Product
Detection of Unusually Large Prompts in AWS Bedrock Claude
1 rule 2 TTPsThis brief describes how to detect unusually large prompts sent to AWS Bedrock Claude models, which may indicate prompt injection attacks, data exfiltration attempts, or abuse of the AI service, through statistical baselining or high static thresholds.
Sensitive Data Exposure in AWS Bedrock Claude Prompts
1 rule 2 TTPsThis detection identifies instances where sensitive data, including social security numbers, passwords, API keys, and credit card numbers, is inadvertently or maliciously sent within prompts to AWS Bedrock Claude AI models, indicating potential data loss, credential leakage, or insider threat activity.
AWS Bedrock Claude High Risk Filesystem and Exec Tool Invocation
1 rule 5 TTPsDetection identifies anomalous or high-risk usage of filesystem and execution tools (such as bash, curl, edit, write, webfetch, grep, read, read_file) invoked by an identity through AWS Bedrock Claude, flagging suspicious activity that could indicate attempts to escalate privileges, exfiltrate data, execute unauthorized commands, or establish persistence.
Potential Cross-Region Inference Abuse in AWS Bedrock Claude
1 rule 3 TTPsThis threat brief details the potential for malicious actors to exploit AWS Bedrock Claude models by performing cross-region inference with high input token counts, indicating attempts to bypass regional restrictions, exfiltrate sensitive data, or conduct unauthorized actions across different AWS regions.