Identity & AccessApr 24, 2026
Our research reveals "Agent God Mode" in Amazon Bedrock AgentCore. Overly broad IAM permissions a...
Amazon Bedrock AgentCore 'Agent God Mode' vulnerability allows privilege escalation via overly broad IAM permissions.
Summary
Security researchers discovered a critical privilege escalation vulnerability in Amazon Bedrock AgentCore, dubbed 'Agent God Mode,' that exploits overly permissive IAM configurations. A compromised agent can leverage these broad permissions to escalate privileges across AWS accounts and extract sensitive data, including agent memories, through a multi-stage attack chain. The vulnerability highlights dangerous default IAM permission practices in managed AI services.
Entities
Amazon (vendor)Amazon Bedrock (product)AgentCore (product)AWS IAM (technology)