Lurking in the (documentation) shadows: Why We Built the AWS Security Changes Project
Liad Eliyahu
fwd:cloudsec Europe 2025 · Day 2 · Main Room
Liad Eliyahu, head of research at **Miggo Security**, presented the story behind the **AWS Security Changes** project — an automated system that monitors all AWS documentation for security-relevant modifications, classifies them using a reasoning LLM, and makes them searchable at **awssecuritychanges.com**. The project was born from the discovery and disclosure of the **ALBeast vulnerability**, which revealed that AWS sometimes patches critical security issues through silent documentation changes without notifying affected customers. Eliyahu demonstrated how the project has already uncovered seven additional security issues, including multiple **confused deputy** vulnerabilities in AWS service logging configurations.
AI review
Original vulnerability research that produced four CVEs (including one at GCHQ), exposed a fundamental architectural flaw in AWS ALB authentication affecting thousands of organizations, and spawned an automated project that has already yielded seven additional security findings including confused deputy vulnerabilities. This is the complete package: novel discovery, real impact, responsible disclosure, and a tool that scales the methodology.