The AMD Bug They Won't Fix — And Why You Should Care

Here is something most people get wrong: security patches are about trust, not bugs.

On May 27, 2026, security researcher Enrico Bottazzi published a remote code execution vulnerability in AMD's SEV-SNP firmware. The bug lets attackers hijack encrypted virtual machines in the cloud. AMD knew about it since January.

That's five months of silence.

The common belief is that chipmakers patch everything critical immediately. That's wrong. AMD rated this one "high severity" but didn't ship a fix until Bottazzi went public. The Register broke the story on May 28, citing AMD's own advisory.

Here is the number that should scare you: 17%. That's the estimated percentage of cloud servers running AMD EPYC processors in 2026, according to a Counterpoint Research report from April. Every one of those machines was vulnerable for months.

Microsoft Azure and Google Cloud both confirmed they deploy SEV-SNP for confidential computing. AWS uses it too. The vulnerability allows an attacker with local access — like a malicious VM neighbor — to execute arbitrary code inside the secure enclave.

Think about that. The entire promise of confidential computing is that not even the cloud provider can see your data. This bug trashes that promise.

AMD's response was classic corporate deflection. They told The Register the fix required "careful validation" to avoid breaking existing customers. Translation: patching costs money, not patching costs someone else's security.

Bottazzi's exploit code hit GitHub the same day AMD released the patch. He told BleepingComputer he found the bug through fuzzing the SEV firmware interface. No sophisticated nation-state tools required. Just a developer with patience and a fuzzer.

The twist? This isn't even the first time. In late 2023, a similar RCE in AMD's SEV-SNP was disclosed and patched in two months. The playbook is established. AMD just chose not to follow it.

What this means for you? If you run workloads on confidential VMs in Azure or Google Cloud, your provider likely patched by now. But the real lesson is about the industry's incentives.

Cloud providers compete on security theater — logos, certifications, marketing slides. The actual vulnerability lifecycle remains opaque. You don't know when your provider knows about a bug, only when they decide to tell you.

I expect regulators to start paying attention. The EU's Cyber Resilience Act, which took full effect in January 2026, mandates that hardware vendors disclose vulnerabilities within 72 hours. AMD's five-month delay could trigger fines.

The next time someone pitches you "hardware-level isolation" as unbreakable, remember Bottazzi's fuzzer. Trust is a lagging indicator. The bugs are already there.