Forensic Summary
Amazon Bedrock AgentCore now enables production-grade agentic systems that combine RAG retrieval, persistent cross-session memory, and direct user-facing endpoints authenticated only via Cognito Bearer tokens — all surfaced through a single /invocations endpoint. This architecture creates compounded attack surfaces where adversarially crafted content in S3-backed knowledge bases can propagate through the retrieve_and_generate pipeline directly into technician workflows. The persistent AgentCore Memory layer introduces a new cross-session context poisoning vector that does not exist in stateless LLM deployments.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/first-look-agentcore-rag-agent-exposes-multi-layer-injection-and-data-poisoning/
Top comments (0)