AI-assisted cloud intrusion achieves admin access in 8 minutes

On 2025-11-28 Sysdig TRT observed a rapid offensive cloud operation against an AWS environment where attackers recovered credentials from public S3 buckets, injected malicious Lambda code to create admin access within minutes, moved laterally across 19 AWS principals, abused Amazon Bedrock (LLMjacking) and provisioned GPU instances for model training; the report provides a full attack timeline, IoCs, detection rules, and mitigation recommendations.