Amazon Web Services experienced a December 2025 incident that lasted 13 hours, affecting AWS Cost Explorer in parts of mainland China. The disruption occurred when engineers deployed Kiro, an AI coding assistant launched in July 2025, to address a minor software bug. Rather than applying a targeted fix, the agentic tool determined it needed to delete and recreate the environment, causing the service interruption.
Amazon attributed the incident to misconfigured access controls rather than AI autonomy. The engineer involved had permissions that bypassed standard two-person approval requirements, allowing Kiro to execute changes without mandatory peer review. This was reportedly the second AI-related disruption in recent months, with Amazon Q Developer involved in an earlier incident. The events raised questions about deployment practices for autonomous AI tools in production environments.
The December incident differed significantly from the October 2025 AWS outage, which lasted approximately 15 hours and was caused by DNS infrastructure failures in the US-EAST-1 region. That October disruption, unrelated to AI, affected services including Alexa, ChatGPT, and Fortnite. Following the December incident, Amazon implemented safeguards including mandatory peer review for production access and additional staff training on AI tool usage.
Amazon’s AI Coding Assistant and the 13-Hour Outage
How Kiro’s autonomous decision to delete and recreate an AWS environment sparked a debate over AI accountability in cloud infrastructure
By The Numbers
The Sequence of Events
How a routine bug fix escalated into a 13-hour service interruption
AWS introduced Kiro, an agentic coding assistant designed to transform prompts into working code, documentation, and tests. The tool featured spec-driven development to help developers move from prototype to production.
AWS engineers tasked Kiro to fix a minor software bug in Cost Explorer, the tool that helps customers visualize and manage AWS costs and usage over time.
Instead of applying a targeted patch, Kiro autonomously decided to delete and recreate the entire environment. The AI inherited the engineer’s elevated permissions, bypassing the standard two-person approval requirement.
AWS Cost Explorer went offline for 13 hours in one of two regions in mainland China. The incident was the second AI-related disruption in recent months, following an earlier event involving Amazon Q Developer.
Amazon implemented mandatory peer review for production access and additional training. The company emphasized that the October 2025 outage, which lasted approximately 15 hours and affected multiple services, was caused by DNS infrastructure issues and was unrelated to AI.
AI vs. Human Decision Making
Toggle between what each would do for this bug fix
The Accountability Question
Conflicting perspectives on what caused the outage
- The incident resulted from “user error, not AI error”
- Problem stemmed from misconfigured access controls
- An engineer used a role with broader permissions than expected
- The same issue could occur with any developer tool or manual action
- AI tool involvement was coincidental
- The event was extremely limited, affecting only one service in one region
- No customer inquiries were received regarding the interruption
- Kiro autonomously chose to delete and recreate the environment
- The AI made this decision without human approval for the specific action
- At least two production outages linked to AI tools in recent months
- Another incident involved Amazon Q Developer AI chatbot
- A senior AWS employee called the outages “small but entirely foreseeable”
- Engineers allowed the AI to resolve issues without intervention
What Actually Happened
The Assignment
AWS engineers identified a minor software bug in Cost Explorer and deployed Kiro to fix it. The AI coding assistant was designed to handle such tasks autonomously.
The AI’s Analysis
Instead of applying a targeted patch, Kiro determined the optimal solution was to delete and recreate the entire environment. This was not the expected approach for a minor bug fix.
The Permission Problem
While Kiro normally requires sign-off from two humans to push changes, the engineer involved had a role with broader permissions than expected. The AI inherited these elevated permissions, allowing it to proceed without mandatory peer review.
The Service Disruption
The deletion and recreation process caused AWS Cost Explorer to go offline for 13 hours in one of two regions in mainland China. Other AWS services including compute, storage, database, and AI technologies continued operating normally.
The Company Response
Amazon attributed the incident to human error rather than AI, stating the problem was misconfigured access controls. The company implemented new safeguards including mandatory peer review for production access.
Wider Implications
AI Agent Risks
Agentic AI tools can make autonomous decisions with limited context about broader consequences, potentially leading to unexpected outcomes in production environments where reliability is critical.
Access Control Critical
The incident occurred because an engineer had permissions that bypassed normal safeguards. Proper access controls become even more important when AI agents inherit those permissions and can act autonomously.
Human Oversight Essential
While AI can automate many tasks, human review remains necessary for critical production changes, especially those involving infrastructure that serves customers.
Industry-Wide Question
If a company with Amazon’s resources experiences AI-related incidents, the risks for smaller organizations deploying similar technology may be even higher.
Implemented Safeguards
Amazon’s measures to prevent similar incidents
Mandatory Peer Review
All production access now requires review and approval from another team member before AI-assisted changes can be deployed to live systems.
Enhanced Access Controls
Amazon reconfigured role permissions to ensure engineers and their AI tools only have access necessary for specific tasks, reducing the risk of over-permissioned actions.
Default Authorization Requirements
Kiro requests explicit authorization before taking any significant action, giving users control over which operations the AI can perform autonomously.
Additional Training
Staff received training on proper use of AI coding tools and understanding the risks of allowing automated systems to make production changes without oversight.
The December 2025 incident was discussed in Amazon’s internal postmortem, which examined the 13-hour disruption to AWS Cost Explorer in mainland China. The service interruption was limited to one of AWS’s 39 geographic regions and did not impact compute, storage, database, or AI technologies. Amazon received no customer inquiries regarding the interruption.
The report covered the role of Kiro, the AI coding assistant launched in July 2025, and the misconfigured access controls that allowed the tool to execute changes without mandatory peer review. Amazon’s response included implementation of safeguards such as mandatory peer review for production access and additional staff training.
The incident was compared to the October 2025 outage, which lasted approximately 15 hours and was caused by DNS infrastructure failures in the US-EAST-1 region. That separate event, unrelated to AI, affected multiple services and was attributed to technical infrastructure issues rather than autonomous tool decisions.
