← Back to BrewedIntel
vulnerabilitycriticalCredential ExposureDNS TunnelingSandbox Escape

Apr 07, 2026 • Ori Hadad

Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox

Unit 42 researchers discovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox environment that enable attackers to escape isolation...

Source
Unit 42 (Palo Alto Networks)
Category
vulnerability
Severity
critical

Executive Summary

Unit 42 researchers discovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox environment that enable attackers to escape isolation boundaries. The research demonstrates successful DNS tunneling techniques and credential exposure risks within the managed AI agent service. These vulnerabilities could allow threat actors to exfiltrate sensitive data or access credentials that should remain isolated within the sandbox. Organizations using AWS Bedrock AgentCore should monitor for indicators of sandbox escape attempts and implement additional security controls around AI agent deployments. AWS customers should review their AgentCore configurations and apply any available patches or mitigations recommended by Amazon.

Summary

Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42 .

Published Analysis

Unit 42 researchers discovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox environment that enable attackers to escape isolation boundaries. The research demonstrates successful DNS tunneling techniques and credential exposure risks within the managed AI agent service. These vulnerabilities could allow threat actors to exfiltrate sensitive data or access credentials that should remain isolated within the sandbox. Organizations using AWS Bedrock AgentCore should monitor for indicators of sandbox escape attempts and implement additional security controls around AI agent deployments. AWS customers should review their AgentCore configurations and apply any available patches or mitigations recommended by Amazon. Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42 . Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42 .

Read original source