SAIL 2.0

/

Deploy - Runtime Guardrails

/

Excessive IAM Role Assumption by Cloud Agent Runtime

5.14

.

Excessive IAM Role Assumption by Cloud Agent Runtime

sail
5.14
Risk

Excessive IAM Role Assumption by Cloud Agent Runtime

Description

Cloud-hosted agent runtimes assume IAM roles far broader than the task requires, enabling privilege escalation and lateral movement.

Example

A Bedrock AgentCore agent assumes an IAM role with org-wide read access to perform a single S3 read; an attacker exploiting prompt injection inherits that scope.

Assets Affected

AI Agent

Agentic Platform

AI Provider Access Credentials

Agent Identity

Mitigation
  • Scope IAM roles to per-task minimum
  • use ephemeral credentials
  • alert on out-of-pattern role assumption
  • enforce least-privilege at the platform level.
Standards Mapping
  • ISO: A.4.5, A.10.2
  • OWASP agentic: ASI03
  • OWASP LLM: LLM06:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.3, Platform 12.4
  • AIUC-1: B007, B008