This detection rule is designed to identify when AWS KMS keys are created with an encryption policy that allows the `kms:Encrypt` action to be accessed by all principals, including external entities. It utilizes AWS CloudTrail logs to detect `CreateKey` and `PutKeyPolicy` events. The presence of such a broad encryption policy can signal potential account compromise, enabling attackers to misuse the encryption keys, which may affect other organizations. This can lead to unauthorized encryption of data, threatening operational continuity and sensitive information security across multiple entities. It's crucial to monitor and respond to such activities to mitigate risks associated with compromised AWS accounts.