Security Flaw in AWS Bedrock Enables DNS-Based Data Exfiltration from AI Sandboxes

A security flaw in AWS Bedrock's AgentCore component enables DNS-based attacks allowing AI sandboxes to exfiltrate cloud data. The vulnerability affects the AWS Bedrock Code Interpreter, though no specific CVE ID, dates, or affected versions were disclosed. The attack leverages DNS queries to bypass isolation mechanisms and extract sensitive information from cloud environments. No details on the discovery timeline or the entities responsible for identifying the issue were provided. The impact involves unauthorized data exfiltration from AWS cloud infrastructure via manipulated AI sandbox interactions.