Verify that the IAM changes observed were planned and are reasonably executed. For example, make sure new IAM policies grant access to specific resources and not all resources. If these IAM policy changes were not planned, immediately revoke them and investigate the source of the changes.