< ciso
brief />
Tag Banner

All news with #amazon bedrock tag

214 articles

AI gateway compromise raises cloud security concerns

πŸ”’ Researchers report an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock was compromised and used to deploy XMRig cryptomining malware. The intrusion highlights risk from AI gateways that centralize identities, permissions, and model access, making them high-value targets. Analysts observed SSH exposure, probable brute-force attempts, and suspicious IAM activity tied to model enumeration and persistence efforts. Darktrace assisted in timely detection and containment while urging tighter controls and telemetry correlation.
read more β†’

AWS Config adds 191 new managed rules

πŸ›‘οΈ AWS Config has expanded its set of managed rules with 191 additional checks covering services such as Amazon Bedrock, SageMaker, ECS, EKS, RDS, Redshift, S3, and CloudTrail. The new rules evaluate encryption, logging, public access, network security, data protection, and operational best practices. You can deploy rules individually or as part of a conformance pack in supported AWS Regions.
read more β†’

SageMaker Studio Workflows Adds 19 New Operators

πŸ”” Amazon SageMaker Unified Studio Workflows now includes 19 new operators for Amazon Bedrock, Amazon S3 Tables, S3 Vectors, AWS Glue Data Catalog, and Amazon MWAA Serverless. These operators let users add tasks via the visual workflow creator to orchestrate services without writing custom integration code. The capabilities include managing Bedrock guardrails, provisioning and deleting S3 Tables and S3 Vectors, managing Glue Data Catalog assets, and triggering MWAA Serverless runs. This feature is available in all Regions where SageMaker Unified Studio is offered.
read more β†’

Designing for Inevitable System Prompt Leakage

πŸ›‘οΈ System prompts are core to generative AI applications and often include role definitions, tool descriptions, RAG context, and other proprietary instructions. This AWS Security Blog post explains why system prompt leakage is a persistent risk, highlights that it cannot be fully remediated today, and outlines practical mitigations. It recommends design principles such as minimization and avoiding sensitive data in prompts, and details controls available via Amazon Bedrock Guardrails and other mechanisms to reduce exposure and raise extraction difficulty.
read more β†’

Enforce Zero Data Retention on Amazon Bedrock

πŸ›‘οΈ This post explains how Amazon Bedrock’s data retention modes work and the tools you can use to enforce zero retention across accounts and projects. It covers account-level modes (none, default, inherit, provider_data_share), how model requirements interact with your configured ceiling, and APIs that mandate retention. The article also describes project-level isolation via bedrock-mantle, organization-wide enforcement using SCPs, and practical steps to lock accounts to none.
read more β†’

Amazon RDS adds support for Oracle Database 26ai

πŸš€ Amazon RDS for Oracle now supports Oracle Database 26ai, Oracle's Long Term Support release, with integration to Amazon Bedrock providing access to foundation models such as Anthropic Claude, Amazon Nova, and Meta Llama. Oracle Database 26ai enables Select AI for generating and running SQL from natural language prompts and supports in-database RAG via Oracle AI Vector Search, avoiding the need for a separate vector store. The release also offers JSON Relational Duality Views and SQL Property Graphs and is available in Enterprise Edition across commercial and GovCloud regions.
read more β†’

Amazon Cognito adds self-service provisioned limits

πŸ”§ Amazon Cognito now lets customers increase or decrease provisioned API rate limits on demand. Previously adjustments required Service Quotas requests and manual review; the new self-service model enables immediate changes via the Amazon Cognito console or new limit provisioning API operations. Rate limit changes take effect instantly and are available for adjustable API categories in all Regions where Cognito is offered. Pricing and setup guidance are provided in the Cognito pricing page and developer guide.
read more β†’

Amazon Bedrock AgentCore raises default runtime quotas

πŸš€ Amazon Bedrock AgentCore has increased default runtime quota limits to enable larger-scale agent workloads. The update raises active concurrent sessions to 5,000 in US East (N. Virginia) and US West (Oregon), and 2,500 in other supported Regions. All Regions now support 200 agent interactions per second and 25 new sessions per second, improving out-of-the-box throughput for agent deployments. Customers should review the AgentCore Quotas documentation and Developer Guide for details.
read more β†’

Amazon Bedrock AgentCore expands to four regions

πŸš€ Amazon Bedrock AgentCore is now available in four additional AWS Regions: Asia Pacific (Bangkok), Asia Pacific (Malaysia), Europe (Milan), and Europe (Spain). AgentCore is a platform to build, connect, and optimize agents, enabling engineers to ship agents quickly with any framework and model while enforcing security at the infrastructure layer. The launch brings runtime, identity and access control, policy management, session persistence, tool connectivity, and observability to these regions, reducing latency for local end users.
read more β†’

AWS Security Hub Adds AI Security Best Practices

πŸ›‘οΈ AWS Security Hub CSPM introduces the AI Security Best Practices standard, offering 31 automated controls to detect misaligned AI resources. The standard evaluates Amazon Bedrock, Bedrock AgentCore, and Amazon SageMaker workloads against recommended configurations without manual rule creation. It covers domains like network isolation, encryption, VPC placement, KMS usage, private registries, and authorization, producing findings to help teams remediate issues. Available in all Regions where Security Hub CSPM operates, including GovCloud (US) and China.
read more β†’

Anthropic Claude Sonnet 5 available on AWS

πŸ€– AWS now offers Claude Sonnet 5, Anthropic’s latest Sonnet-generation model, delivering high capability at Sonnet pricing for coding, agents, and professional workflows. The model excels at navigating large codebases, performing multi-file changes, debugging, and refactoring with fewer corrections. For agentic use it maintains state, calls tools precisely, and recovers from errors to increase successful runs. Customers can access Sonnet 5 via Amazon Bedrock or the Claude Platform on AWS, with Bedrock providing AWS-managed features like guardrails and regional data residency.
read more β†’

Claude Opus 4.8 now in AWS GovCloud (US)

πŸš€ AWS GovCloud (US) now offers Anthropic's Claude Opus 4.8, the vendor's most capable generally available model to date. Claude Opus 4.8 improves agentic coding, long-running autonomous tasks, and professional knowledge work by maintaining extended context, planning before edits, and recovering from errors. Amazon Bedrock delivers access while keeping data in AWS infrastructure and adding AWS-managed features such as Guardrails and Knowledge Bases.
read more β†’

Kiro adds GPT-5.4 and Nemotron 3 in GovCloud

πŸ”’ Two new models are now available in the Kiro IDE and CLI for the AWS GovCloud (US-West) Region. OpenAI GPT-5.4 supports complex reasoning, coding, document analysis, and multi-step agentic workflows, running on Amazon Bedrock with a 272K context window and 1.2x credit multiplier. NVIDIA Nemotron 3 Super 120B is offered as an open weight, hybrid MoE option with a 256K context window, 32K max output, and 0.25x credit multiplier. Update your IDE or CLI and restart to access the new models.
read more β†’

AWS WAF Protects Amazon Bedrock AgentCore Gateway

πŸ”’ AWS announces general availability of AWS WAF protection for Amazon Bedrock AgentCore Gateway, enabling protection of agentic AI workloads from common web exploits and abuse. You can associate an AWS WAF protection pack with your AgentCore Gateway to enforce IP-based access controls, rate-based throttling, and AWS Managed Rule Groups including Bot Control. Configure protections once at the Gateway and have them applied consistently to all targets behind it.
read more β†’

Bedrock models gain FedRAMP High and DoD IL-4/5 approval

🚨 Amazon Bedrock now offers OpenAI GPT, OpenAI GPT OSS, and NVIDIA Nemotron models approved for FedRAMP High and DoD CC SRG IL-4/IL-5 in AWS GovCloud (US), enabling compliant generative AI deployments for federal and public sector customers. These models run on Mantle, Bedrock’s distributed inference engine, providing serverless, high-performance inference with zero operator access and OpenAI API compatibility. Agencies and enterprises with stringent compliance needs can use Bedrock in GovCloud to build and scale secure AI applications.
read more β†’

Amazon Bedrock AgentCore Memory adds cross-account access

πŸ”’ Amazon Bedrock AgentCore Memory now supports cross-account access, enabling multi-account architectures where memory resources and consuming agents span AWS accounts. Administrators can attach resource-based policies to memory resources to grant principals in other accounts permission to call memory data plane APIs by referencing the full memory ARN. Cross-account delivery destinations let memory resources stream payloads and events to Amazon S3, Amazon SNS, and Amazon Kinesis Data Streams in separate accounts. This capability is available in all Regions where AgentCore Memory is supported.
read more β†’

Amazon Bedrock adds automated policy refinement workflows

πŸ”§ AWS announced automated refinement workflows for Automated Reasoning checks in Amazon Bedrock Guardrails. These checks use formal logic to validate generative AI responses against user-defined policies to detect hallucinations and provide verifiable explanations. The new workflows β€” iterative policy improvement and ambiguity reduction β€” help customers refine policies with less manual effort. Both workflows are accessible via the Amazon Bedrock APIs and the AWS Management Console.
read more β†’

Amazon Bedrock AgentCore managed harness now GA

πŸš€ Amazon Bedrock AgentCore announces general availability of its managed agent harness, enabling teams to deploy production-grade agents in minutes. The harness handles orchestration, tool execution, session isolation, persistent memory, failure recovery, and context management so customers define agents via configuration rather than coding the loop. It supports any model, mid-session model switching, integrated security and observability, and exports to code for custom orchestration, and is available today in all AWS Commercial Regions where AgentCore is offered.
read more β†’

Amazon Bedrock AgentCore Adds Policy Guardrails

πŸ›‘οΈ Amazon Web Services announced that Amazon Bedrock AgentCore now supports Bedrock Guardrails in policy, enabling enterprises to enforce safety and security controls on AI agents in production. AgentCore policy authorizes which actions agents can take and now evaluates outputs and gateway inputs in real time to detect and block prompt injection, harmful content, and sensitive data exposure. Guardrail enforcement occurs at the AgentCore gateway perimeter, with all evaluations logged via AgentCore observability for auditing and optimization. The capability integrates with existing gateway deployments, supports natural language or policy-as-code authoring, uses consumption-based pricing, and is available in multiple global AWS regions.
read more β†’

Amazon Bedrock Managed Knowledge Base Launch

πŸš€ Amazon Bedrock Managed Knowledge Base is now generally available as a fully managed retrieval-augmented generation (RAG) service. The offering removes the need to manage vector databases, data pipelines, and retrieval infrastructure by handling ingestion, storage optimization, and advanced retrieval. It supports six native connectorsβ€”S3, SharePoint, Confluence, Google Drive, OneDrive, and a web crawlerβ€”with automatic syncing and managed vector storage tuned for price-performance. Native integration with Amazon Bedrock AgentCore provides auto-generated permissions and observability for agent deployments.
read more β†’