Reports claim an AWS outage last year was caused by an AI coding tool deciding to 'delete and recreate the environment' from scratch, while Amazon says 'misconfigured access controls' were to blame
A report from The Financial Times claims that, according to four of its sources, two recent AWS outages were caused by engineers allowing its Kiro AI coding tool to make changes without oversight.
According to a senior AWS employee, at least two production outages in the past few months were caused by the AI agent operating on its own terms. "The engineers let the AI [agent] resolve an issue without intervention," one source claims. "The outages were small but entirely foreseeable."
The FT's sources claim that one particular 13-hour interruption in December of last year was caused by the agentic tool deciding that the best course of action was to "delete and recreate the environment", which has echoes of another rogue AI agent last year deleting an entire codebase on a whim.
However, Amazon has since claimed that access control permissions were to blame, not the AI itself. In a statement to The Register referencing the aforementioned event, Amazon said:
"This brief event was the result of user (AWS employee) error—specifically misconfigured access controls—not AI. The service interruption was an extremely limited event last year when a single service (AWS Cost Explorer—which helps customers visualize, understand, and manage AWS costs and usage over time) in one of our two Regions in Mainland China was affected.
"This event didn't impact compute, storage, database, AI technologies, or any other of the hundreds of services that we run. Following these events, we implemented numerous additional safeguards, including mandatory peer review for production access."
And in similar statements to the FT, Amazon said that its Kiro AI tool "requests authorisation before taking any action", and repeated the claim that the engineer involved in the December incident had "broader permissions than expected." The company also said that it was a "coincidence that AI tools were involved."
So, user error not AI error, at least according to Amazon. Still, as AI coding tools continue to be deployed by engineers across the globe, I doubt this is the last time we'll hear claims of rogue AI deployments running amok and causing significant disruption, as well as companies rushing to claim that it's still in full control, not the AI.
While agentic AI coding certainly seems to have its uses, it seems that figuring out the guardrails around its deployment is still something of a work in progress, even for a web giant like AWS.