"When he got notified of exceeding the limit, he wandered off to his user settings and found out he could simply change the organization's budget limitations (to over $1M!) - even though he wasn't the admin. The admin received no notification."
"admins can increase the limit"
"Amazon Bedrock offers a pay-as-you-go pricing structure that can potentially lead to unexpected and excessive bills if usage is not carefully monitored"
An OX Security developer accidentally spent the firm's entire monthly budget in hours, exposing critical vulnerabilities in Cursor that allow large budget changes by non-admin users. Non-admins can modify organization spend limits, set caps above $1,000,000, or set 'unlimited' without admin notification. Cursor's spend protections exist but are not enabled by default, are reactive, and require manual configuration. Billing delays mean overspend can occur hours or days before detection. Amazon Bedrock shows similar default absence of built-in spend caps and warns pay-as-you-go pricing can lead to unexpected excessive bills without careful monitoring.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]