AWS Security Digest·Week 23 of 2026·Jun 1-7, 2026·5 items
OpenAI Models Land in Bedrock, Cognito Goes Multi-Region
OpenAI GPT-5.5, GPT-5.4, and Codex reach general availability on Amazon Bedrock under the same governance controls as the rest of AWS. Amazon Cognito adds near-real-time multi-Region replication of identities and credentials, Bedrock AgentCore Identity integrates Secrets Manager, and two new CVEs hit Kiro IDE and Graph Explorer.
In this issue3high2medium
Highlights
3 items
$ tail -f /var/log/aws-security.log
high/Feature Launch/
OpenAI GPT-5.5, GPT-5.4, and Codex Reach GA on Amazon Bedrock
OpenAI GPT-5.5, GPT-5.4, and Codex are now generally available on Amazon Bedrock for production workloads, with the same security, governance, and operational controls available across AWS.
For security teams, the value is that frontier models now run inside your AWS boundary: requests stay in your account, and you can apply Bedrock guardrails, IAM scoping, and CloudWatch monitoring instead of sending data to a third-party API.
The usual agentic-AI caution still applies. Scope the execution roles tightly, because a capable model with broad permissions is a broad blast radius.
Amazon Cognito can now replicate user and machine identity data, credentials, and configuration to a secondary AWS Region in near real-time.
This closes a long-standing resilience gap: if a Region degrades, authentication can fail over without losing users or their credentials, which matters for any application that treats sign-in as critical infrastructure.
The capability is available across 16 Regions for the Essentials and Plus tiers.
Amazon Bedrock AgentCore Identity now integrates with AWS Secrets Manager so that agentic workflows resolve credentials through governed secrets rather than embedded values.
It is a direct answer to one of the hardest problems in agentic AI: giving an autonomous agent the credentials it needs without scattering long-lived secrets across prompts, code, and environment variables.
Pair it with least-privilege execution roles and short rotation windows to contain what an agent can reach.
BedrockSecrets Manager
CVEs & Vulnerabilities
2 items
$ cat /var/reports/CVE_REPORT.txt
high/CVE/
CVE-2026-10591: Command Execution via File Writes in Kiro IDE
AWS published bulletin 2026-037-AWS for CVE-2026-10591, an insufficient access control issue in the Kiro IDE file-write tool.
Insufficient restrictions allowed writes to execution-sensitive paths, which could be abused to execute commands. The issue affects Kiro IDE versions before 0.11.
Update to 0.11 or later.
Kiro
medium/CVE/
CVE-2026-10584: Silent HTTPS-to-HTTP Fallback in Graph Explorer
AWS published bulletin 2026-038-AWS for CVE-2026-10584 in Graph Explorer.
When HTTPS is enabled but certificates are unavailable, the server silently falls back to plain HTTP, exposing traffic that operators believe is encrypted. Affected versions are 1.1.0 up to, but not including, 3.0.1.
Upgrade to 3.0.1 or later.
Key Takeaway
1 item
$ cat WEEKLY_SUMMARY.md
If you use Bedrock, the OpenAI GA and AgentCore Identity changes push in the same direction: run powerful models inside your account and govern their credentials with Secrets Manager and tight IAM roles. On the patch side, update Kiro IDE to 0.11 or later and Graph Explorer to 3.0.1 or later this week.
Filed Under
BedrockOpenAICognitoMulti-RegionAgentCoreSecrets ManagerKiroCVEAgentic AI
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.
