[AI Deploy Incident] Amazon Q Developer Small but Foreseeable Production Incident

February 2026

Permission Protocol blog post — weekly AI Deploy Incident Thread template.

1. What happened

The Financial Times reported a production incident linked to Amazon Q Developer and described it as "small but foreseeable." This was not framed as a model-quality failure. It was an execution-path failure: an AI-assisted deploy path reached production when it should have hit an explicit approval checkpoint first.

2. Root cause

The critical control was missing: the AI agent deploy path proceeded without a signed authorization receipt. In other words, permissions existed, but there was no cryptographic proof that this specific production action was approved by an accountable signer of record.

3. What a deploy gate would have done

1. Intercept deploy attempt: Pipeline checks for a valid receipt before production steps run.
2. Fail closed: No receipt found, deploy blocked immediately.
3. Request explicit approval: Human reviewer signs a scoped authorization for this commit and environment.
4. Continue only if valid: Pipeline verifies signature, scope, and expiry, then proceeds.

Outcome: the incident never reaches production without an accountable, auditable approval event.

4. The receipt

Example authorization receipt JSON:

{
  "version": "1.0",
  "status": "APPROVED",
  "requestId": "req_01JV7Q4M4T7Z9X4P9G8N2D6R1A",
  "issuedAt": "2026-02-28T16:00:00Z",
  "expiresAt": "2026-02-28T18:00:00Z",
  "scope": {
    "repo": "amazon/service-repo",
    "sha": "4f8a2cd91ef7a2c7f3a5f0aa12d93b33f2d40e17",
    "environment": "production",
    "workflow": "deploy.yml"
  },
  "approver": {
    "id": "user_7f2b1d",
    "email": "oncall@example.com"
  },
  "signature": {
    "alg": "Ed25519",
    "keyId": "ppk_prod_2026_02",
    "value": "MEYCIQDF9u5S1KQ4JYq3vF7eL0w0yqg2I8h8xQ8sJm5vKf0kFwIhAO4S0W3nX8kVQmN0x2z7x8YqJ6w1s8YzQ2mP5e4t9Y7P"
  }
}

5. CTA