Two stories this week show the gap between AI progress and basic security. OpenAI just made their frontier models available on AWS, while Instagram’s newest vulnerability is so basic it’s almost embarrassing.

OpenAI Models Land on AWS

OpenAI announced their frontier models and Codex are now available directly through AWS. This means enterprises can access GPT-4o and other OpenAI models without leaving their AWS environment.

The integration handles the usual enterprise requirements: VPC endpoints for private access, IAM role management, and billing through existing AWS accounts. No separate OpenAI contracts or API keys to manage.

This matters because most enterprises already live in AWS. Instead of building separate integrations or dealing with multiple vendors, teams can now treat OpenAI models like any other AWS service. That’s a big deal for companies that want AI capabilities but don’t want infrastructure headaches.

This is exactly the kind of cloud architecture work we handle at Artemis Lab — making AI tools work within existing enterprise infrastructure instead of forcing companies to rebuild everything.

Instagram’s Password Reset Disaster

Meanwhile, Instagram shipped a vulnerability so basic it’s hard to believe. A security researcher found that Instagram’s password reset flow would accept any 6-digit code as valid, not just the one they sent via SMS.

Type 123456? Works. Try 000000? Also works. The system apparently wasn’t validating the reset codes at all.

This isn’t a sophisticated attack. This is Authentication 101 — verify the code you send matches the code they enter. Instagram fixed it quickly once reported, but this should never have shipped.

The researcher called it the “goofiest” exploit they’ve seen, and they’re not wrong. It’s a reminder that even billion-dollar companies with massive security teams can miss obvious flaws.

The Infrastructure Gap

These stories highlight a common pattern: companies rush to add AI features while basic infrastructure remains broken. OpenAI’s AWS integration shows the mature approach — build on solid foundations, integrate properly, handle security from day one.

Instagram’s bug shows the opposite — move fast and break authentication. That works fine until someone tries to reset your CEO’s password with 123456.

The lesson for businesses: AI capabilities matter, but they’re worthless if your basic security is broken. Get the fundamentals right first, then add the smart features.