All news with #bedrock guardrails tag

🔒 The updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption provides Financial Services customers practical GRC guidance for deploying AI responsibly. It covers governance, risk management, compliance, data and model management, and AI agent oversight, and maps these considerations to AWS capabilities. The guide highlights services such as Amazon Bedrock AgentCore, Bedrock Guardrails, Bedrock Agents, SageMaker Autopilot, and SageMaker Model Monitor. It complements existing AWS responsible AI and Well-Architected resources and is available on the AWS Whitepaper portal.

🛡️ This article outlines AWS guidance for integrating trust, safety, and responsible-AI practices into applications built on Amazon Bedrock. It defines core responsible AI dimensions—such as safety, controllability, fairness, explainability, security and privacy, robustness, governance, and transparency—and maps them to lifecycle stages: design, deployment, and operations. It recommends observability and guardrail tools like Amazon CloudWatch and Bedrock Guardrails for monitoring, abuse detection, configurable content filters, and hallucination controls, and describes an abuse response process for coordination with AWS Trust & Safety.

🔒 This Unit 42 analysis evaluates Amazon Bedrock Agents' multi-agent collaboration from a red-team perspective. The researchers demonstrate a chain of reconnaissance and exploitation—detecting operating mode, enumerating collaborator agents, delivering attacker-controlled payloads, and triggering tool actions—when Bedrock Guardrails and pre-processing are disabled. The report confirms no vulnerabilities in Bedrock itself and emphasizes mitigations such as Bedrock Guardrails, input validation, scoped agent capabilities, and the principle of least privilege.

🔒 Amazon Bedrock Guardrails now supports centralized, organization-wide enforcement through cross-account safeguards, enabling security teams to apply configurable safety controls from a single management account. AWS reports these safeguards can block up to 88% of harmful multimodal content and help filter hallucinated model outputs, removing the need to configure guardrails per account. The capability is available in all supported commercial and GovCloud regions and can be managed via the AWS Console or APIs.

🔒 Amazon now enables Bedrock AgentCore to apply Chrome Enterprise policies to AgentCore Browser and to accept custom root Certificate Authority (CA) certificates for both AgentCore Browser and Code Interpreter. Administrators can leverage 100+ configurable browser policies — such as URL restrictions, disabling password managers, download controls, and kiosk-mode restrictions — to enforce compliance for AI agents. Custom root CA support permits secure TLS connections to internal services and corporate proxies that use enterprise-signed certificates, helping agents operate within strict security environments.

🔒 Researchers disclosed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries, enabling attackers to create bidirectional command-and-control channels and exfiltrate data via DNS despite a "no network access" setting. BeyondTrust rated the issue 7.5/10 and recommends migrating critical workloads to VPC mode and using a Route53 DNS Firewall. Administrators should audit IAM roles and inventory active interpreters immediately.

🔒 Amazon has made Policy in Bedrock AgentCore generally available, providing centralized, fine-grained controls for agent-to-tool interactions. Teams can author policies in natural language that AWS converts into Cedar and stores in a policy engine attached to an AgentCore Gateway, which intercepts traffic and evaluates requests before allowing or denying access. Operating outside agent code, this lets security, compliance, and operations enforce access rules and validate inputs without modifying agents, improving governance and visibility across deployments.

🧪 Amazon Web Services has added natural-language test Q&A generation to Automated Reasoning checks in Amazon Bedrock Guardrails. The capability generates up to N test Q&As from input documents to accelerate creating and validating formal verification policies. Automated Reasoning checks apply formal methods to detect correct model outputs and report up to 99% accuracy in identifying correct responses and reducing hallucinations. The feature is available in multiple US and EU Regions and accessible via the Bedrock console and Python SDK.

🔒 Amazon Web Services expanded Amazon Bedrock Guardrails to cover code-related use cases, enabling detection and prevention of harmful content embedded in code. The update applies content filters, denied topics, and sensitive information filters to code elements such as comments, variable and function names, and string literals. The enhancements also include prompt leakage detection in the standard tier and are available in all supported AWS Regions via the console and APIs.

🔒 Amazon Bedrock Guardrails offers configurable, cross-model safeguards to protect generative AI applications from encoding-based attacks that attempt to hide harmful content using encodings such as Base64, hexadecimal, ROT13, and Morse code. It implements a layered defense—output-focused filtering, prompt-attack detection, and customizable denied topics—so legitimate encoded inputs are allowed while attempts to request or generate encoded harmful outputs are blocked. The design emphasizes usability and performance by avoiding exhaustive input decoding and relying on post-generation evaluation.

⚠️This Unit 42 proof-of-concept shows how an attacker can use indirect prompt injection to silently poison an AI agent’s long-term memory, demonstrated against a travel assistant built on Amazon Bedrock. The attack manipulates the agent’s session summarization process so malicious instructions become stored memory and persist across sessions. When the compromised memory is later injected into orchestration prompts, the agent can be coerced into unauthorized actions such as stealthy exfiltration. Unit 42 outlines layered mitigations including pre-processing prompts, Bedrock Guardrails, content filtering, URL allowlisting, and logging to reduce risk.

🛡️ This post explains how to adapt enterprise risk management frameworks to safely scale cloud-based generative AI, combining governance foundations with practical controls. It emphasizes the cloud as the foundational infrastructure and identifies differences from on‑premises models that change risk profiles and vendor relationships. The guidance maps traditional ERMF elements to AI-specific controls across fairness, explainability, privacy/security, safety, controllability, veracity/robustness, governance, and transparency, and references tools such as Amazon Bedrock Guardrails, SageMaker Clarify, and the ISO/IEC 42001 standard to operationalize those controls.