Amazon's Vibe Coding Catastrophe: 4 Sev-1 Incidents in 90 Days, 6.3 Million Lost Orders
Amazon's internal AI coding tools triggered four Sev-1 incidents in 90 days after permissions misconfigurations removed human-in-the-loop checks, resulting in 6.3 million lost orders.
The internal memo was damning. Over the course of 90 days, Amazon's AI-assisted coding tools were implicated in four separate Sev-1 incidents โ the highest severity classification in Amazon's incident taxonomy.
The root cause was depressingly consistent: permissions misconfigurations that removed human-in-the-loop guardrails. Engineers using AI tools to generate and deploy code were inadvertently granting those tools production-level access without the approval gates that existed for human deployments. The automated pipeline didn't know it was supposed to wait.
The cumulative damage: 6.3 million lost orders. Not test orders. Not staging data. Real customer transactions that evaporated because AI-generated code hit production without the safety checks that human engineers would have triggered.
Amazon's post-incident analysis pointed to a systemic failure: the tooling had been adopted faster than the governance frameworks could keep up. The AI could write code, deploy code, and break code โ all without a single human checkpoint.
More nightmares like this
Amazon Kiro Agent Inherited Elevated Permissions, Bypassed Approval, and Caused a 13-Hour AWS Outage
An Amazon Kiro AI agent inherited an engineer's elevated permissions, bypassed the two-person approval process, and triggered a delete-and-recreate cycle that caused a 13-hour AWS Cost Explorer outage in mainland China.
Rate-Limited Into Oblivion: GPT-4 Vision Tool Crumbles Under 20K Hacker News Surge
A developer launched a GPT-4 Vision-powered UX audit tool and got crushed by unexpected traffic. The API's brutal rate limit (100 daily events) made the service unusable for nearly everyone who showed up.