Within ten minutes, attackers were able to obtain administrative access to an Amazon Web Services (AWS) environment by combining artificial intelligence (AI) with credentials they had already found. The event serves as further evidence of how AI is quickly becoming a force multiplier that allows threat actors to act faster than before. The Sysdig Threat Research Team (TRT) disclosed in a report released on Tuesday that a threat actor obtained initial access to the environment through credentials found in public Simple Storage Service (S3) buckets and swiftly escalated privileges during the attack, which spread laterally across 19 distinct AWS principals.

Throughout the November attack.

28, 2025, researchers found that the threat actor used large language models (LLMs) to automate reconnaissance, create malicious code, and make decisions in real time. The researchers noted, "Oddly, they included account IDs that did not belong to the organization: two IDs with ascending and descending digits... and one ID that may belong to a real external account. "This conduct is in line with trends that are frequently linked to hallucinations caused by artificial intelligence.Related: Google Gemini Vulnerability Makes Calendar Invites an Attack Vector ## AI as the Attack's Goal By focusing on the Bedrock implementation in the environment, the threat actor also carried out LLMjacking during the account.

A wide variety of AI models were used by the attackers, including several iterations of Anthropic's Claude, DeepSeek R1, Meta's Llama 4 Scout, Amazon's Nova and Titan models, and Cohere's embedding service. The attackers used programmatic interaction with AWS Marketplace APIs to obtain certain Claude models, accepting usage agreements on the victim's behalf. Additionally, they distributed model invocations across various AWS regions using cross-region inference profiles, a method that can enhance performance while making detection more difficult, according to the researchers.