{"data":{"id":"0062b70b-da9b-4948-83e3-8cbdd6f715da","title":"Secure AI agent access patterns to AWS resources using Model Context Protocol","summary":"AI agents access AWS resources through the Model Context Protocol (MCP, a system that lets AI tools interact with cloud services), but unlike traditional software with predictable behavior, agents can dynamically choose different actions based on context. The main security risk is that agents operate at machine speed and will use any permissions (IAM roles, API keys, or OAuth scopes) they're granted, so misconfigured access controls can cause large-scale damage quickly. The source recommends three security principles for controlling AI agent access to AWS resources, with an emphasis on using MCP servers rather than direct API access because MCP provides better monitoring and control.","solution":"The source recommends architecting agents to use MCP servers rather than direct service access where possible, because MCP servers provide a layer of abstraction that enables differentiation controls and creates additional monitoring capabilities through AWS CloudTrail. For agents on developer machines, developers should configure which AWS credentials the agent uses in their mcp.json file by specifying a named profile (which can use credential helpers and the credential provider chain for short-lived credentials), environment variables, or explicit credential configuration, rather than allowing agents to inherit broad developer admin credentials.","labels":["security","policy"],"sourceUrl":"https://aws.amazon.com/blogs/security/secure-ai-agent-access-patterns-to-aws-resources-using-model-context-protocol/","publishedAt":"2026-04-14T22:52:51.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["Amazon","Anthropic"],"affectedVendorsRaw":["AWS","Amazon Bedrock","Amazon Bedrock AgentCore","Claude","Claude Code","Kiro","Model Context Protocol"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-14T22:52:51.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}