a read-only connection to your AWS account. You get a written audit back—the same one McKinsey would charge $40k for—and we never touch a single resource.

Takes
~5 minutes
Access
Read-only. Revocable.
Deliverable
Full written audit
Cost
$0. No card.

SOC 2-aligned process · You can walk away at any step.

Question 1 of 5
What is your current monthly AWS spend?

A ballpark is fine. This sets the scale of waste we are likely to find.

Under $10k / month
$10k – $50k / month
$50k – $200k / month
$200k+ / month
Question 2 of 5
Which services account for most of your spend?

Pick the closest fit. It tells us which of the seventeen detectors will be most useful.

Compute: EC2, Lambda, containers
ML / GPU: SageMaker, training, inference
LLM / API spend: OpenAI, Anthropic, Bedrock
Storage & data: S3, EBS, snapshots
A mix of the above
Question 3 of 5
If we surface $30k/month in waste next week, who decides what to do about it?

We do not want to waste your time if the path to action is blocked.

I do—I own the infrastructure call
Me and one other (founder / CTO)
Committee—it will take a few weeks
Not sure yet
Question 4 of 5
When was your last serious cost audit?

No judgement. This calibrates how much low-hanging fruit we expect to find.

Never, or over a year ago
In the last 6 – 12 months
Within the last 3 months
We use Vantage / CloudHealth / similar
Question 5 of 5
Where should we send the report?

The audit arrives as a private link you can share with your founder or CFO.

We never share your email. Unsubscribe in one click.

Final step — read-only connection

Connect your AWS account (read-only).

You are about to create an IAM role in your AWS account that lets us read your resource inventory and usage metrics — nothing else. Read both cards below before you continue.

What we CAN see
  • • Resource inventory (EC2, RDS, S3 names)
  • • CPU, GPU, memory, network metrics
  • • Cost + billing data
  • • Tags + configuration
What we CANNOT do
  • • Stop, delete, or modify anything
  • • Read S3 object contents
  • • Read database rows
  • • Access secrets or env variables
What the command below does — line by line
  1. Writes a trust policy saying “only ScaleToZero can assume this role, and only when it presents this unique External ID” — this is the lock on the door.
  2. Creates an IAM role named ScaleToZero-Audit in your account.
  3. Attaches SecurityAudit — AWS’s own managed read-only auditing policy (view on AWS docs).
  4. Attaches ViewOnlyAccess — lets us list resource names and tags (view on AWS docs).
  5. Prints the role’s ARN — that’s the string you’ll paste below so we know which role to assume.

Both policies are AWS-managed — we can’t modify them. Your security team can open IAM in the console and verify the attached policies match what’s listed here.

1. Sign in to the AWS Console, then click the >_ CloudShell icon in the top navbar.
2. Paste the block below and press Enter. It will print an ARN (a line starting with arn:aws:iam::). Copy that ARN into the field underneath.
cat > trust-policy.json << 'EOF' { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::661103479434:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "" } } }] } EOF aws iam create-role --role-name ScaleToZero-Audit --assume-role-policy-document file://trust-policy.json > /dev/null aws iam attach-role-policy --role-name ScaleToZero-Audit --policy-arn arn:aws:iam::aws:policy/SecurityAudit aws iam attach-role-policy --role-name ScaleToZero-Audit --policy-arn arn:aws:iam::aws:policy/job-function/ViewOnlyAccess aws iam get-role --role-name ScaleToZero-Audit --query 'Role.Arn' --output text
Revoke any time
Run these two lines in CloudShell to fully remove our access:
aws iam detach-role-policy --role-name ScaleToZero-Audit --policy-arn arn:aws:iam::aws:policy/SecurityAudit
aws iam delete-role --role-name ScaleToZero-Audit

Typical scan time: 2–3 minutes.

Audit complete

Your report is ready.

A copy has been emailed to you. Open the full report in a new tab, then book a call to walk through it with us.

Monthly waste
Annualized
Findings
Open full report →
Recommended next step
A 30-minute walkthrough to confirm these numbers against your real invoices and unlock the redacted resource IDs.
Book your walkthrough →

No pitch deck. We read the findings line by line.