Skip to content
Threat Feed
medium advisory

Detecting Unusually Large Prompts to AWS Bedrock Claude Models

This brief outlines a detection strategy for identifying unusually large prompts sent to AWS Bedrock Claude models, which may indicate prompt injection attacks, data exfiltration attempts, or abuse of the AI service, warranting investigation by detection engineers.

This brief details a detection engineering approach to identify suspicious activity within AWS Bedrock Claude models. The focus is on flagging unusually large prompts, which are anomalous input token counts that significantly exceed a statistical baseline. This method aims to uncover potential prompt injection attacks where adversaries attempt to manipulate the AI model's behavior, data exfiltration attempts where large volumes of sensitive information might be queried or extracted, or general abuse of the AI service resources. The detection calculates the statistical average and standard deviation of input.inputTokenCount and flags requests that are one standard deviation above the mean and exceed a minimum threshold of 1000 input tokens, requiring defenders to monitor their AI interactions for these specific behavioral deviations.

Impact

Successful prompt injection attacks can lead to unauthorized data access, manipulation of AI model outputs, or compromise of sensitive information by coercing the model to reveal internal configurations or bypass safety mechanisms. Data exfiltration attempts via large prompts could lead to the exposure of confidential company data or intellectual property. Abuse of AI services might result in significant unexpected costs due to excessive token usage, resource exhaustion, or even reputational damage if the AI is misused for malicious purposes. The consequences include financial losses, regulatory non-compliance, and loss of user trust.

Recommendation

  • Enable Amazon Bedrock model invocation logging to ensure Claude request/response payloads are delivered to S3 and/or CloudWatch Logs, as detailed in the AWS documentation https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html.
  • Deploy the Sigma rule included in this brief to your SIEM, configuring log ingestion from AWS Bedrock services to allow correlation with input.inputTokenCount fields.
  • Install and configure the Splunk Add-on for AWS from https://splunkbase.splunk.com/app/1876 and ingest relevant AWS Bedrock logs for advanced statistical analysis.
  • Review alerts generated by the input.inputTokenCount detection to differentiate legitimate large queries from potential prompt injection or data exfiltration attempts.

Detection coverage 1

Detect Unusually Large Prompts to AWS Bedrock Claude Models

high

Detects potentially malicious activity such as prompt injection or data exfiltration attempts by identifying requests to AWS Bedrock Claude models with an unusually high input token count. This rule serves as a component of a broader statistical anomaly detection strategy.

sigma tactics: impact techniques: T1059, T1565.001 sources: cloud, aws.bedrock

Detection queries are available on the platform. Get full rules →