Sensitive Data Exposure in AWS Bedrock Claude Prompts
This detection identifies instances where sensitive data, including social security numbers, passwords, API keys, and credit card numbers, is inadvertently or maliciously sent within prompts to AWS Bedrock Claude AI models, indicating potential data loss, credential leakage, or insider threat activity.
This threat brief focuses on the exposure of sensitive data within prompts submitted to Amazon Web Services (AWS) Bedrock Claude large language models. This detection, first published on July 6, 2026, aims to identify scenarios where confidential information such as AWS Access Keys, GitHub Personal Access Tokens, Slack tokens, Stripe keys, OpenAI keys, Google API keys, private key headers, generic passwords, bearer tokens, Social Security Numbers (SSNs), or credit card numbers are transmitted as part of AI model input. Such occurrences signal potential data loss, credential compromise, or insider threat activity, as the sensitive data becomes logged and potentially accessible to unauthorized individuals or systems with access to Bedrock model invocation logs. Organizations using AWS Bedrock Claude models are targeted, with the risk arising from misconfiguration, user error, or malicious intent.
Attack Chain
- An authorized user or application constructs an input prompt for an AWS Bedrock Claude model.
- The prompt inadvertently, due to user error, or maliciously, due to an insider threat, includes sensitive information such as API keys, passwords, SSNs, or credit card numbers.
- The user or application invokes the AWS Bedrock API to send this prompt to the designated Claude model.
- The AWS Bedrock service processes the prompt, and if model invocation logging is enabled, the complete prompt content, including the sensitive data, is recorded.
- These logs are typically stored in AWS S3 buckets or CloudWatch Logs, making the sensitive data discoverable and accessible to anyone with appropriate permissions to these log storage locations.
- The exposure of this sensitive data in logs can lead to data loss, compliance violations, or credential compromise if the logs are accessed by unauthorized entities, either internally or externally, ultimately facilitating further malicious activities like account takeover or data exfiltration.
Impact
The primary impact of sensitive data exposure in AI prompts is the potential for significant data loss and credential compromise. If API keys, passwords, or PII like SSNs and credit card numbers are logged, they become vulnerable to unauthorized access. This can lead to account takeovers, unauthorized access to systems and data, financial fraud, and severe breaches of privacy regulations (e.g., GDPR, HIPAA). While no specific victim count is available, any organization utilizing AWS Bedrock Claude without stringent data handling policies and monitoring is susceptible to this risk. Such incidents can also result in reputational damage and substantial regulatory fines.
Recommendation
- Enable Amazon Bedrock model invocation logging as described in the AWS documentation (refer to
https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html). - Ingest AWS Bedrock Claude model invocation logs into your Security Information and Event Management (SIEM) platform for analysis and alerting, ensuring the
aws_bedrock_claude_sensitive_data_in_promptsrule can process them. - Deploy the
Detect Sensitive Data in AWS Bedrock Claude PromptsSigma rule to your SIEM and tune it for your environment. - Implement data loss prevention (DLP) policies and controls at endpoints and network egress points to prevent sensitive data from entering AI prompts.
- Review detections generated by this rule, as described in the
falsepositivessection, to differentiate between legitimate test data and actual sensitive data exposure.
Detection coverage 1
Detect Sensitive Data in AWS Bedrock Claude Prompts
highDetects sensitive data such as AWS keys, GitHub tokens, Slack tokens, Stripe keys, OpenAI keys, Google API keys, private keys, generic passwords, bearer tokens, Social Security Numbers (SSNs), and credit card numbers being sent in prompts to AWS Bedrock Claude models. This indicates potential data leakage or insider threat.
Detection queries are available on the platform. Get full rules →