AWS is exposed across two distinct architectural risk areas this week: the Unit 42 cloud bucket name hijacking research demonstrates that Amazon Data Firehose delivery streams bind to S3 bucket names rather than stable ARNs, meaning an attacker with s3:DeleteBucket permission can silently redirect ongoing data pipelines to attacker-controlled storage; and the CrowdStrike survey on cloud detection gaps documents that cloud IAM abuse and identity misconfigurations are enabling undetected adversary persistence in AWS environments, with AI workloads on Kubernetes emerging as an additional attack surface. Neither finding involves a patchable vulnerability — both require architectural and operational remediation.