⚠️ Region Alert: UAE/Middle East
Security researchers have identified significant security boundaries and resilience issues within Amazon Bedrock AgentCore. The investigation focused on the Code Interpreter's sandbox isolation mode, which was found to be bypassable using DNS tunneling. This allowed for bidirectional communication and data exfiltration from an environment that was previously described as having no external network access.
Furthermore, a critical security regression was discovered in the AgentCore Runtime. The microVM Metadata Service (MMDS) lacked session token enforcement, making it vulnerable to Server-Side Request Forgery (SSRF) attacks. This flaw could allow attackers to extract sensitive IAM credentials, potentially compromising the entire AWS account. AWS has since implemented remediations, including transitioning to MMDSv2 and updating documentation to reflect the limited nature of sandbox isolation.
Top comments (0)