Cracks in the Bedrock: Agent God Mode
Summary
Amazon Bedrock AgentCore's starter toolkit automatically creates overly broad IAM roles (identity and access management policies that control what actions software can perform) that grant a single AI agent excessive permissions across an entire AWS account, enabling an attack called Agent God Mode. If compromised, an attacker could exploit these permissions to access other agents' memories, steal container images, and extract sensitive data. AWS updated its documentation to warn that the default roles are only for development and testing, not production use.
Solution / Mitigation
AWS documentation was updated to include a security warning, stating that the default roles are "designed for development and testing purposes" and are not recommended for production deployment.
Classification
Affected Vendors
Related Issues
Original source: https://unit42.paloaltonetworks.com/exploit-of-aws-agentcore-iam-god-mode/
First tracked: April 8, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%