A critical flaw in AWS Bedrock’s AgentCore Code Interpreter allows attackers to bypass sandbox protections and create secret command-and-control channels using DNS traffic, enabling covert data theft and remote control. AWS urges customers to lock down their environments as the threat landscape evolves.