Analytics Story: Suspicious AWS Bedrock Claude Activities

Description

This analytic story provides detection coverage for prompt injection, jailbreak attempts and other suspicious activities targeting AWS Bedrock Claude AI services. It monitors user inputs to Claude models for known manipulation patterns such as instruction override phrases, persona hijacking, and safety bypass keywords. These techniques are commonly used by adversaries to circumvent AI safety controls, extract sensitive information, or repurpose the model for malicious tasks.

Why it matters

This analytic story is designed to detect suspicious activities related to AWS Bedrock Claude, an AI service that allows users to interact with AI models. The story focuses on identifying potential malicious inputs that aim to manipulate the AI model's behavior. By monitoring for specific patterns in user inputs, security teams can identify and respond to potential abuse or exploitation of the AWS Bedrock Claude service. Security teams should review the context of detected prompts to determine if they represent actual prompt injection attempts or benign usage, as false positives may arise from legitimate user interactions with the AI model.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
AWS Bedrock Claude Possible Prompt Injection Process Injection Hunting
AWS Bedrock Claude Sensitive Data in Prompts Process Injection Anomaly
AWS Bedrock Claude High Risk Filesystem and Exec Tool Invocation Process Injection Anomaly
AWS Bedrock Claude Hostile Prompt Sentiment Process Injection Anomaly
AWS Bedrock Claude Unusually Large Prompts Process Injection Anomaly
AWS Bedrock Claude Cross Region Possible Inference Abuse Network Boundary Bridging Anomaly
AWS Bedrock Claude excessive use of tokens Process Injection Anomaly

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼
AWS Bedrock Claude AWS icon AWS json_no_timestamp aws_bedrock

References


Source: GitHub | Version: 1