< ciso
brief />
Tag Banner

All news with #bedrock guardrails tag

18 articles

Designing for Inevitable System Prompt Leakage

🛡️ System prompts are core to generative AI applications and often include role definitions, tool descriptions, RAG context, and other proprietary instructions. This AWS Security Blog post explains why system prompt leakage is a persistent risk, highlights that it cannot be fully remediated today, and outlines practical mitigations. It recommends design principles such as minimization and avoiding sensitive data in prompts, and details controls available via Amazon Bedrock Guardrails and other mechanisms to reduce exposure and raise extraction difficulty.
read more →

Claude Opus 4.8 now in AWS GovCloud (US)

🚀 AWS GovCloud (US) now offers Anthropic's Claude Opus 4.8, the vendor's most capable generally available model to date. Claude Opus 4.8 improves agentic coding, long-running autonomous tasks, and professional knowledge work by maintaining extended context, planning before edits, and recovering from errors. Amazon Bedrock delivers access while keeping data in AWS infrastructure and adding AWS-managed features such as Guardrails and Knowledge Bases.
read more →

Amazon Bedrock adds automated policy refinement workflows

🔧 AWS announced automated refinement workflows for Automated Reasoning checks in Amazon Bedrock Guardrails. These checks use formal logic to validate generative AI responses against user-defined policies to detect hallucinations and provide verifiable explanations. The new workflows — iterative policy improvement and ambiguity reduction — help customers refine policies with less manual effort. Both workflows are accessible via the Amazon Bedrock APIs and the AWS Management Console.
read more →

Amazon Bedrock AgentCore Adds Policy Guardrails

🛡️ Amazon Web Services announced that Amazon Bedrock AgentCore now supports Bedrock Guardrails in policy, enabling enterprises to enforce safety and security controls on AI agents in production. AgentCore policy authorizes which actions agents can take and now evaluates outputs and gateway inputs in real time to detect and block prompt injection, harmful content, and sensitive data exposure. Guardrail enforcement occurs at the AgentCore gateway perimeter, with all evaluations logged via AgentCore observability for auditing and optimization. The capability integrates with existing gateway deployments, supports natural language or policy-as-code authoring, uses consumption-based pricing, and is available in multiple global AWS regions.
read more →

Amazon Bedrock launches per-request Guardrails API

🛡️ Amazon Bedrock Guardrails introduces the InvokeGuardrailChecks API, a resourceless endpoint that lets you apply individual safeguards at any step of agentic AI workflows without creating guardrail resources. The API returns numeric severity and confidence scores so you can set custom thresholds and actions — block, pass, retry, or log — per request. It supports content filters, prompt attack detection, and sensitive information filters and is available in multiple AWS Regions.
read more →

Amazon Bedrock Guardrails Adds Automated Reasoning

🛡️ Amazon Bedrock Guardrails now includes Automated Reasoning checks that use formal verification to mathematically validate AI model outputs. This capability targets hallucinations, policy violations, and ambiguous responses to improve trust and compliance. Available in Asia Pacific (Sydney), it complements existing regional availability and is accessible via the Amazon Bedrock console and SDK.
read more →

Updated AWS Guide: GRC for Responsible AI in FSI Updates

🔒 The updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption provides Financial Services customers practical GRC guidance for deploying AI responsibly. It covers governance, risk management, compliance, data and model management, and AI agent oversight, and maps these considerations to AWS capabilities. The guide highlights services such as Amazon Bedrock AgentCore, Bedrock Guardrails, Bedrock Agents, SageMaker Autopilot, and SageMaker Model Monitor. It complements existing AWS responsible AI and Well-Architected resources and is available on the AWS Whitepaper portal.
read more →

Designing Trust and Safety for Amazon Bedrock Apps

🛡️ This article outlines AWS guidance for integrating trust, safety, and responsible-AI practices into applications built on Amazon Bedrock. It defines core responsible AI dimensions—such as safety, controllability, fairness, explainability, security and privacy, robustness, governance, and transparency—and maps them to lifecycle stages: design, deployment, and operations. It recommends observability and guardrail tools like Amazon CloudWatch and Bedrock Guardrails for monitoring, abuse detection, configurable content filters, and hallucination controls, and describes an abuse response process for coordination with AWS Trust & Safety.
read more →

Amazon Bedrock Agents: Multi-Agent Security Assessment

🔒 This Unit 42 analysis evaluates Amazon Bedrock Agents' multi-agent collaboration from a red-team perspective. The researchers demonstrate a chain of reconnaissance and exploitation—detecting operating mode, enumerating collaborator agents, delivering attacker-controlled payloads, and triggering tool actions—when Bedrock Guardrails and pre-processing are disabled. The report confirms no vulnerabilities in Bedrock itself and emphasizes mitigations such as Bedrock Guardrails, input validation, scoped agent capabilities, and the principle of least privilege.
read more →

Amazon Bedrock Guardrails Adds Cross-Account Safeguards

🔒 Amazon Bedrock Guardrails now supports centralized, organization-wide enforcement through cross-account safeguards, enabling security teams to apply configurable safety controls from a single management account. AWS reports these safeguards can block up to 88% of harmful multimodal content and help filter hallucinated model outputs, removing the need to configure guardrails per account. The capability is available in all supported commercial and GovCloud regions and can be managed via the AWS Console or APIs.
read more →

Amazon Bedrock AgentCore adds Chrome policies and CA support

🔒 Amazon now enables Bedrock AgentCore to apply Chrome Enterprise policies to AgentCore Browser and to accept custom root Certificate Authority (CA) certificates for both AgentCore Browser and Code Interpreter. Administrators can leverage 100+ configurable browser policies — such as URL restrictions, disabling password managers, download controls, and kiosk-mode restrictions — to enforce compliance for AI agents. Custom root CA support permits secure TLS connections to internal services and corporate proxies that use enterprise-signed certificates, helping agents operate within strict security environments.
read more →

DNS Exfiltration and RCE Risk in AI Code Sandboxes

🔒 Researchers disclosed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries, enabling attackers to create bidirectional command-and-control channels and exfiltrate data via DNS despite a "no network access" setting. BeyondTrust rated the issue 7.5/10 and recommends migrating critical workloads to VPC mode and using a Route53 DNS Firewall. Administrators should audit IAM roles and inventory active interpreters immediately.
read more →

AgentCore Policy Controls in Amazon Bedrock Now Available

🔒 Amazon has made Policy in Bedrock AgentCore generally available, providing centralized, fine-grained controls for agent-to-tool interactions. Teams can author policies in natural language that AWS converts into Cedar and stores in a policy engine attached to an AgentCore Gateway, which intercepts traffic and evaluates requests before allowing or denying access. Operating outside agent code, this lets security, compliance, and operations enforce access rules and validate inputs without modifying agents, improving governance and visibility across deployments.
read more →

Bedrock Guardrails: Natural-Language Test Generation

🧪 Amazon Web Services has added natural-language test Q&A generation to Automated Reasoning checks in Amazon Bedrock Guardrails. The capability generates up to N test Q&As from input documents to accelerate creating and validating formal verification policies. Automated Reasoning checks apply formal methods to detect correct model outputs and report up to 99% accuracy in identifying correct responses and reducing hallucinations. The feature is available in multiple US and EU Regions and accessible via the Bedrock console and Python SDK.
read more →

Amazon Bedrock Guardrails Expand Code-Related Protections

🔒 Amazon Web Services expanded Amazon Bedrock Guardrails to cover code-related use cases, enabling detection and prevention of harmful content embedded in code. The update applies content filters, denied topics, and sensitive information filters to code elements such as comments, variable and function names, and string literals. The enhancements also include prompt leakage detection in the standard tier and are available in all supported AWS Regions via the console and APIs.
read more →

Encoding-Based Attack Protection with Bedrock Guardrails

🔒 Amazon Bedrock Guardrails offers configurable, cross-model safeguards to protect generative AI applications from encoding-based attacks that attempt to hide harmful content using encodings such as Base64, hexadecimal, ROT13, and Morse code. It implements a layered defense—output-focused filtering, prompt-attack detection, and customizable denied topics—so legitimate encoded inputs are allowed while attempts to request or generate encoded harmful outputs are blocked. The design emphasizes usability and performance by avoiding exhaustive input decoding and relying on post-generation evaluation.
read more →

Indirect Prompt Injection Poisons Agents' Long-Term Memory

⚠️This Unit 42 proof-of-concept shows how an attacker can use indirect prompt injection to silently poison an AI agent’s long-term memory, demonstrated against a travel assistant built on Amazon Bedrock. The attack manipulates the agent’s session summarization process so malicious instructions become stored memory and persist across sessions. When the compromised memory is later injected into orchestration prompts, the agent can be coerced into unauthorized actions such as stealthy exfiltration. Unit 42 outlines layered mitigations including pre-processing prompts, Bedrock Guardrails, content filtering, URL allowlisting, and logging to reduce risk.
read more →

Adapting Enterprise Risk Management for Generative AI

🛡️ This post explains how to adapt enterprise risk management frameworks to safely scale cloud-based generative AI, combining governance foundations with practical controls. It emphasizes the cloud as the foundational infrastructure and identifies differences from on‑premises models that change risk profiles and vendor relationships. The guidance maps traditional ERMF elements to AI-specific controls across fairness, explainability, privacy/security, safety, controllability, veracity/robustness, governance, and transparency, and references tools such as Amazon Bedrock Guardrails, SageMaker Clarify, and the ISO/IEC 42001 standard to operationalize those controls.
read more →