Security experts have reported a cloud breach where an attacker escalated privileges in an Amazon Web Services (AWS) environment, exfiltrated sensitive data, exploited Artificial Intelligence (AI) tools, and tried to take control of high-cost GPU computing resources.
After compromising an Identity and Access Management (IAM) role believed to be used for integration with an external platform, the attacker created a new administrator-level user. From there, they moved laterally across 19 unique AWS accounts, exploiting trusted roles due to insufficient monitoring.
According to Sysdig, the adversary enumerated logs, serverless function code, secrets, configuration files, and IAM Access Analyzer findings to determine possible paths of privilege escalation and unused permissions.
Ram Varadarajan, CEO at Acalvio, told Expert Insights the incident reflects a substantial shift in the threat landscape.
“Autonomous intruders can now escalate from initial access to full administrative control in minutes.” He added that defenders must “prioritize agentic cloud security with automated systems that match the machine-speed […] of AI-assisted attackers.”
AI Acceleration Meets Structural Weakness
The attacker then quickly pivoted to “LLMjacking,” abusing Amazon Bedrock to take advantage of various AI tools after confirming that model invocation logging was disabled.
They also staged infrastructure to launch GPU EC2 instances intended for machine learning-heavy workloads, successfully spinning up a high-end instance with a publicly accessible JupyterLab service before terminating it minutes later.
Shane Barney, Chief Information Security Officer (CISO) at Keeper Security, told Expert Insights how the attack did not rely on novel exploits.
“What stands out isn’t a breakthrough technique or a clever exploit. It’s how little resistance the environment offered once the attacker obtained legitimate access,” he said. According to Barney, AI primarily removed hesitation, collapsing reconnaissance, privilege testing, and lateral movement into “a single, rapid sequence.”
He warned that environments with overly permissive service accounts and execution roles enable attackers to escalate and persist quietly. “The underlying failure was structural. Identity and privilege boundaries were too loose for an environment operating at this scale,” Barney said.
Collectively, the incident reinforces a clear lesson for security leaders: as attackers automate decision-making with AI, defenders must implement least privilege policies, monitor activity in real-time, and utilize the same rigor for machine identities and automation as they do for human administrators.
