Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
Agentic AI, AI Agen...
Amazon Bedrock Agen...
 
Notifications
Clear all

Amazon Bedrock AgentCore agents: what IAM teams miss at runtime

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 8125
Topic starter 24/06/2026 11:58 pm  

TL;DR: Amazon Bedrock AgentCore centralises runtime, memory, gateway and identity services for cloud-deployed agents, but Zenity shows that malicious MCP registration, prompt injection and memory poisoning can turn shared tools into exfiltration and persistence paths. The control problem is not agent capability alone, but runtime governance across tools, memory and access boundaries.

NHIMG editorial — based on content published by Zenity: Inside the Agent Stack: Securing Agents in Amazon Bedrock AgentCore

Questions worth separating out

Q: How should security teams govern AI agents that can discover tools at runtime?

A: They should treat runtime tool discovery as an authorisation boundary, not a convenience feature.

Q: Why do shared memories increase risk in agent platforms?

A: Shared memories increase risk because they can preserve attacker instructions long after the original session ends.

Q: What breaks when agent identity can reach both cloud and third-party services?

A: Blast radius grows faster than most teams expect.

Practitioner guidance

  • Constrain runtime tool discovery Allow only pre-approved MCP sources and service integrations for production agents.
  • Separate shared memory by trust boundary Use distinct memory namespaces for users, agents and environments, then validate every write path to long-term memory.
  • Scope agent identity by task and system Assign the smallest viable API keys, OAuth scopes and IAM roles to each agent.

What's in the full article

Zenity's full blog post covers the operational detail this post intentionally leaves for the source:

  • Step-by-step examples of malicious MCP registration and how it becomes visible inside AgentCore gateways
  • Scenario walkthroughs showing how a CFO assistant and a public demo agent can be abused differently
  • Control examples for request and response interceptors that block malicious tool use before execution
  • Implementation detail on how build-time analysis is combined with runtime telemetry to form an agent graph

👉 Read Zenity's analysis of securing agents in Amazon Bedrock AgentCore →

Amazon Bedrock AgentCore agents: what IAM teams miss at runtime?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Topic Tags
zenity agentic-ai non-human-identity mcp-security runtime-governance
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  zenity (73) , agentic-ai (1166) , non-human-identity (437) , mcp-security (87) , runtime-governance (57) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.