Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
The Bedrock AgentCore Starter Toolkit (a tool for building AI agents on AWS) before version v0.1.13 has a vulnerability where it doesn't properly verify S3 ownership (S3 is AWS's cloud storage service). This missing check could allow an attacker to inject malicious code during the build process (when the software is being compiled), potentially leading to code execution in the running application. The vulnerability only affects users who built the toolkit after September 24, 2025.
Fix: Update to Bedrock AgentCore Starter Toolkit version v0.1.13 or later.
AWS Security BulletinsA vulnerability (CVE-2026-4270) exists in AWS API MCP Server versions 0.2.14 through 1.3.8, which is software that lets AI assistants interact with AWS services. The bug allows attackers to bypass file access restrictions (the security controls that limit which files an AI can read) and potentially read any file on the system, even when those restrictions are supposed to be enabled.
Amazon SageMaker Python SDK (a library for building machine learning models on AWS) versions before v3.1.1 or v2.256.0 have a vulnerability where TLS certificate verification (the security check that confirms a website is genuine) is disabled for HTTPS connections when importing a Triton Python model, allowing attackers to use fake or self-signed certificates to intercept or manipulate data. This vulnerability has a CVSS score (a 0-10 rating of severity) of 8.2, indicating high severity.
TorchServe (a tool for running machine learning models in production) has a security flaw where its allowed_urls check (a restriction on which websites models can be downloaded from) can be bypassed using special characters like ".." in the URL. Once a model file is downloaded through this bypass, it can be used again without the security check, effectively removing the protection.
A vulnerability in sagemaker-python-sdk (a library for machine learning on Amazon SageMaker) allows OS command injection (running unauthorized system commands) if unsafe input is passed to the capture_dependencies function's requirements_path parameter, potentially letting attackers execute code remotely or disrupt service. The vulnerability affects versions before 2.214.3.
A vulnerability in the sagemaker-python-sdk library (used for machine learning on Amazon SageMaker) allows unsafe deserialization, where the NumpyDeserializer module can execute malicious code if it processes untrusted pickled data (serialized Python objects stored in a binary format). An attacker could exploit this to run arbitrary commands on a system or crash it.
Fix: Update Amazon SageMaker Python SDK to version v3.1.1 or v2.256.0 or later.
NVD/CVE DatabaseFix: The issue has been fixed by validating the URL without characters such as ".." before downloading (see PR #3082). TorchServe release 0.11.0 includes the fix. Users are advised to upgrade.
NVD/CVE DatabaseFix: Upgrade to version 2.214.3 or later. Alternatively, users unable to upgrade should not override the "requirements_path" parameter of the capture_dependencies function and instead use the default value.
NVD/CVE DatabaseFix: Upgrade to sagemaker-python-sdk version 2.218.0 or later. If unable to upgrade, do not process pickled numpy object arrays from untrusted sources or data that could have been modified by others. Only use pickled numpy object arrays from sources you trust.
NVD/CVE Database