{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/aws-bedrock-claude/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["AWS Bedrock Claude"],"_cs_severities":["high"],"_cs_tags":["cloud","aws","bedrock","claude","llm","prompt-injection","data-exfiltration","detection-coverage"],"_cs_type":"coverage","_cs_vendors":["AWS","Anthropic","Splunk"],"content_html":"\u003cp\u003eThis consolidated coverage brief tracks AWS Bedrock Claude abuse detections that were previously published as separate rule-specific briefs. The coverage focuses on suspicious model invocation patterns visible in Bedrock invocation logs and downstream SIEM telemetry: prompt injection keywords, hostile prompt sentiment, sensitive data in prompts, unusually large prompts, excessive output-token anomalies, cross-region inference mismatches, and high-risk filesystem or execution tool invocation through Claude workflows.\u003c/p\u003e\n\u003ch2 id=\"detection-coverage\"\u003eDetection Coverage\u003c/h2\u003e\n\u003cp\u003eDefenders should enable Amazon Bedrock model invocation logging, route request and response metadata into their SIEM, and deploy the rules in this brief as a single monitoring package for Claude usage. Treat high-risk tool invocation and sensitive-data prompt exposure as higher-priority findings, especially when tied to human identities, unusual regions, or identities deviating from historical token baselines.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable AWS Bedrock model invocation logging and ingest Claude request/response metadata into Splunk or an equivalent SIEM.\u003c/li\u003e\n\u003cli\u003eDeploy the six public detection rules in this brief and tune thresholds for expected developer, red-team, and testing activity.\u003c/li\u003e\n\u003cli\u003eInvestigate identities triggering multiple Bedrock Claude detections on the same day, especially combinations of prompt injection, sensitive data exposure, cross-region inference, and high-risk tool usage.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-07T10:07:42Z","date_published":"2026-07-07T08:09:32Z","id":"https://feed.craftedsignal.io/briefs/2026-07-aws-bedrock-claude-large-prompts/","summary":"Merged detection coverage for AWS Bedrock Claude abuse patterns, including prompt injection, sensitive-data exposure, high-risk tool invocation, cross-region inference, hostile prompts, unusually large prompts, and excessive token output anomalies.","title":"AWS Bedrock Claude Abuse and Data Exposure Detection Coverage","url":"https://feed.craftedsignal.io/briefs/2026-07-aws-bedrock-claude-large-prompts/"}],"language":"en","title":"CraftedSignal Threat Feed - AWS Bedrock Claude","version":"https://jsonfeed.org/version/1.1"}