<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Amazon Claude Models - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/amazon-claude-models/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Thu, 16 Jul 2026 10:30:43 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/amazon-claude-models/feed.xml" rel="self" type="application/rss+xml"/><item><title>Detecting Unusually Large Prompts to AWS Bedrock Claude Models</title><link>https://feed.craftedsignal.io/briefs/2026-07-aws-bedrock-large-prompts/</link><pubDate>Thu, 16 Jul 2026 10:30:43 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-aws-bedrock-large-prompts/</guid><description>This brief outlines a detection strategy for identifying unusually large prompts sent to AWS Bedrock Claude models, which may indicate prompt injection attacks, data exfiltration attempts, or abuse of the AI service, warranting investigation by detection engineers.</description><content:encoded><![CDATA[<p>This brief details a detection engineering approach to identify suspicious activity within AWS Bedrock Claude models. The focus is on flagging unusually large prompts, which are anomalous input token counts that significantly exceed a statistical baseline. This method aims to uncover potential prompt injection attacks where adversaries attempt to manipulate the AI model's behavior, data exfiltration attempts where large volumes of sensitive information might be queried or extracted, or general abuse of the AI service resources. The detection calculates the statistical average and standard deviation of <code>input.inputTokenCount</code> and flags requests that are one standard deviation above the mean and exceed a minimum threshold of 1000 input tokens, requiring defenders to monitor their AI interactions for these specific behavioral deviations.</p>
<h2 id="impact">Impact</h2>
<p>Successful prompt injection attacks can lead to unauthorized data access, manipulation of AI model outputs, or compromise of sensitive information by coercing the model to reveal internal configurations or bypass safety mechanisms. Data exfiltration attempts via large prompts could lead to the exposure of confidential company data or intellectual property. Abuse of AI services might result in significant unexpected costs due to excessive token usage, resource exhaustion, or even reputational damage if the AI is misused for malicious purposes. The consequences include financial losses, regulatory non-compliance, and loss of user trust.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Enable Amazon Bedrock model invocation logging to ensure Claude request/response payloads are delivered to S3 and/or CloudWatch Logs, as detailed in the AWS documentation <code>https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html</code>.</li>
<li>Deploy the Sigma rule included in this brief to your SIEM, configuring log ingestion from AWS Bedrock services to allow correlation with <code>input.inputTokenCount</code> fields.</li>
<li>Install and configure the Splunk Add-on for AWS from <code>https://splunkbase.splunk.com/app/1876</code> and ingest relevant AWS Bedrock logs for advanced statistical analysis.</li>
<li>Review alerts generated by the <code>input.inputTokenCount</code> detection to differentiate legitimate large queries from potential prompt injection or data exfiltration attempts.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>cloud-security</category><category>aws</category><category>ai-security</category><category>prompt-injection</category><category>data-exfiltration</category><category>anomaly-detection</category></item></channel></rss>