AWS Bedrock DNS Exfiltration Flaw: What Network Engineers Need to Know About Cloud AI Sandbox Security
AWS Bedrock AgentCore Code Interpreter allows attackers to exfiltrate sensitive data using DNS queries even when running in “Sandbox” mode — and AWS says this is intended behavior, not a vulnerability. Security researchers from Phantom Labs and Sonrai Security have independently demonstrated that DNS resolution capabilities bypass sandbox isolation, enabling credential theft, S3 bucket enumeration, and full command-and-control channels through a protocol that every firewall permits by default. Key Takeaway: If your organization deploys AI agents with code execution capabilities in AWS, the word “sandbox” does not mean what you think it means — DNS-based exfiltration works regardless of network mode, and overpermissioned IAM roles turn a DNS covert channel into a full data breach. ...