Amazon AI tool linked to reported 13-hour AWS outage

Amazon Web Services is facing scrutiny after reports suggested that one of its own artificial intelligence tools contributed to a lengthy service disruption in December. However, the company has rejected claims that AI was responsible. The incident has renewed debate over the risks of autonomous tools in cloud operations and the importance of strict access controls.

Report points to AI-driven change triggering disruption

According to the Financial Times, the December outage lasted about 13 hours and was linked to the use of an internal AI coding tool called Kiro. The tool, launched in July, is designed to act autonomously on behalf of engineers, carrying out tasks such as making configuration changes. In this case, the system reportedly decided that it needed to “delete and recreate the environment”, triggering a disruption that mainly affected users in China.

People familiar with the matter told the Financial Times that Kiro’s autonomous behaviour led directly to the service interruption. Several Amazon employees reportedly described the event as one of multiple recent incidents in which AI-driven tools played a role in technical disruptions. One senior AWS employee was quoted as saying that the outages were “small but entirely foreseeable”.

The report also noted that Amazon has been actively encouraging employees to use Kiro, setting a 80% weekly adoption target and closely monitoring usage. The company has also made the tool available externally through a subscription model, signalling its confidence in agentic AI systems that can take actions without constant human oversight.

These disclosures have raised questions about how widely such tools should be deployed in mission-critical systems. Agentic AI systems are increasingly used to speed up software development and operations, but critics argue that they can introduce new failure modes if not carefully controlled.

Amazon disputes AI responsibility and outlines safeguards

Amazon has strongly disputed the characterisation of the incident as an AI-driven outage. The company described the Financial Times report as inaccurate and said the disruption was caused by human error in access controls, not by Kiro’s autonomous behaviour.

In a statement published on its news blog, Amazon said: “We want to address the inaccuracies in the Financial Times’ reporting yesterday. The brief service interruption they reported on was the result of user error—specifically misconfigured access controls—not AI as the story claims.”

The company added that the incident affected only a single service, AWS Cost Explorer, and was limited to a single geographic region. It said that other core services, such as compute, storage, databases, and AI, were not affected.

“The disruption was an extremely limited event last December affecting a single service (AWS Cost Explorer—which helps customers visualise, understand, and manage AWS costs and usage over time) in one of our 39 Geographic Regions around the world,” Amazon said. “It did not impact compute, storage, database, AI technologies, or any other of the hundreds of services that we run.”

Amazon also said the underlying issue was a misconfigured role, arguing that such errors can occur with any developer tool or manual action. “The issue stemmed from a misconfigured role—the same issue that could occur with any developer tool (AI-powered or not) or manual action,” the company said.

The cloud provider emphasised that it has introduced additional safeguards, including mandatory peer reviews for production access. It said it did not receive any customer inquiries about the interruption and insisted that it was using the event as a learning opportunity to improve security and resilience.

Wider context of AWS outages and operational concerns

The December incident comes amid other high-profile AWS disruptions. In October, a 15-hour outage affected major services including Alexa, Snapchat, Fortnite and Venmo. Amazon attributed that earlier event to a bug in its automation software rather than AI systems.

Amazon has also rejected claims that certain service disruptions should be described as outages, arguing that the incidents were limited in scope and impact. In its statement responding to the Financial Times report, the company said that allegations of a second AI-related event were incorrect.

“The Financial Times’ claim that a second event impacted AWS is entirely false,” Amazon said, adding that it reviews incidents through its internal Correction of Error process to prevent future problems.

For more than two decades, Amazon has highlighted its operational processes as a key strength, particularly in maintaining the reliability of its cloud platform, which underpins a large share of the global internet. However, the increasing use of autonomous AI tools in software development and infrastructure management is introducing new risks that the industry is still learning to manage.

Experts say that while AI-driven tools can improve efficiency, they also require strict governance, limited permissions and human oversight. Misconfigured access controls, whether caused by people or AI systems, remain one of the most common causes of cloud security incidents and outages.

The debate over the December incident reflects a broader industry tension between automation and control. As companies push to accelerate operations with AI, they must balance innovation with robust safeguards to avoid disruptions that could affect millions of users and businesses.