XM Cyber maps eight validated AWS Bedrock attack vectors across connected enterprise integrations
Technical Analysis
Summary
Hide ▲
Show ▼
XM Cyber mapped eight validated attack vectors in AWS Bedrock, showing how over-privileged permissions can expose logs, knowledge bases, agents, flows, guardrails, and prompts. The findings matter because a single compromised identity can redirect telemetry, steal data, inject code, or alter AI behavior in-flight. The attack paths span cloud services such as S3, Lambda, Salesforce, SharePoint, Pinecone, and Redshift. The work shows that Bedrock risk is driven by the surrounding integrations and controls, not only the model itself.
Related Happenings
Cisco findings on multi-turn guardrail bypass in major LLMs
Technical Analysis
First: 27.05.2026 16:00
Last: 27.05.2026 16:00
Sources 1
About this happening:
Cisco researchers found that **multi-turn prompting** can bypass safety guardrails in **major LLMs**, increasing the risk that enterprise AI deployments overestimate their protect...
Cisco findings on multi-turn guardrail bypass in major LLMs
Technical AnalysisAbout this happening: Cisco researchers found that **multi-turn prompting** can bypass safety guardrails in **major LLMs**, increasing the risk that enterprise AI deployments overestimate their protect...
AWS exposed-key hardening guidance for Amazon SES phishing abuse
Defensive Guidance
First: 04.05.2026 23:03
Last: 04.05.2026 23:03
Sources 1
About this happening:
**Kaspersky** urged organizations to harden **AWS IAM** and credential handling after **exposed access keys** were linked to phishing delivery through **Amazon SES**, reducing the...
AWS exposed-key hardening guidance for Amazon SES phishing abuse
Defensive GuidanceAbout this happening: **Kaspersky** urged organizations to harden **AWS IAM** and credential handling after **exposed access keys** were linked to phishing delivery through **Amazon SES**, reducing the...
AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode
Technical Analysis
First: 16.03.2026 15:00
Last: 16.03.2026 15:00
Sources 1
About this happening:
Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...
AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode
Technical AnalysisAbout this happening: Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...
Russian-speaking hacker AI-assisted FortiGate breach campaign
Campaign
First: 21.02.2026 15:50
Last: 21.02.2026 15:50
Sources 1
About this happening:
The **Russian-speaking** threat actor ran an **AI-assisted FortiGate breach campaign** from **January 11 to February 18, 2026**, compromising **over 600 FortiGate devices** across...
Russian-speaking hacker AI-assisted FortiGate breach campaign
CampaignAbout this happening: The **Russian-speaking** threat actor ran an **AI-assisted FortiGate breach campaign** from **January 11 to February 18, 2026**, compromising **over 600 FortiGate devices** across...
Publicly exposed training and demo apps in cloud environments are being abused at scale
Target Trend
First: 11.02.2026 13:30
Last: 11.02.2026 13:30
Sources 1
About this happening:
Publicly exposed **training and demo applications** are showing up at scale in **AWS, Azure, and GCP**, turning lab systems into real cloud footholds. Researchers verified **nearl...
Publicly exposed training and demo apps in cloud environments are being abused at scale
Target TrendAbout this happening: Publicly exposed **training and demo applications** are showing up at scale in **AWS, Azure, and GCP**, turning lab systems into real cloud footholds. Researchers verified **nearl...
Timeline
-
23.03.2026 13:55 2 articles · 2mo ago
XM Cyber discloses eight AWS Bedrock attack vectors
Initial DisclosureOn 2026-03-23, XM Cyber publicly mapped eight validated attack vectors in AWS Bedrock, showing how over-privileged access to logging, Knowledge Bases, Agents, Flows, Guardrails, and Prompt Management can redirect logs, expose enterprise data, inject malicious code, and alter AI behavior across connected enterprise systems.
Show sources
- We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them — thehackernews.com — 23.03.2026 13:55
- We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them — thehackernews.com — 23.03.2026 13:55