Amazon Quick Bug Exposed AI Chat Agents to Users Blocked by Custom Permissions

Discover more Digital forensics tools Security audit services Penetration testing service HomeCyber Security News Amazon Quick Bug Exposed AI Chat Agents to Users Blocked by Custom Permissions By Abinaya May 14, 2026 Imagine locking your organization’s sensitive data behind a heavy vault door, only to realize the locking mechanism is entirely missing. Security researchers at Fog Security recently uncovered a severe authorization bypass in Amazon Quick’s AI Chat Agents. This vulnerability allowed blocked users to interact freely with enterprise AI tools, despite explicit administrative restrictions. Compounding the issue, AWS silently patched the flaw without notifying customers or issuing a public advisory, categorizing the risk severity as “none.” Amazon Quick Bug Exposed The vulnerability stems from a classic architectural failure: missing server-side authorization (CWE-862). Access to Amazon Quick, AWS’s business intelligence service, differs from that of standard cloud resources. Administrators cannot use standard AWS Identity and Access Management (IAM) policies or Service Control Policies (SCPs) to govern the AI chatbot. AWS Documentation on Custom Permissions and Restricting Access (Source: Fog security) Instead, they must rely entirely on custom permission profiles to restrict granular Access. While the Amazon Quick user interface properly respected these custom permissions by hiding the chat feature, the backend API completely failed to verify them. Researchers applied organization-wide blocks on all AI features and then logged in as a restricted user. By intercepting network traffic and sending direct HTTP API requests, they successfully queried the bot. A simple, unauthorized prompt asking the agent to “Tell me about mangoes” returned a successful response instead of the expected Access Denied error. This flaw created a significant blind spot for enterprise security teams trying to control unauthorized shadow AI usage. BURP Request Before Fix Showing Successful Interaction with AI Chat Agent (Source: Fog Security) AWS automatically provisions a default chat agent when Amazon Quick is activated in an environment. Because the platform deeply integrates with corporate data sources such as CRMs, databases, and communication tools, organizations often mandate strict controls on which employees can use AI analytics. Administrators believed they had disabled the feature, but the backdoor API access remained wide open. While the researchers confirmed that the vulnerability did not permit cross-tenant data exposure, it thoroughly compromised intra-account security boundaries. Internal users could interact with the AI model unchecked, bypassing the very controls relied upon for access management and strict corporate compliance enforcement. Fog Security disclosed the vulnerability to AWS via their HackerOne vulnerability disclosure program on March 4, 2026. The cloud provider acted quickly, deploying an initial patch to select regions by March 11 and completely fixing all production environments the following day. BURP Request After Fix Showing 401 Unauthorized (Source: Fog security) When restricted users attempt the same API bypass today, the server correctly issues a 401 Unauthorized response. Despite the rapid patch deployment, the lack of transparency has alarmed security professionals. AWS classified the vulnerability’s impact as “none” and bypassed their standard public communication protocols. This gap between the published scope of vulnerability reporting and actual communication leaves organizations unaware of their historical exposure to internal AI use. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News New Infostealer Campaign Uses GitHub Releases for Payload Hosting and Evasion Hackers Use Weaponized JPEG File to Deploy Trojanized ScreenConnect Malware Langflow CVE-2026-33017 Exploited to Steal AWS Keys and Deploy NATS Worker Mozilla Patches 423 Firefox Vulnerabilities with Claude Mythos and Other AI Models Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers Latest News Cyber Security News Dell Support assist Updates Forces Windows Systems to BSOD Loop Cyber Security News Microsoft Research Shows AI Can Generate Realistic Command Lines and Process Telemetry Cyber Security News Critical GitLab Vulnerabilities Enables XSS and Unauthenticated DoS Attacks Cyber Security News Hackers Abuse Legitimate HWMonitor Binary to Load Malicious DLL Payload Cyber Security Palo Alto PAN-OS 0-Day Exploited to Execute Arbitrary Code With Root Privileges on Firewalls