In my first article on Bedrock AgentCore Code Interpreters, I demonstrated that custom code interpreters can be coerced into performing AWS control plane actions by non-agentic identities. This presented a novel path to privilege escalation, whereby any user with access to custom code interpreters could effectively use any privilege assigned to those code interpreters. The…
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/09/sandboxed-to-compromised-new-research-exposes-credential-exfiltration-paths-in-aws-code-interpreters/
