One of the coolest security prototypes I've seen was a program that could automatically find attack paths given access control policies (like IAM roles or Kubernetes roles)
So if role X was compromised, and it shared resources with role Y, which shared resources with role Z, it would show that
This is definitely something that should exist (maybe as a company?)
