AWS said it had “quickly and automatically identified the exposure” of the key during Permiso’s experiment and proactively notified the researchers, who opted not to take action. The company added: “We then identified suspected compromised activity and took additional action to further restrict the account, which stopped this abuse.

(Permiso said AWS’s security team identified the “malicious usage of Bedrock which they proactively blocked about 35 hours after the scale of invoke attempts increased into the thousands,” adding “this was about 42 days after the key was first used maliciously.”)