AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

AWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatch

highnews

security

Source: CSO OnlineMarch 17, 2026

Summary

Researchers discovered that AWS Bedrock's Sandbox mode for AI agents isn't as isolated as promised because it allows outbound DNS queries (requests to translate domain names into IP addresses), which attackers can exploit to secretly communicate with external servers, steal data, or run remote commands. AWS acknowledged the issue but decided not to patch it, calling DNS resolution an 'intended functionality' needed for the system to work properly, and instead updated their documentation to clarify this behavior.

Solution / Mitigation

AWS updated documentation to clarify that Sandbox mode permits DNS resolution. Security teams should inventory all active AgentCore Code Interpreter instances and migrate to VPC mode (a more restricted network environment).

Classification

Attack Type

Data ExtractionDoS

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

Affected Vendors

Amazon

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

First tracked: March 17, 2026 at 08:00 AM

Classified by LLM (prompt v3) · confidence: 92%