High Number of AWS Bedrock List Foundation Model Failures
Detection of a high number of AccessDenied errors when attempting to list AWS Bedrock foundation models, indicating potential reconnaissance activity after credential compromise to discover accessible AI models.
This analytic identifies potential reconnaissance activity against AWS Bedrock by detecting a high number of AccessDenied errors when calling the ListFoundationModels API. The activity is significant because it suggests an attacker, potentially with compromised credentials and limited permissions, is attempting to enumerate available AI models. Multiple failed attempts could signify brute-force attempts to bypass access controls or indicate misconfigured IAM policies. The detection focuses on identifying patterns of failed API calls using AWS CloudTrail logs. This early-stage reconnaissance is a precursor to potentially accessing or manipulating Bedrock models or knowledge bases. The detection looks for more than 9 attempts.
Attack Chain
- Compromise of AWS credentials with limited permissions.
- Attacker uses the compromised credentials to call the
ListFoundationModelsAPI via the AWS CLI or SDK. - Due to insufficient permissions, the API calls return an
AccessDeniederror. - The attacker repeats the
ListFoundationModelsAPI calls multiple times, attempting to bypass access controls or discover accessible models. - AWS CloudTrail logs record each
ListFoundationModelsAPI call and the correspondingAccessDeniederror, including the source IP address, user agent, and user name. - A detection rule identifies the high number of
AccessDeniederrors within a specific timeframe. - Successful enumeration of foundation models allows the attacker to plan subsequent attacks, such as accessing models or manipulating knowledge bases.
Impact
A successful attack can lead to unauthorized access to or manipulation of AWS Bedrock foundation models. This can result in data breaches, model poisoning, or the use of AI models for malicious purposes. While the number of affected organizations is currently unknown, the impact could be significant, especially for organizations relying on Bedrock for critical AI applications.
Recommendation
- Deploy the provided Sigma rule to your SIEM to detect a high number of
AccessDeniederrors forListFoundationModelsin AWS CloudTrail logs. - Investigate identified users and source IP addresses exhibiting a high number of failed
ListFoundationModelsAPI calls. - Review and harden IAM policies to ensure proper access controls for AWS Bedrock services.
- Implement multi-factor authentication (MFA) to protect AWS credentials.
Detection coverage 2
Detect High Number of AWS Bedrock ListFoundationModels Failures
mediumDetects a high number of AccessDenied errors when calling ListFoundationModels API, indicating potential reconnaissance.
AWS Bedrock ListFoundationModels Success Followed by AccessDenied
lowDetects successful calls to ListFoundationModels followed by AccessDenied errors, which may indicate privilege escalation attempts.
Detection queries are available on the platform. Get full rules →