"’ s default deployment configuration introduces an attack vector that we call agent god mode, because the overly broad iam permissions effectively grant an individual agent the “ omniscient ” ability to escalate privileges and compromise every other agentcore agent within the aws…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
88%
"escalation : unchecked access to code interpreters enables lateral movement. as recommended by the aws security team, customers should always create a custom, least - privilege iam role for production agents. this is the most effective mitigation to limit the potential impact of …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
88%
"ai agents across aws and azure environments. cortex ai - spm is designed to mitigate critical risks including, over - privileged ai agent access, misconfigurations, and unauthorized data exposure. cortex ai - spm helps enable security teams to enforce compliance with nist and owa…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
85%
"building and deploying ai agents on other platforms can require significant effort, aws has effectively streamlined this process with the agentcore starter toolkit. following our communication with aws, the aws security team provided the following statement : “ it is important fo…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
78%
"memory resources to store both long and short - term conversation state and context. an attacker who gains read access to this resource could exfiltrate sensitive interaction data between the ai agent and its users. the default iam policy generated by the toolkit reveals the perm…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
75%
"the resulting actions are performed using the interpreter ' s permissions, not the agent ' s. the default policy indicates that the invokecodeinterpreter action is granted on all code interpreter resources ( * ), as figure 5 shows. these permissions introduce the risk of a direct…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.009Cloud API
71%
"the default permission configurations, an attacker could : - exfiltrate : leverage ecr permissions to download the image of a high - value target. - extract : recover the memoryid from the container ' s static configuration. - execute : use the id to dump or poison the target ' s…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1526Cloud Service Discovery
48%
"misconfigurations and security gaps. if you think you may have been compromised or have an urgent matter, get in touch with the unit 42 incident response team or call : - north america : toll free : + 1 ( 866 ) 486 - 4842 ( 866. 4. unit42 ) - uk : + 44. 20. 3743. 3660 - europe an…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
44%
"cracks in the bedrock : agent god mode executive summary our first article about the boundaries and resilience of amazon bedrock agentcore focused on the code interpreter sandbox, and how it can be bypassed using dns tunneling. in this second part, we delve into the identity and …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
42%
"the default permission configurations, an attacker could : - exfiltrate : leverage ecr permissions to download the image of a high - value target. - extract : recover the memoryid from the container ' s static configuration. - execute : use the id to dump or poison the target ' s…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
39%
"##loads across the entire account. first, the attacker retrieves a valid ecr authorization token, as figure 7 shows. with these credentials, the attacker authenticates the docker cli and pulls the image of a target agent – or any other container in the registry – as detailed in f…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
34%
", contact the unit 42 incident response team. technical analysis identity and permissions are two of the most critical pillars of setting boundaries and maintaining isolation in cloud workloads and applications. we explain the default iam roles and permissions that are provisione…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks.