TL;DR: Cloud Ransomware in AWS The Cloud Ransomware Problem Ransomware in the cloud is fundamentally different from ransomware on servers or endpoints. Instead of relying on malware payloads, attackers:  In this new model, every action looks like normal cloud activity. There’s no malware payload to scan for and no unusual ... Read More

Drumroll, please… 🥁 After five weeks of countdowns, breakdowns, and some very lively conversations, we’ve finally reached the end of the Top 25 Most Risky AWS Privileged Permissions, plus a special bonus round for AWS Organizations. These permissions aren’t just “potentially risky.” They’ve been abused in real-world incidents to steal ... Read More

In my first article on Bedrock AgentCore Code Interpreters, I demonstrated that custom code interpreters can be coerced into performing AWS control plane actions by non-agentic identities. This presented a novel path to privilege escalation, whereby any user with access to custom code interpreters could effectively use any privilege assigned ... Read More

As July 2025 winds down, we’re back with this month’s roundup of newly released AWS privileged permissions — and this time, several new services have made their debut, each arriving with permissions that could reshape your cloud security boundaries. This month introduces fresh capabilities in Amazon Bedrock, Oracle Database@AWS, S3 ... Read More

AWS Bedrock makes it easy for cloud teams to build and deploy generative AI applications. With just a few clicks, developers can stand up agents that query company data, automate workflows, and interact with AWS services. But these new capabilities introduce new risks. The moment AI agents gain access to ... Read More

As June 2025 wraps up, we’re back with another monthly roundup of AWS privileged permission changes and service updates that could reshape your cloud security posture. Each month brings a wave of new permissions — and with them, potential pathways for unauthorized access, policy evasion, and abuse of trust boundaries ... Read More

For years, organizations have tried to retrofit Privileged Access Management (PAM) tools into the public cloud. Jump boxes. Vaults. Session recording. Manual provisioning. None of it scales and it doesn’t scratch the surface of the cloud privilege problem. Because cloud privilege isn’t about admin logins or shared root passwords. It’s ... Read More

As May 2025 comes to a close, we’re back with the latest roundup of AWS privileged permission updates and service-level developments reshaping cloud security. Tracking these changes is essential, as newly introduced permissions often grant deep access to critical services — opening doors to risks like lateral movement, data exposure, ... Read More

As April 2025 wraps up, we’re back with the latest roundup of AWS sensitive permission updates and key service developments shaping the cloud security landscape. Keeping pace with these changes is critical for protecting your environments—especially as newly introduced permissions can open pathways for risks like lateral movement, data exfiltration, ... Read More

AWS Identity and Access Management (IAM) is powerful, but it is also one of the most complex and frustrating aspects of cloud security. Security teams want to enforce least privilege, but AWS IAM’s additive permissions model, combined with multiple policy layers, makes it difficult to manage permissions efficiently. Developers, on ... Read More