AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say

submitted by

www.theregister.com/2026/02/04/aws_cloud_breaki…

LLMs automated most phases of the attack A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.…

5
30
2

Log in to comment

Hot Top New Old

Given how much AWS is pushing vibe-coding, we’re now in the Leopard-Face-Eating territory.

 reply
7

Vibe hacking is the future. Really.

 reply
11

It’s going to be vibe hackers hacking vibe coded systems. Caaaaaant waaaaaiiiiit!

 reply
7

From the report that’s the source of this Register article (emphasis added):

The threat actor infiltrated the victim’s environments using valid test credentials stolen from public S3 buckets. These buckets contained Retrieval-Augmented Generation (RAG) data for AI models , and the compromised credentials belonged to an Identity and Access Management (IAM) user that had multiple read and write permissions on AWS Lambda and restricted permissions on AWS Bedrock. This user was likely intentionally created by the victim organization to automate Bedrock tasks with Lambda functions across the environment.

It is also important to note that the affected S3 buckets were named using common AI tool naming conventions, which the attackers actively searched for during reconnaissance.

https://www.sysdig.com/blog/ai-assisted-cloud-intrusion-achieves-admin-access-in-8-minutes

 reply
2

It’s absolutely one of the strongest applications of LLMs right now.

Very interested to see how things develop long-term though, since theoretically we should start seeing red team tools developed that can close the holes an attacker would be hunting. Granted, I think we’ll need at least another five years for true high-quality pentest agents, and offense will have the upper hand in the cat & mouse until then.

 reply
4

Comments in cybersecurity@infosec.pub

If your operation can be hacked by Clippy on Acid then it was not exactly Fort Knox to begin with.

 reply
12
OP

Clippy on Acid

Bro. That would fuckin awesome lmfao and way to cool for an LLM lol

 reply
4

Comments in Technology@lemmy.world

This is just poor security. Not like in TV/Movies where an “AI” was found “breaking layers of firewalls and encryption” or whatever 🤣

Somebody fucked up. Plain and simple.

 reply
28
Insert image