{"data":{"id":"b251fdc1-7ebf-4985-8bd1-c00ea5377d55","title":"When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications","summary":"This research examines how attackers could exploit Amazon Bedrock's multi-agent systems (groups of specialized AI agents working together) through prompt injection (tricking an AI by hiding malicious instructions in user input), potentially discovering agent instructions and executing unauthorized tool actions. The study found no vulnerabilities in Bedrock itself, but highlighted a broader LLM challenge: these systems cannot reliably distinguish between legitimate developer instructions and adversarial user input. The research was conducted ethically on owned systems in collaboration with Amazon's security team.","solution":"Enabling Bedrock's built-in prompt attack Guardrail stopped the demonstrated attacks. Additionally, Amazon confirmed that Bedrock's pre-processing stages and Guardrails effectively block these attacks when properly configured.","labels":["security","research"],"sourceUrl":"https://unit42.paloaltonetworks.com/amazon-bedrock-multiagent-applications/","publishedAt":"2026-04-03T22:00:38.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon Bedrock","Amazon Bedrock Agents"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-03T22:00:38.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}