Whether it was human error or not, an AI that had inherited an engineer’s privileges nonetheless deleted a production environment.
Some of the commentary on “the Kiro affair” converges on this assessment.
Amazon initially did not disclose the incident, which occurred in mid-December. It finally did so last week… after the Financial Times revealed it.
What the Financial Times Claims
Relying on Amazon employees, the FT states that AWS has suffered, “in recent months,” at least two production outages caused by mistakes involving its own AI tools. It does not date one of them, which, according to staff, involved the Amazon Q Developer assistant.
The mid-December incident led to 13 hours of downtime for a “customer-facing system.” It resulted from changes made by the Kiro assistant, which had chosen to delete and then recreate an environment.
Another claim attributed to employees: treated as an extension of engineers, the AI tools had the same permissions. In both cases, the individuals involved did not seek peer validation for the changes.
The FT attributes some statements directly to Amazon. According to the company, the December incident was “extremely limited”: only one service affected, in certain parts of mainland China. As for the other incident, it did not impact customer-facing services.
Another statement attributed to the American group is that, in both cases, it was a human error. More precisely, an access-control problem: the engineer involved in the December incident had more permissions than he should have. The same issue could have occurred with any tool—AI-enabled or not—or any manual action.
What Amazon Responds
Regarding the alleged incident with Amazon Q Developer, the U.S. group is categorical: “It is completely false to say that a second event impacted AWS.”
The December incident touched the AWS Cost Explorer, in one of its 39 cloud regions. Amazon says this scope was “extremely limited” and notes that it did not receive any customer requests.
The company confirms the scenario of misconfigured access controls. It insists it was a “coincidence” that AI tools were involved, and adds that it has put safeguards in place “to prevent this from happening again.” Among them, mandatory peer reviews for production access.
A “Kiro Directive” That Has Not Won Everyone Over
In addition to these details, a spokesperson explained that the human error was not the engineer’s failure to validate the action, but rather that the engineer did not understand the extent of their privileges. In other words: he would likely have acted differently if he had known.
Amazon says that by default, Kiro asks for approval for every action it intends to perform. It does not, however, disclose how the assistant proposed to delete the environment in question. Was it explicit? If not, did the engineer seek more information before approving?
Against this backdrop, an internal November 2025 directive urged Amazon teams to standardize on Kiro. The move is pitched as a way to boost security (including reducing the risk of data leaks) and to unify telemetry.
The initiative has stirred debate. More than a thousand employees requested continued access to tools, including Claude Code. The rationale: they are more capable than Kiro for certain use cases, such as multilingual refactoring and managing some niche frameworks.
