A sophisticated AI-assisted cloud intrusion was observed on November 28, 2025, in which an attacker gained full administrative access to an AWS account in just eight minutes.

The attack began with the threat actor using valid test credentials found in public S3 buckets that contained Retrieval-Augmented Generation (RAG) data. This initial access provided permissions to AWS Lambda, which became the central vector for privilege escalation.

The compromised S3 buckets contained AI-related data, and the associated IAM user had permissions to interact with Lambda and limited access to Amazon Bedrock. Sysdig researchers noted this user was "likely intentionally created by the victim organization to automate Bedrock tasks with Lambda functions across the environment."

Key attack vectors included:

• Stolen credentials from public S3 buckets
• Lambda code injection for privilege escalation
• Lateral movement across 19 unique AWS principals

Ram Varadarajan, CEO at Acalvio, stated: "In this threat environment, organizations have to accept that the speed of the breach has shifted from days to minutes. Autonomous intruders can now escalate from initial access to full administrative control in minutes."

Jason Soroko, Senior Fellow at Sectigo, warned: "Organizations must immediately shift to using IAM roles with temporary credentials, or they will continue to fall victim to these preventable breaches."

Security experts recommend:

• Limiting UpdateFunctionCode and PassRole permissions
• Using IAM roles with temporary credentials instead of long-lived access keys
• Monitoring for unusual Lambda function modifications
• Auditing S3 bucket permissions to prevent credential exposure

The research was conducted by the Sysdig Threat Research Team (TRT).