Rules of AEM

aemrules.com Security Headers & Cookie Management in Hybrid AEM CDN Setup on AWS CloudFront 7 min read  ·  Anuj Gangwar  ·  AEM Architect @ Adobe TL;DR Ask AI 5 things to know in 30 seconds 1 Never manage security headers on both EDS and AMS independently — enforce all of them at CloudFront only using a Response Headers Policy. One place, consistent everywhere. 2 Your CSP policy must be a superset covering both EDS and AMS — scripts, fonts, and connect sources from both origins in one unified policy. 3 Strip ALL cookies before forwarding to EDS origin. EDS is stateless — forwarding AMS session cookies destroys cache efficiency and every user gets a unique cache entry. 4 For AMS authenticated paths, whitelist only the cookies you need — typically login-token. Never forward all cookies blindly. 5 For SSO across EDS and AMS pages, use a lightweight JWT shared cookie reada...

  AEM Security in the Age of AI: New Threats & How to Defend Against Them Introduction AI is changing the security landscape for AEM deployments in two important ways. First, attackers are using AI to make their attacks smarter — faster credential scanning, AI-generated phishing payloads, and automated vulnerability probing. Second, as AEM teams integrate AI features (chatbots, content generation, RAG pipelines), they introduce a new class of vulnerabilities that didn't exist before. In this post, we'll cover both: how to harden your existing AEM setup against AI-powered attacks, and how to secure the new AI integrations you're building.             1. Prompt Injection — The New XSS If you've built a chatbot or AI assistant on top of AEM content (like the RAG pipeline from our previous post), prompt injection is your biggest risk. It's the AI equivalent of XSS — an attacker embeds malicious instructions inside content that your AI system the...