AWS Bedrock DNS Exfiltration Flaw: What Network Engineers Need to Know About Cloud AI Sandbox Security

AWS Bedrock AgentCore Code Interpreter allows attackers to exfiltrate sensitive data using DNS queries even when running in “Sandbox” mode — and AWS says this is intended behavior, not a vulnerability. Security researchers from Phantom Labs and Sonrai Security have independently demonstrated that DNS resolution capabilities bypass sandbox isolation, enabling credential theft, S3 bucket enumeration, and full command-and-control channels through a protocol that every firewall permits by default. Key Takeaway: If your organization deploys AI agents with code execution capabilities in AWS, the word “sandbox” does not mean what you think it means — DNS-based exfiltration works regardless of network mode, and overpermissioned IAM roles turn a DNS covert channel into a full data breach. ...

March 17, 2026 · 2:01 AM MST · News & Trends

Google's $32B Wiz Acquisition Closes: What Network Engineers Need to Know About Cloud Security in 2026

Google completed its $32 billion acquisition of cloud security company Wiz on March 11, 2026 — the largest cybersecurity acquisition in history. Wiz’s Cloud-Native Application Protection Platform (CNAPP), which provides agentless security scanning across AWS, Azure, GCP, and Oracle Cloud, is now part of Google Cloud. For network engineers managing multi-cloud environments, this deal signals that cloud security posture management is no longer a separate concern from network infrastructure — it’s converging into the hyperscaler platforms you already manage. ...

March 12, 2026 · 2:15 AM MST · News & Trends