Feb Recap: New AWS Privileged Permissions and Services

As February 2026 comes to a close, the focus of AWS permission expansion has moved from core infrastructure to the Generative AI supply chain. This month’s review of newly released permissions highlights a strategic pivot toward model customization and deep-tier telemetry. While the volume of new privileged actions is lower than in January, the impact of these specific permissions is profound, targeting the very logic and safety of the AI models organizations are increasingly relying on.
The central theme for February is “Model Integrity.” With the introduction of fine-tuning capabilities within the Bedrock Mantle ecosystem, the risk surface has shifted from “who can access the data” to “who can influence the model’s behavior.” As AI agents become more autonomous, the ability to subtly alter a model’s training via fine-tuning permissions represents a new frontier for persistence and defense evasion that security teams must prioritize.
Existing Services with New Privileged Permissions
Amazon Bedrock Mantle
Service Type: Artificial Intelligence & Machine Learning
Permission: bedrock-mantle:CreateFineTuningJob

Action: Grants permission to create a fine tuning job
Mitre Tactic: Resource Development
Why it’s privileged: Allows an attacker to “poison” a model by training it on a malicious dataset. This can create a compromised AI that ignores safety filters, leaks sensitive data, or provides intentionally harmful responses to specific prompts.

New Services with Privileged Permissions
Amazon Inspector2 Telemetry Channel
Service Type: Security and Compliance
No privileged permissions
Conclusion
The February updates serve as a reminder that cloud privilege is a moving target. As AWS matures its AI offerings, the “keys to the kingdom” are no longer just found in IAM or S3 policies; they are now embedded in the permissions that govern Machine Learning lifecycles. The ability to fine-tune a model is, in essence, the ability to rewrite the rules of an organization’s internal intelligence.
Sonrai Security’s Cloud Permissions Firewall continues to adapt alongside these shifts. By automatically identifying these high-risk AI permissions and mapping them to the MITRE ATT&CK framework, we ensure that your transition to agentic AI doesn’t come at the cost of your security posture. In an era where a single fine-tuning job can compromise an entire application’s logic, achieving true least privilege is the only way to ensure your AI stays on your side.

*** This is a Security Bloggers Network syndicated blog from Sonrai | Enterprise Cloud Security Platform authored by Karen Levy. Read the original post at: https://sonraisecurity.com/blog/feb-recap-new-aws-privileged-permissions-and-services-2026/

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts