The December 13-hour AWS outage was reportedly linked to Amazon’s internal AI tool, Kiro, which deleted and recreated an environment. Amazon attributed the incident to user misconfiguration rather than AI failure.
Roughly 1,500 Amazon engineers are reportedly pushing to use Anthropic’s Claude Code internally, highlighting tension between mandated internal tools and the products AWS promotes externally.
Why do we care?
Amazon’s “user error” defense is not a technical finding — it’s a liability template. Every enterprise AI vendor will use it when an agent causes harm, because it’s nearly impossible to disprove without internal logs that only the vendor controls.
The structural problem the Kiro incident exposes: agentic AI is sold on autonomy. That’s the value proposition — the agent acts without waiting for human instruction. You cannot market autonomous action as a feature and then assign all consequences to the human who configured the environment. That’s a liability transfer mechanism, and it’s currently sitting unsigned in the fine print of every agentic deployment your clients are running.
The Claude Code story makes this worse. Amazon’s engineers on the Bedrock team — the people whose job is to sell Claude to enterprise customers — are prohibited from using Claude Code in their own production work. When the people building the product don’t trust the product, that belongs in your client’s procurement conversation.
The accountability gap Amazon is papering over with “user error” framing is the same gap sitting in your service agreements right now. When an agent you deployed deletes something it shouldn’t have, your client points at you, you point at the vendor, the vendor points at the access control configuration — and nobody has a clean answer. The client doesn’t care whose fault it is. They care it happened on your watch.
If you deploy agentic systems, your MSA must define autonomous action boundaries, logging requirements, indemnification limits, and incident attribution standards. If you don’t update the contract before the first failure, you’ve accepted the liability by default.