Amazon is facing cybersecurity issues… because of AI!

Recent findings from the Sysdig threat research team highlight an alarming shift in the way malicious actors are using artificial intelligence (AI) to carry out cloud attacks. According to the report, attackers have drastically reduced the cloud attack cycle from hours to minutes, using AI tools such as language models to automate information gathering and the generation of malicious code.

Amazon against AI?

A notable case occurred in November 2025, when attackers obtained valid Amazon Web Services (AWS) credentials that were publicly stored in S3 buckets. In less than 10 minutes, they escalated from the initial credential theft to gaining administrative privileges, thereby compromising an AWS environment that included critical services such as Lambda, EC2, and CloudWatch.

During the operation, the attackers distributed their processes across 19 AWS principles and created a user with administrative access named “backdoor-admin.” This strategy demonstrates a remarkable sophistication in the persistence of their attacks. Additionally, security evasion techniques were employed, such as tools to rotate IP addresses, making it difficult to detect their activities.

The research also indicates that the use of language models allowed attackers to produce more effective code, including a script that featured comprehensive exception handling and comments in Serbian. Additionally, several AI-generated “hallucinations” were identified, such as attempts to assume roles in fictitious AWS account IDs and references to non-existent repositories.

Experts warn about the need to implement least privilege principles for all users and IAM roles, restrict certain permissions, and enable invocation logging to prevent future incidents. With the advancement of language model capabilities, it is likely that attacks of this kind will become more common, highlighting the urgency of strengthening defenses in the field of cybersecurity.