Introduction Building on recent research identifying DNS-based exfiltration risks in Sandbox mode AgentCore Code Interpreters, I identified global S3 access as another Command & Control channel for sandboxed code interpreters. Unlike DNS-based exfiltration, which has since been fully mitigated, S3 access is a useful and fully-documented feature of AgentCore code interpreters that nevertheless creates a…
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2026/04/global-s3-another-c2-channel-for-agentcore-code-interpreters/
