AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

highnews

security

Source: The Hacker NewsMarch 23, 2026

Summary

AWS Bedrock is Amazon's platform for building AI applications that connect foundation models (pre-trained AI systems) to enterprise data and systems like Salesforce and SharePoint. Researchers discovered eight attack vectors that allow attackers to exploit this connectivity, including log manipulation (hiding their tracks in audit logs), knowledge base compromise (stealing enterprise data), agent hijacking (taking control of autonomous AI agents), and prompt poisoning (corrupting AI instructions).

Classification

Attack Type

Prompt InjectionModel PoisoningData ExtractionRAG Poisoning

Affected Vendors

Amazon

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Similar attackNVD/CVE Database

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

First tracked: March 23, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 92%