Protect DeepSeek model deployments with Protect AI and Amazon Bedrock

By Shashi Raina, Sr. Partner Solutions Architect – AWS
By Qiong Zhang, Partner Solutions Architect – AWS
By Vedant Ari Jain, Principal AI/ML Solutions Architect – Protect AI
By Zoe Hellenmeyer, Head of Tech Alliances – Protect AI

As you integrate generative AI into enterprise workflows, you unlock new innovations but also security risks such as prompt injection attacks, model poisoning, and data extraction vulnerabilities. Open-source generative AI models, in particular, are vulnerable to hidden risks, including data leakage risks and susceptibility to adversarial attacks. To scale AI quickly and safely, proactively assessing and mitigating these threats before deployment is essential.

In 2023, organizations released 149 foundation models, more than double the number released in 2022. This rapid growth in model releases continues. Each new model introduces specific capabilities in reasoning, text generation, and automated decision-making. Users adopt these models in testing or production environments without fully understanding the associated security risks. The recent release of DeepSeek-R1, an open-source reasoning model by DeepSeek-AI, highlights the urgency of addressing generative AI security. DeepSeek-R1 attracted widespread attention due to its impressive reasoning capabilities and permissive MIT license. However, security researchers have identified critical vulnerabilities in DeepSeek-R1, such as prompt injection attacks, jailbreaking, and adversarial manipulations. These vulnerabilities raise concerns about its reliability for enterprise use, emphasizing the need for thorough security assessments before adoption.

In this blog, you’ll learn how Protect AI’s Guardian and Recon tools integrate with Amazon Bedrock to protect DeepSeek model deployments. These tools provide specific security controls to identify and mitigate threats at every stage of your generative AI workflow when using DeepSeek models.

Secure AI Deployment with Amazon Bedrock and Protect AI

Organizations struggle to evaluate the security of AI models effectively, creating bottlenecks that hinder innovation and delay production timelines. Without adequate security measures, businesses risk compliance failures, reputational damage, and malicious exploitation.

Amazon Bedrock is a fully managed service that offers a choice of high-performing foundation models (FMs) from leading AI companies through a single API. It provides the broad set of capabilities you need to build generative AI applications with security, privacy, and responsible AI.

Protect AI is a security platform for artificial intelligence systems. It helps organizations identify, monitor, and mitigate AI security risks. The platform integrates two key tools into AI workflows: Guardian, a scanner that validates ML models, and Recon, which performs automated security testing for generative AI. These tools help to secure AI applications throughout their lifecycle, from initial model selection through deployment.

How Guardian and Recon Work with Amazon Bedrock

Using Protect AI’s Guardian, you can scan and validate open-source DeepSeek models before their deployment on Amazon Bedrock. Using Protect AI’s Recon, you can automate red-teaming and guide the configuration of Amazon Bedrock Guardrails to help safely build generative AI applications at scale.

Scanning Foundation Models for Vulnerabilities with Guardian

It’s crucial to know that the DeepSeek model you are building on is safe. Protect AI’s Guardian is a traditional and generative model scanning tool that helps you assess the integrity and security of model files before use. It detects deserialization, backdoor, and runtime threats. This is especially useful when you are uploading custom models through Custom Model Import (CMI) in Amazon Bedrock. Figure 1 depicts the workflow of CMI in conjunction with Protect AI.

Figure 1: Users call Guardian via API when completing a Custom Model Import (CMI) into Bedrock.

By performing a Guardian scan first, you make informed decisions about the DeepSeek model when building your AI systems.

Red Teaming Models with Recon to Identify Necessary Guardrails

After ensuring the model is free from hidden threats, investigate potential runtime vulnerabilities with Recon, Protect AI’s automated red-teaming tool. It simulates realistic adversarial attack scenarios. It reveals specific vulnerabilities and guides you precisely on which filters, parameters, and controls to deploy via Amazon Bedrock Guardrails. These include: Content Filters, Prompt Injection Prevention, Jailbreak Prevention Controls.

Recon is Protect AI’s automated red teaming tool that simulates real-world attack scenarios. It stress tests your model to determine what types of adversarial inputs cause failures, as well as where model outputs become problematic or unsafe. It takes responses and visualizes them as a report, as depicted in Figure 2.

Figure 2: Recon performs comprehensive penetration testing and creates a detailed dashboard to visualize the results.

After performing an initial Recon scan and setting your security controls via Guardrails, you scan again to verify they are operating as planned before pushing to production.

Continuous Monitoring with Recon

Security does not stop after deployment. You have set your security controls based on insights provided by Recon, but as AI evolves, so do AI threats.

Recon’s Attack Library contains hundreds of known attacks, which Protect AI’s threat researchers update weekly. You also add custom attack types to further tailor scans to your model. By regularly re-scanning model endpoints, you validate that the applied security parameters are working as intended. If new weaknesses emerge, Recon identifies them in a report, as depicted in Figure 3, allowing you to adjust security controls accordingly.

Figure 3: Visualize where your models are vulnerable.

This adaptable security approach lets you continuously improve your generative AI security, fixing vulnerabilities before attackers can use them.

Benefits of This Integration

Streamlined AI Security Workflows: Enterprises can seamlessly integrate Guardian and Recon within their existing AWS environments without additional development effort.

Rapid Time-to-Production: Guardian and Recon’s high-speed scanning and automated red teaming enable secure AI deployments without compromising velocity or innovation.

Proactive Risk Mitigation: Enterprises can identify and remediate vulnerabilities early, significantly reducing potential compliance and reputational risks.

Continuous AI Governance: Protect AI’s solutions align with industry standards, including OWASP, MITRE, NIST, and DASF, ensuring continuous compliance and robust security posture.

Conclusion

As generative AI becomes essential for enterprise innovation, securing these powerful models must be a top priority. Organizations achieve comprehensive security throughout the AI lifecycle by integrating Protect AI’s Guardian and Recon with Amazon Bedrock. This integration enables accelerated innovation while maintaining robust safety measures. Through proactive and continuous security monitoring, organizations ensure their generative AI deployments remain resilient, compliant, and trustworthy in today’s evolving threat landscape.

For a comprehensive technical understanding, explore the detailed walkthrough of Building Robust LLM Guardrails for DeepSeek-R1 in Amazon Bedrock. Additionally, you can learn about the Implementing Advanced Model Security for Custom Model Import in Amazon Bedrock through an in-depth technical guide.

Protect AI – AWS Partner Spotlight

Protect AI is an end-to-end cybersecurity platform that secures artificial intelligence systems in enterprise environments. Their suite of products operates on a single, unified platform and secure AI applications from model selection and testing to runtime and beyond, making AI safe at enterprise scale.

Contact Protect AI | Partner Overview | AWS Marketplace