Generative AI data protection with Amazon Bedrock
Data Security Privacy
Most organizations that are building GenAI apps are concerned about how to protect the data they use to personalize or train their models, not only from threat actors attempting attacks such as Prompt injection , but also how to protect their data and prompts from the Foundational Model providers who may use their data to improve the model. Terms & Conditions may not be sufficient assurance for your organization. Amazon Bedrock do not allow any model provider to learn from your data or prompts.
Data security by default
Amazon Bedrock only allows encrypted connections to the service (encryption in transit), and requires you to encrypt data stored in model personalization (encryption at rest)
You can reach the Bedrock endpoint directly from the VPC using a VPC endpoint, without traveling across Internet. From on-prem you optionally can access privately using Amazon DirectConnect
Amazon Bedrock architecture
Using Bedrock, the model providers can only write their model into an S3 Bucket, they have no access to see your prompts nor personalized models.
Amazon Bedrock GuardRails
Amazon Bedrock Guardrails
analyze the prompt and its response to redirect response to “I’m sorry, I can’t answer that” if the request or output is undesirable.
Risk Mitigation
- Foundational Models providers may learn from prompts or data used to personalize your model if accessing directly.
- Models can be confused using prompt injection to provide information that the organization does not want to share with the users, such as opinions regarding politicians, how to commit crimes, providing investment advice, or providing internal/sensible information. Guardrails mitigate that risk by analyzing the prompt and its response.
Guidance for assessments
- Are you building GenAI applications ? what are you using ?
- if not using Bedrock, what security controls are in place to ensure your data is not used to train models ?
- if using Bedrock, have you configured Guardrails ?