Blog
AWS Security Agent Verification — Authentication Flow Support and Detection Scope
Tested with no auth, single role (with 2FA), and multiple roles. Without credentials, the agent autonomously chained SQL Injection → credential extraction → TOTP guessing → admin login. Providing credentials via Secrets Manager enabled stable authenticated testing including 2FA bypass.