AWS privileged permissions: what cloud IAM teams need to know

TL;DR: July 2025 AWS service updates introduced new privileged permissions across Bedrock AgentCore, SageMaker, Oracle Database@AWS, VPC Lattice, and security tooling, creating fresh paths for privilege escalation, lateral movement, persistence, and defence evasion, according to Sonrai Security. The governance problem is not the new services themselves but the way cloud access boundaries expand faster than review, scope, and control models can keep up.

NHIMG editorial — based on content published by Sonrai Security: July recap of new AWS services and privileged permissions

By the numbers:

• Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.

Questions worth separating out

Q: What should security teams do when AWS introduces new privileged permissions?

A: They should treat each new permission as a governance change, not a routine feature update.

Q: Why do new cloud service permissions create lateral movement risk?

A: Because lateral movement in cloud environments often comes from configuration rights, not stolen passwords.

Q: How should teams govern AI runtime permissions in AWS?

A: Separate the right to deploy an AI runtime from the right to operate or modify it.

Practitioner guidance

• Reclassify new AWS actions as privileged by default Review newly introduced service permissions before they reach production roles, with special attention to actions that create runtimes, update gateways, alter policies, or expose presigned access paths.
• Split deployment rights from runtime control Ensure the identity that can deploy an AI service cannot also silently update the runtime image, execution role, or downstream tool targets without separate approval and logging.
• Extend PAM to cloud configuration authority Include network association, peering, gateway, and policy modification permissions in privileged access reviews so service topology changes are governed like admin access.

What's in the full article

Sonrai Security's full blog post covers the operational detail this post intentionally leaves for the source:

• Service-by-service permission table for the AWS actions introduced in July, including why each one is privileged
• MITRE tactic mapping for each permission, useful when you are translating cloud IAM findings into detection and control work
• Specific examples of how Bedrock AgentCore, SageMaker, and network permissions can be abused in real environments
• The vendor's remediation framing for organisations trying to keep pace with AWS service expansion

👉 Read Sonrai Security's July recap of new AWS privileged permissions →

AWS privileged permissions: what cloud IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →