What happened
AWS disclosed that its open-source Bedrock AgentCore Python SDK's tracing instrumentation logged sensitive user content by default in versions 1.4.8 and others, rather than redacting it before emission to telemetry pipelines.
Why it matters
Observability tooling for AI agents that inadvertently captures full user prompts/PII in trace logs creates a data-leakage risk across any downstream logging/monitoring infrastructure, a common but underappreciated blast radius for agent telemetry.
Attack vector
The SDK's OpenTelemetry instrumentation unintentionally logged sensitive user content (e.g., full prompts/agent inputs) into telemetry/trace data, which could be retained or forwarded to observability backends without redaction.
Affected systems
AWS Bedrock AgentCore Python SDK 1.4.8 and other affected versions
Mitigation
Apply the fix per AWS Security Bulletin 2026-058; review and purge any telemetry backends that may have captured sensitive content.