This article discusses a method for privilege escalation in AWS SageMaker, paralleling previous exploits in EC2. It explains how an attacker can manipulate lifecycle configurations to run unauthorized code and gain access to IAM roles. The author provides a proof of concept and highlights the need for better security measures.

The Amazon SageMaker Global Roadshow offers specialized workshops focusing on data, analytics, and artificial intelligence (AI) within Amazon Web Services (AWS). Participants can choose from various sessions designed for developers and business leaders, covering advanced AI techniques and data strategy.

AWS has introduced two new OpenAI models with open weights, gpt-oss-120b and gpt-oss-20b, available through Amazon Bedrock and SageMaker JumpStart. These models excel in text generation, coding, and reasoning tasks, offering developers greater control and flexibility in building AI applications. They support extensive customization and integration within AWS's ecosystem, enhancing the capabilities for various use cases.