← Back to BrewedIntel
vulnerabilityhighData ExfiltrationPrivilege Escalation

Apr 08, 2026 • Ori Hadad

Cracks in the Bedrock: Agent God Mode

Unit 42 researchers discovered a critical vulnerability dubbed 'Agent God Mode' in Amazon Bedrock AgentCore. The flaw stems from overly broad IAM permissions...

Source
Unit 42 (Palo Alto Networks)
Category
vulnerability
Severity
high

Executive Summary

Unit 42 researchers discovered a critical vulnerability dubbed 'Agent God Mode' in Amazon Bedrock AgentCore. The flaw stems from overly broad IAM permissions that can be exploited to achieve privilege escalation and enable data exfiltration. Attackers who gain access to an affected AgentCore instance could leverage these excessive permissions to move laterally across the AWS environment, escalate privileges beyond their intended scope, and exfiltrate sensitive data. Organizations using Amazon Bedrock AgentCore should immediately review and restrict IAM permissions to follow the principle of least privilege. Mitigation includes implementing strict access controls, monitoring for anomalous permission usage, and conducting regular security audits of IAM configurations to prevent exploitation of this attack vector.

Summary

Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42 .

Published Analysis

Unit 42 researchers discovered a critical vulnerability dubbed 'Agent God Mode' in Amazon Bedrock AgentCore. The flaw stems from overly broad IAM permissions that can be exploited to achieve privilege escalation and enable data exfiltration. Attackers who gain access to an affected AgentCore instance could leverage these excessive permissions to move laterally across the AWS environment, escalate privileges beyond their intended scope, and exfiltrate sensitive data. Organizations using Amazon Bedrock AgentCore should immediately review and restrict IAM permissions to follow the principle of least privilege. Mitigation includes implementing strict access controls, monitoring for anomalous permission usage, and conducting regular security audits of IAM configurations to prevent exploitation of this attack vector. Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42 . Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42 .

Read original source