Generative AI data protection with Amazon Bedrock

Data Security Privacy

Most organizations that are building GenAI apps are concerned about how to protect the data they use to personalize or train their models, not only from threat actors attempting attacks such as Prompt injection , but also how to protect their data and prompts from the Foundational Model providers who may use their data to improve the model. Terms & Conditions may not be sufficient assurance for your organization. Amazon Bedrock do not allow any model provider to learn from your data or prompts.

Data security by default

Amazon Bedrock only allows encrypted connections to the service (encryption in transit), and requires you to encrypt data stored in model personalization (encryption at rest)

You can reach the Bedrock endpoint directly from the VPC using a VPC endpoint, without traveling across Internet. From on-prem you optionally can access privately using Amazon DirectConnect

Amazon Bedrock architecture

Using Bedrock, the model providers can only write their model into an S3 Bucket, they have no access to see your prompts nor personalized models.

Amazon Bedrock GuardRails

Amazon Bedrock Guardrails analyze the prompt and its response to redirect response to “I’m sorry, I can’t answer that” if the request or output is undesirable.

Risk Mitigation

  • If you’re accessing the Foundational Models providers directly (without using Amazon Bedrock), they may learn from your prompts or data used to personalize your models (you’re trusting their terms & conditions).
  • Models can be confused using prompt injection to provide information that the organization does not want to share with the users, such as opinions regarding politicians, how to commit crimes, providing investment advice, or providing internal/sensible information. Guardrails mitigate that risk by analyzing the prompt and its response.

Guidance for assessments

  • Are you building GenAI applications ? what are you using ?
  • if not using Bedrock, what security controls are in place to ensure your data is not used to train models ?
  • if using Bedrock, have you configured Guardrails ?

OWASP top 10 for LLM Applications

Pricing

https://aws.amazon.com/bedrock/pricing