Amazon Web Services (AWS) recently introduced new API keys for its Amazon Bedrock service, promising ease of use for developers but potentially introducing security vulnerabilities if not managed carefully. The keys can be either long-term or short-term, with long-term keys creating a new IAM user and potentially posing a security risk if permissions are not tightly controlled. The author, a founding engineer at Prowler, highlights the dangers of privilege escalation and misuse of these keys, suggesting that poorly managed keys could allow attackers to manipulate AI environments, incur high costs, or delete critical security features like Guardrails. To mitigate these risks, the author developed automated checks using Prowler to ensure that API keys do not have excessive permissions and that they are set to expire, thereby promoting the principle of least privilege and key expiration as essential security practices. The article emphasizes the importance of a comprehensive security approach to protect AI workloads and suggests using tools like Prowler for continuous monitoring and management of cloud security.