Amazon Quick AI Flaw Exposed Backdoor in Frontend-Only Permission Controls
Security researchers uncovered a critical vulnerability in Amazon QuickSight, Amazon’s AI-driven business intelligence platform, where custom permission settings designed to block AI chat agents for specific users were enforced only in the frontend leaving the backend API fully accessible.
The flaw, a CWE-862 missing authorization bug, allowed any user with a basic account to bypass UI restrictions by sending direct HTTP requests to the Chat Agent API. Despite the frontend graying out chat options, a simple POST request to https://quicksight.<region>.amazonaws.com/chat-agent with a JSON payload could still retrieve AI-generated responses even for prompts like "Tell me about mangoes" regardless of intended restrictions.
Key Details of the Vulnerability
- Frontend-Only Enforcement: The UI suggested AI chat was disabled, but the API lacked server-side validation.
- Default AI Agent Exposure: AWS automatically provisions a generic AI chat agent upon service activation, expanding the attack surface even when admins attempted to disable AI features.
- No Cross-Account Leakage: The flaw was contained within the same AWS account, preventing access to other tenants.
- Unauthorized Data Access: Users could extract insights from restricted datasets, violating confidentiality policies.
- Shadow AI Usage: Covert interactions with AI agents undermined audit trails and governance controls.
- Compliance Risks: Organizations under GDPR, HIPAA, or other regulations faced potential violations due to ineffective restrictions.
AWS Response & Timeline
- Disclosure: Fog Security reported the issue via HackerOne on March 4, 2026.
- Fix Deployment: AWS implemented a regional patch by March 11 and completed a global rollout by March 12, after which unauthorized API calls returned a 401 Unauthorized response.
- AWS Rating: Despite the fix, AWS classified the vulnerability as "none" and issued no public advisory, leaving many customers unaware their controls had been ineffective for over a week.
The incident highlights a persistent challenge in AI-enabled cloud platforms: security controls must be enforced consistently across both UI and API layers. As AI agents become more embedded in SaaS offerings, reliance on frontend restrictions alone creates dangerous blind spots.
Source: https://cyberpress.org/amazon-quick-flaw/
Amazon Quick cybersecurity rating report: https://www.rankiteo.com/company/amazonquick
"id": "AMA1778761660",
"linkid": "amazonquick",
"type": "Vulnerability",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Organizations using Amazon '
'QuickSight with AI chat '
'restrictions',
'industry': 'Technology/Cloud Services',
'location': 'Global',
'name': 'Amazon QuickSight',
'type': 'Business Intelligence Platform'}],
'attack_vector': 'API Abuse',
'data_breach': {'sensitivity_of_data': 'Confidential (potentially regulated '
'under GDPR/HIPAA)',
'type_of_data_compromised': 'Business insights from '
'restricted datasets'},
'date_detected': '2026-03-04',
'date_resolved': '2026-03-12',
'description': 'Security researchers uncovered a critical vulnerability in '
'Amazon QuickSight, Amazon’s AI-driven business intelligence '
'platform, where custom permission settings designed to block '
'AI chat agents for specific users were enforced only in the '
'frontend, leaving the backend API fully accessible. The flaw '
'allowed any user with a basic account to bypass UI '
'restrictions by sending direct HTTP requests to the Chat '
'Agent API, retrieving AI-generated responses despite intended '
'restrictions.',
'impact': {'brand_reputation_impact': 'Potential compliance risks and loss of '
'trust in security controls',
'data_compromised': 'Insights from restricted datasets',
'legal_liabilities': 'Potential violations under GDPR, HIPAA, or '
'other regulations',
'operational_impact': 'Violation of confidentiality policies, '
'undermined audit trails and governance '
'controls',
'systems_affected': 'Amazon QuickSight Chat Agent API'},
'investigation_status': 'Resolved',
'lessons_learned': 'Security controls must be enforced consistently across '
'both UI and API layers. Frontend restrictions alone are '
'insufficient for AI-enabled cloud platforms.',
'post_incident_analysis': {'corrective_actions': 'Deployment of server-side '
'authorization checks for '
'the Chat Agent API',
'root_causes': 'Frontend-only enforcement of '
'permission controls, lack of '
'server-side validation for API '
'access'},
'recommendations': 'Implement server-side validation for all API endpoints, '
'conduct regular security audits of AI features, and '
'ensure compliance with data protection regulations.',
'references': [{'source': 'Fog Security (via HackerOne)'}],
'regulatory_compliance': {'regulations_violated': ['GDPR', 'HIPAA']},
'response': {'communication_strategy': 'No public advisory issued by AWS',
'containment_measures': 'Regional patch deployed on March 11, '
'2026',
'remediation_measures': 'Global rollout of fix by March 12, '
'2026; unauthorized API calls returned '
'401 Unauthorized',
'third_party_assistance': 'Fog Security (via HackerOne)'},
'title': 'Amazon Quick AI Flaw Exposed Backdoor in Frontend-Only Permission '
'Controls',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CWE-862 (Missing Authorization)'}