AI agents are rapidly transforming industries through autonomous planning, decision-making, and interaction with external environments. As cloud providers accelerate the deployment of services that simplify building these AI-driven applications, the security implications of this emerging technology remain largely unexplored.
This talk reveals concerning security issues discovered within AWS Bedrock Agents—demonstrating how attackers can exploit prompt injection and misuse integrated tools to compromise these agents. Specifically, our research uncovers techniques that lead to information leakage, agent hijacking, unauthorized tool execution, and manipulation of persistent agent memory. The issues originate from AI models' inherent probabilistic nature combined with inadequately secured prompt instructions, which attackers exploit to subvert internal planning and decision-making processes.
Although our research primarily examines AWS Bedrock Agents, the issues and attack techniques discussed extend broadly across similar agent frameworks. We will share our methodology, key findings, mitigation strategies, and highlight important open research questions. Our goal is to foster proactive dialogue among cloud security researchers, practitioners, and AI developers to address these emerging security challenges collaboratively.