Live exploit: Hijacking AWS AI agents

AI agents in Amazon Bedrock often possess broad permissions to interact with models and data. A single misconfiguration creates a "confused deputy" risk, allowing an attacker to manipulate the agent to exfiltrate training data or access restricted models. This 15-minute session is a live technical demonstration of this exploit and the native controls required to block it.

What the session will cover:

• The attack: A live execution of a confused deputy exploit to hijack an AI agent’s permissions.
• The prevention: Implementation of the specific Service Control Policies (SCPs) and identity boundaries that neutralize the attack path.
• Validation: A second exploit attempt to verify the enforcement successfully blocks unauthorized access.

The takeaway: Platform engineers will leave with an understanding of the policy logic needed to secure AI agent trust relationships in AWS.