I Found 11 Security Gaps in My Own Bedrock Agent — Here's How I Fixed Them

A cloud engineer's honest postmortem on what we get wrong when we rush AI workloads to production. Let me be honest with you. A few weeks ago I sat down to do a proper security review of a Bedrock agent I had built. The agent was already running in a staging environment, the team was happy with it, and we were two weeks away from production. What I found made me pause the entire launch. Not because someone had made a terrible mistake. But because of how organically the gaps had crept in — copy-paste from a demo here, "we'll tighten it later" there. It's the most common story in cloud engineering and it hits different when the workload is AI. This is that story. And more importantly, this is how I fixed every single gap. First, why AI agents are not just another Lambda Before we get into the gaps, I want to make one thing clear because I see this assumption everywhere: a Bedrock agent is not just a Lambda function that calls an LLM. The security model is fundamentally different. Think a