AWS allegedly rolled back a fix: BeyondTrust said it discovered and reported the vulnerability to AWS on September 1, 2025, via the bug bounty platform HackerOne. AWS reportedly acknowledged receipt of the report and deployed an initial fix to production in November.However, BeyondTrust was informed a few days later that the initial fix was rolled back due to “other factors” and that AWS is working on a more robust solution. Finally, in December, AWS told BeyondTrust that a fix would not be made as the behavior is an “intended functionality” and instead updated their documentation to clarify that Sandbox mode permits DNS resolution. The BeyondTrust researcher received a $100 AWS Gear Shop gift card for the finding.An AWS spokesperson told CSO that all AWS services and infrastructure are operating as expected. “The Sandbox mode provides network access exclusively to Amazon S3 for your data operations, making it ideal for production workloads that rely on S3 data,” the spokesperson said. “DNS resolution is enabled to support successful execution of S3 operations.””Because AWS has determined this behavior is intended functionality and opted to update its documentation rather than issue a patch, security teams must proactively shift their defensive strategies,” Soroko said, recommending teams “inventory all active AgentCore Code Interpreter instances” and “migrate to VPC mode”.Varadarajan points to a more adaptive approach. “The correct architectural response is to instrument the execution environment itself with deception artifacts, canary IAM credentials, honey S3 paths, DNS sinkholes, that an effective agent will inevitably surface precisely because it’s doing its job well,” he said. AWS reportedly awarded the issue a CVSS Score of 7.5. The documentation now reflects the change in the Sandbox mode description, which says the mode “provides limited external network access” as opposed to “provides complete isolation with no external network access” earlier.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4146202/aws-bedrocks-isolated-sandbox-comes-with-a-dns-escape-hatch.html
