AI-Powered Attack Breaches AWS Environment in Under 10 Minutes
On November 28, 2025, a threat actor exploited exposed credentials in public Amazon S3 buckets to gain initial access to an AWS environment, escalating privileges to administrative control in just eight minutes. The attack, analyzed by Sysdig’s Threat Research Team (TRT), highlights the growing role of AI and large language models (LLMs) in accelerating cyber intrusions.
The attacker leveraged Lambda function code injection, repeatedly modifying an existing function (EC2-init) to target a user ("frick") with admin privileges. Once inside, they used AI-assisted techniques to automate reconnaissance, generate malicious code, and execute real-time decisions, significantly reducing the time defenders had to detect and respond.
Key tactics included:
- Programmatic interaction with AWS Marketplace APIs to access AI models (e.g., Claude, DeepSeek R1, Meta’s Llama 4 Scout) on the victim’s behalf.
- Cross-region inference profiles to distribute model invocations, complicating detection.
- Lateral movement across 19 AWS principals, including attempts to assume cross-account roles by enumerating account IDs some of which did not belong to the target organization.
- Provisioning GPU instances on EC2 for potential AI model development or resource abuse.
- Exfiltration of cloud data and abuse of Amazon Bedrock, an AI app-dev environment.
The attack’s speed and efficiency were attributed to AI-driven automation, with the threat actor writing code in Serbian and demonstrating advanced scripting techniques, including exception handling. Researchers noted hallucinated elements in the attacker’s scripts, further suggesting LLM assistance.
The initial breach stemmed from a basic security lapse: valid credentials left exposed in public S3 buckets, some named using common AI tool conventions. Experts emphasized that such oversights like relying on long-term IAM user credentials instead of temporary roles remain a persistent risk in cloud environments.
The incident underscores how AI is reshaping cyber threats, enabling attackers to execute complex operations with unprecedented speed and precision. As offensive AI tools improve, defenders face shrinking response windows, making runtime detection and least-privilege enforcement critical.
Source: https://www.darkreading.com/cloud-security/8-minute-access-ai-aws-environment-breach
Amazon Web Services (AWS) cybersecurity rating report: https://www.rankiteo.com/company/amazon-web-services
AWS Training & Certification cybersecurity rating report: https://www.rankiteo.com/company/aws-training-&-certification
"id": "AMAAWS1770152164",
"linkid": "amazon-web-services, aws-training-&-certification",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'type': 'Organization'}],
'attack_vector': 'Exposed credentials in public Amazon S3 buckets',
'data_breach': {'data_exfiltration': True,
'type_of_data_compromised': 'Cloud data, potentially '
'sensitive organizational data'},
'date_detected': '2025-11-28',
'date_publicly_disclosed': '2025-11-28',
'description': 'A threat actor exploited exposed credentials in public Amazon '
'S3 buckets to gain initial access to an AWS environment, '
'escalating privileges to administrative control in just eight '
'minutes. The attack leveraged AI and large language models '
'(LLMs) to automate reconnaissance, generate malicious code, '
'and execute real-time decisions, significantly reducing the '
'time defenders had to detect and respond.',
'impact': {'data_compromised': True,
'operational_impact': 'Administrative control gained, lateral '
'movement across 19 AWS principals, '
'potential AI model development abuse',
'systems_affected': 'AWS environment, Lambda functions, EC2 '
'instances, Amazon Bedrock'},
'initial_access_broker': {'entry_point': 'Exposed credentials in public '
'Amazon S3 buckets',
'high_value_targets': 'AWS admin privileges, '
'cross-account roles'},
'investigation_status': 'Analyzed',
'lessons_learned': 'AI-driven automation accelerates cyber intrusions, '
'reducing defender response windows. Basic security lapses '
'like exposed credentials remain a persistent risk. '
'Runtime detection and least-privilege enforcement are '
'critical in cloud environments.',
'post_incident_analysis': {'corrective_actions': 'Replace long-term '
'credentials with temporary '
'roles, enhance monitoring '
'of Lambda functions, '
'enforce least-privilege '
'access, secure public S3 '
'buckets',
'root_causes': 'Exposed long-term IAM user '
'credentials in public S3 buckets, '
'lack of least-privilege '
'enforcement, insufficient runtime '
'detection'},
'recommendations': 'Avoid long-term IAM user credentials; use temporary '
'roles. Monitor Lambda function modifications. Implement '
'runtime detection and least-privilege access controls. '
'Secure public S3 buckets and enforce strict credential '
'hygiene.',
'references': [{'source': 'Sysdig’s Threat Research Team (TRT)'}],
'response': {'third_party_assistance': 'Sysdig’s Threat Research Team (TRT)'},
'title': 'AI-Powered Attack Breaches AWS Environment in Under 10 Minutes',
'type': 'Cloud Breach',
'vulnerability_exploited': 'Exposed long-term IAM user credentials, Lambda '
'function code injection'}