Feb Recap: New AWS Privileged Permissions and Services
嗯,用户让我总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我需要仔细阅读这篇文章,抓住主要信息。 文章讲的是AWS权限扩展在2026年2月的变化,重点从基础设施转向生成式AI供应链。特别是模型完整性和深度遥测。新增权限允许创建微调作业,可能被用于模型中毒。Sonrai的安全防火墙帮助识别这些高风险权限。 接下来,我要把这些要点浓缩成100字以内。确保涵盖时间、变化、新增权限的影响以及解决方案。 可能的结构:时间点、变化方向、新增权限及其风险、解决方案。 然后检查字数,确保不超过限制。同时避免使用“文章内容总结”之类的开头词。 最后,通读一遍,确保流畅准确。 </think> 2026年2月,AWS权限扩展重点转向生成式AI供应链,新增权限聚焦模型完整性和深度遥测。新增的bedrock-mantle:CreateFineTuningJob权限允许创建微调作业,可能被用于模型中毒攻击。Sonrai的安全防火墙帮助识别这些高风险权限。 2026-3-2 13:58:55 Author: securityboulevard.com(查看原文) 阅读量:13 收藏

As February 2026 comes to a close, the focus of AWS permission expansion has moved from core infrastructure to the Generative AI supply chain. This month’s review of newly released permissions highlights a strategic pivot toward model customization and deep-tier telemetry. While the volume of new privileged actions is lower than in January, the impact of these specific permissions is profound, targeting the very logic and safety of the AI models organizations are increasingly relying on.

The central theme for February is “Model Integrity.” With the introduction of fine-tuning capabilities within the Bedrock Mantle ecosystem, the risk surface has shifted from “who can access the data” to “who can influence the model’s behavior.” As AI agents become more autonomous, the ability to subtly alter a model’s training via fine-tuning permissions represents a new frontier for persistence and defense evasion that security teams must prioritize.

Existing Services with New Privileged Permissions

Amazon Bedrock Mantle

Service Type: Artificial Intelligence & Machine Learning

Permission: bedrock-mantle:CreateFineTuningJob

  • Action: Grants permission to create a fine tuning job
  • Mitre Tactic: Resource Development
  • Why it’s privileged: Allows an attacker to “poison” a model by training it on a malicious dataset. This can create a compromised AI that ignores safety filters, leaks sensitive data, or provides intentionally harmful responses to specific prompts.

New Services with Privileged Permissions

Amazon Inspector2 Telemetry Channel

Service Type: Security and Compliance

No privileged permissions

Conclusion

The February updates serve as a reminder that cloud privilege is a moving target. As AWS matures its AI offerings, the “keys to the kingdom” are no longer just found in IAM or S3 policies; they are now embedded in the permissions that govern Machine Learning lifecycles. The ability to fine-tune a model is, in essence, the ability to rewrite the rules of an organization’s internal intelligence.

Sonrai Security’s Cloud Permissions Firewall continues to adapt alongside these shifts. By automatically identifying these high-risk AI permissions and mapping them to the MITRE ATT&CK framework, we ensure that your transition to agentic AI doesn’t come at the cost of your security posture. In an era where a single fine-tuning job can compromise an entire application’s logic, achieving true least privilege is the only way to ensure your AI stays on your side.

*** This is a Security Bloggers Network syndicated blog from Sonrai | Enterprise Cloud Security Platform authored by Karen Levy. Read the original post at: https://sonraisecurity.com/blog/feb-recap-new-aws-privileged-permissions-and-services-2026/


文章来源: https://securityboulevard.com/2026/03/feb-recap-new-aws-privileged-permissions-and-services/
如有侵权请联系:admin#unsafe.sh