AWS Destroyed the Value Proposition for Bedrock by Chris Farris

For the new flagship Claude models (Fable 5, Mythos 5) on AWS Bedrock, the only "allowed_mode" is "provider_data_share". That means prompts and outputs are shared with and retained by Anthropic for 30 days with human review access. This turns Bedrock from a neutral broker that shielded customer data into "first-party Anthropic," with real data-residency and CLOUD Act exposure, and no advance warning for compliance teams.

Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility by Yahav Festinger

StopLogging is the most direct way to kill CloudTrail, so Yahav catalogues the quieter techniques like repointing a trail at an attacker-controlled KMS key with UpdateTrail then revoking CloudTrail's access so logs silently stop landing in S3, and redirecting log delivery to an attacker's own account for persistent visibility. The AWS content is mostly well-trodden ground I mapped years ago in Disrupting AWS logging, which goes deeper (KMS-immutable deletion, bucket-policy denial, S3 lifecycle auto-expiry, and Lambda-driven log deletion).

Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets by Itay Yashar

Enterprises are wiring AI agents straight into the inbox to triage and reply to mail, so Itay built one ("Pinchy") on a real Google Workspace mailbox to test whether decades-old phishing tricks still land on a machine. They do. Even with a hardened "Strict" security profile that explicitly told it to verify identities first, an urgent "Dan needs staging access" email citing a production emergency got the agent to forward AWS IAM keys, database connection strings, and SSH credentials to an external Gmail. The piece draws a sharp line between this and indirect prompt injection, and shows agents are good at spotting technical tells like malicious OAuth redirect URIs but fall for the same social pretexts that fool humans.