A method is disclosed for accessing a primary account maintained in a cloud environment, receiving information defining a structure of the primary account, the structure including a plurality of assets, and deploying, inside the primary account or a secondary account for which trust is established with the primary account, at least one ephemeral scanner configured to scan at least one block storage volume and output metadata defining the at least one block storage volume, the output excluding raw data of the primary account. The method further comprises receiving a transmission of the metadata from the at least one ephemeral scanner, excluding raw data of the primary account, analyzing the metadata to identify cybersecurity vulnerabilities, correlating each of the cybersecurity vulnerabilities with one of the assets, and generating a report correlating the cybersecurity vulnerabilities with the assets. Systems and computer-readable media implementing the method are also disclosed.