"Bedrock logs every model interaction for compliance and auditing. This is a potential shadow attack surface. An attacker can often just read the existing S3 bucket to harvest sensitive data."
"An attacker with s3:DeleteObject or logs:DeleteLogStream permissions can scrub evidence of jailbreaking activity, eliminating the forensic trail entirely."
AWS Bedrock enables developers to build AI applications by connecting foundation models to enterprise data. This connectivity, while powerful, creates vulnerabilities. The XM Cyber threat research team identified eight attack vectors that exploit this connectivity, including log manipulation and agent hijacking. Each vector begins with low-level permissions and can lead to significant breaches. For instance, attackers can manipulate model invocation logs or compromise knowledge bases, potentially accessing sensitive enterprise data and eliminating forensic trails of their activities.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]