2026-06-01 –, Room 1
The Data perimeter is the gold standard for cloud-native security boundary in AWS. It combines all available preventive security tools and guardrails.
In this talk you will learn about a novel attack technique that exploits AWS Bedrock AgentCore’s identity service to establish a fully functional command and control channel (C2) capable of bypassing data perimeter controls - all while using legitimate capabilities. We will demonstrate how an attacker can use two covert channels hidden in plain sight: data exfiltration and unauthenticated data infiltration.
We will demo the complete C2 channel operating end to end - an attacker establishing persistence, issuing commands and exfiltrating sensitive data from an S3 bucket containing user records, all within an enforced data perimeter.
We will also walk through CloudTrail signals which will enable defenders to detect this activity and discuss why new AI services demand security assessment before adoption.
Dan Gansel is a cloud security specialist with deep expertise in cloud API research, secure cloud solutions and architecture design. Dan has led cloud security research teams and has a track record of uncovering novel attack techniques in cloud environments.
As a Security Researcher at Upwind Security, Dan continues to push the boundaries of cloud security, focusing on uncovering blind spots in the services organizations trust the most.