Amazon Web Services has instituted mandatory peer review requirements following a service disruption linked to its Kiro AI coding assistant, underscoring critical access control vulnerabilities in agentic AI implementations.
Amazon Web Services has implemented new operational safeguards after an internal incident involving its Kiro AI coding tool resulted in service disruption. The December 2025 event affected AWS Cost Explorer in one Mainland China region for 13 hours, according to sources familiar with the incident.
Kiro, AWS's agentic coding service launched last year, converts natural language prompts into functional code for production environments. The tool was designed with safeguards against known AI development pitfalls like unintended data deletion. However, during troubleshooting activities, Kiro reportedly executed a "delete and recreate the environment" command that triggered the outage.
AWS disputes characterization of the incident as AI failure. A company spokesperson stated: "This brief event resulted from user error—specifically misconfigured access controls—not AI. The interruption affected only AWS Cost Explorer in one China region, with no impact on compute, storage, database or AI services."
Internal investigation revealed an engineer operated Kiro using a role with excessive permissions, bypassing the tool's default authorization protocols. This configuration error allowed Kiro's environment recreation command to execute without proper oversight.
In response, AWS has implemented mandatory peer review requirements for production access configurations. These include:
- Tiered permission structures limiting Kiro's autonomous actions
- Enhanced monitoring of privilege escalation paths
- Secondary approval workflows for environment modification commands
This incident follows previous operational challenges with Kiro, including a pricing miscalculation that resulted in unexpected charges and capacity restrictions due to overwhelming demand. It highlights broader industry concerns about agentic AI systems operating without sufficient guardrails.
Security professionals should note the compliance implications:
- Audit all service account permissions quarterly
- Implement least-privilege access for AI tools
- Require multi-person authorization for production changes
- Maintain activity logs with immutable timestamps
AWS confirmed no customer data was compromised during the incident. The company continues to recommend strict access control configuration when deploying Kiro, emphasizing that properly implemented safeguards prevent autonomous actions without human approval.
Comments
Please log in or register to join the discussion