financetom
Technology
financetom
/
Technology
/
Skyhawk Security’s AI Red Team Took Over Company’s Full AWS Organization in Seconds
News World Market Environment Technology Personal Finance Politics Retail Business Economy Cryptocurrency Forex Stocks Market Commodities
Skyhawk Security’s AI Red Team Took Over Company’s Full AWS Organization in Seconds
Jun 29, 2026 6:16 AM

TEL AVIV, Israel, June 29, 2026 (GLOBE NEWSWIRE) -- Skyhawk Security, a pioneer in AI-based red team cloud security, today announced new research showcasing how its Agentic AI Red Team took control of a company’s production AWS organization in seconds, starting with low-privileges and escalating to gaining control over a production organization. Skyhawk conducted the research to simulate what an agentic AI attacker is capable of within a real financial services company’s cloud environment. No frontier AI model was required to build or execute the attack, underpinning its severity in the traditional cloud security ecosystem.

Skyhawk’s AI Red Team executed the takeover despite the company following best practices, from configuring permissions and roles to utilizing a leading cloud-native application protection (CNAPP) platform. This autonomous AI attack is particularly concerning because there is no vulnerability to patch, no excessive permission to remove and no misconfiguration alert to remediate.

Skyhawk’s AI Red Team identified a chain of legitimate permissions and capabilities that were individually valid and intentionally configured. By dynamically manipulating roles and permissions, the AI Autonomous Attack Simulation moved from a low-privilege role to a complete production organization takeover. Once an attacker reaches that level of access in a production cloud environment, they can dismantle a business from the inside out.

The research emphasizes that traditional security controls would not be well positioned to stop AI Autonomous Attacks, preemptively or at runtime.

“For years, cloud security has centered on finding what is broken. This case shows that in the era of AI Autonomous Attacks, that model is no longer sufficient. The company we worked with during this research was doing a great job. Nothing in their environment was broken,” said Chen Burshan, CEO of Skyhawk Security. “Their security team had done the work and they were part of a leading CNAPP’s ‘zero critical findings club,’ but our AI Red team was still able to get full organization control. The risk lived in a chain of legitimate capabilities an Agentic AI-enabled attacker would utilize. To defend against AI Autonomous Attacks and prevent breaches, defenders must simulate what an attacker can actually do, build controls around the full attack and stop the attacker at AI speed.”

Industry data shows IAM is the initial access vector in more than 70% of cloud attacks and is involved in approximately 83% of attacks overall. Skyhawk’s research proves that IAM rightsizing alone cannot eliminate cloud risk.

A traditional graph view of the customer environment did not surface the attack. Static attack graph analysis showed no viable route from low privilege to organizational control, giving the security team a false sense of confidence. Skyhawk’s AI-powered adversarial view revealed how a threat actor would manipulate legitimate capabilities across privileges and boundaries until full organizational access was achieved.

Skyhawk’s AI Attack Simulation found the path in seconds, ascertaining that autonomous AI attackers can do the same.

"Agentic AI is changing cybersecurity from a static configuration problem into a dynamic systems problem,” said Rob Strechay, Cybersecurity Analyst and Principal at Smuget Consulting. “Organizations have invested heavily in identifying vulnerabilities and reducing misconfigurations, but AI-powered adversaries can reason across identities, permissions and cloud services in ways traditional tools were never designed to anticipate. The next phase of cloud security will be defined by continuously validating how an autonomous attacker could exploit legitimate capabilities before they become a business risk."

To see the full research details, visit: https://skyhawk.security/aws-cloud-org-takeover/

About Skyhawk Security  

Skyhawk Security is the leader in AI-powered cloud security. Its platform is purpose-built to defend against autonomous AI attacks. AI enables threat actors to move faster, probe deeper, and breach cloud environments at machine speed. Skyhawk fights back with an AI Red Team that continuously executes adversarial attack simulations against a digital model of your live cloud environment, providing autonomous responses that eliminate weaponized exposures before breaches occur. With Skyhawk, security teams can thwart AI-augmented cloud attacks without operational disruptions. Led by the team that built the original CSPM category, Skyhawk's platform continuously adapts its cloud security prevention and detection capabilities to each customer's unique cloud architecture, delivering security that self-improves with every threat it encounters. Skyhawk Security is a spin-off of Radware ( RDWR )® . Follow Skyhawk on LinkedIn for continuous updates.

Media Contact:

Sherlyn Rijos-Altman

[email protected]

Montner Tech PR

Image: https://www.globenewswire.com/newsroom/ti?nf=OTc1Mjg5MiM3Njc5MjMyIzUwMDExMzA4Mw==

Image: https://ml.globenewswire.com/media/NGEwMTQzOTQtN2ExYS00ZTEzLWIxOTMtY2MzN2E4MzI0ZjBiLTUwMDExMzA4My0yMDI2LTA2LTI5LWVu/tiny/Skyhawk-Security.png Image: Primary Logo

Source: Skyhawk Security

Comments
Welcome to financetom comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Related Articles >
Trump Organization unveils self-branded mobile phone network
Trump Organization unveils self-branded mobile phone network
Jun 16, 2025
NEW YORK (Reuters) - Trump Organization launched a self-branded mobile network on Monday, dubbed Trump Mobile, signaling a new effort to court conservative consumers with a wireless service positioned as an alternative to major telecom providers. The Trump family, long known for its real estate empire, luxury hotels, and golf resorts, has in recent years ventured into newer arenas including...
Canaan Stock: A Deep Dive Into Analyst Perspectives (8 Ratings)
Canaan Stock: A Deep Dive Into Analyst Perspectives (8 Ratings)
Jun 16, 2025
During the last three months, 8 analysts shared their evaluations of Canaan , revealing diverse outlooks from bullish to bearish. The table below summarizes their recent ratings, showcasing the evolving sentiments within the past 30 days and comparing them to the preceding months. Bullish Somewhat Bullish Indifferent Somewhat Bearish Bearish Total Ratings 8 0 0 0 0 Last 30D 1...
UK Startup Optalysys Debuts Server for Blockchains
UK Startup Optalysys Debuts Server for Blockchains
Jun 16, 2025
Optalysys, a U.K.-based startup focused on secure computing, has introduced what it claims to be the world’s first server for blockchains that can process data at scale without decrypting it. The firm’s LightLocker node is a server that uses Fully Homomorphic Encryption (FHE), a mathematical technique allowing computations to be performed on encrypted data without compromising the encryption. The last...
Deep Dive Into Bitdeer Technologies Stock: Analyst Perspectives (9 Ratings)
Deep Dive Into Bitdeer Technologies Stock: Analyst Perspectives (9 Ratings)
Jun 16, 2025
Bitdeer Technologies ( BTDR ) underwent analysis by 9 analysts in the last quarter, revealing a spectrum of viewpoints from bullish to bearish. The table below summarizes their recent ratings, showcasing the evolving sentiments within the past 30 days and comparing them to the preceding months. Bullish Somewhat Bullish Indifferent Somewhat Bearish Bearish Total Ratings 9 0 0 0 0...
Copyright 2023-2026 - www.financetom.com All Rights Reserved