AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Summary
Researchers discovered that Amazon Bedrock AgentCore Code Interpreter allows outbound DNS queries (the system that translates website names to IP addresses) even when configured with no network access, letting attackers steal data and run commands by using DNS as a secret communication channel. Amazon says this is intended functionality and recommends users switch to VPC mode (a virtual private network configuration) instead of sandbox mode for better isolation. Separately, a flaw in LangSmith (a tool for managing AI language model workflows) allows attackers to steal user login tokens through URL parameter injection (inserting malicious data into web addresses).
Solution / Mitigation
For Amazon Bedrock: migrate from Sandbox mode to VPC mode, implement a DNS firewall to filter outbound DNS traffic, audit IAM roles to follow the principle of least privilege (giving services only the minimum permissions they need), and use strict security groups and network ACLs. For LangSmith: update to version 0.12.71 or later (released December 2025), which addresses the token theft vulnerability.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/03/ai-flaws-in-amazon-bedrock-langsmith.html
First tracked: March 17, 2026 at 04:00 PM
Classified by LLM (prompt v3) · confidence: 92%