Risk
Insecure Agent Harness and Runtime Configuration
Description
Authentication, identity, or configuration gaps in the agent harness exposing tool invocation, memory, and streaming surfaces.
Example
A managed agent runtime is provisioned with a wildcard IAM role, letting one compromised agent act across every agent on the platform (AgentCore "god mode" class).
Assets Affected
Agent Harness
Agent Identity
Model Inference Endpoint
Mitigation
- Workload identities and mTLS at harness boundaries
- per-action authorization
- least-privilege IAM
- rate-limit tools and streaming
- validate I/O
- trace with PII filtering.
Standards Mapping
- ISO: A.6.2.5, A.6.2.6
- OWASP agentic: ASI03, ASI02
- EU AI Act: Art. 15(5)
- DASF: Model Serving 9.11, Agents-Core 13.3
- AIUC-1: B007, B008