AWS Marketplace

Detecting misconfigurations and mitigating AI risks to secure Amazon Bedrock with TrendAI Vision One™

As organizations build AI applications with Amazon Bedrock, security teams are finding that their existing security controls and processes were not designed with AI security in mind. For example, the way data is handled, how access is granted, and how models are deployed all introduce risks that require a different approach.

These risks are growing alongside adoption. According to the Amazon Web Services (AWS) Generative AI Adoption Index, 45% of organizations have made AI tools their top budget priority for 2025. A misconfigured AI deployment can expose sensitive customer data through model prompts, invite model manipulation through prompt injection attacks, or create compliance gaps that regulators and auditors are increasingly scrutinizing.

In this post, you’ll learn how TrendAI Vision One™ helps secure Amazon Bedrock deployments by detecting misconfigurations, monitoring for data exposure, and providing actionable remediation guidance. TrendAI Vision One™ is available in AWS Marketplace with a 30-day trial, so you can deploy it using existing AWS committed spend with consolidated billing and simplified contracting.

Amazon Bedrock security

Amazon Bedrock provides a multilayered approach to security, covering data privacy, access controls, network isolation, and responsible AI.

  • Data isolation and encryption – Customer data isn’t shared with model providers or used to train base models. Data is encrypted in transit using TLS 1.2 and at rest through AWS Key Management Service (AWS KMS).
  • Secure connectivity – Customers can use AWS PrivateLink to establish private connectivity from an Amazon Virtual Private Cloud (Amazon VPC) connection to Amazon Bedrock.
  • Access controlsAWS Identity and Access Management (IAM) policies control who can be authenticated and authorized to use Amazon Bedrock resources, with support for identity-based and resource-based policies.
  • Secure model customization – Fine-tuning uses encrypted training data through a private Amazon VPC connection. Training data isn’t stored by Amazon Bedrock after customization is complete.
  • Responsible AIAmazon Bedrock Guardrails provides configurable safeguards to filter harmful content, detect hallucinations, and redact personally identifiable information (PII) across foundation models (FMs).

Under the AWS Shared Responsibility Model, AWS is responsible for security of the cloud, protecting the infrastructure that runs AWS Cloud services, including the hardware, software, networking, and facilities. Customers are responsible for security in the cloud, which includes managing their data, configuring access controls, and applying the appropriate permissions.

Where TrendAI Vision One™ fits in

Fulfilling the customer’s side of the shared responsibility model means managing data, configuring access controls, and applying appropriate permissions. That task becomes significantly more complex when AI workloads are involved. TrendAI Vision One™ is designed specifically for that complexity, continuously scanning for misconfigurations, exposed sensitive data, and security gaps across AWS resources including Amazon Bedrock.

Amazon Bedrock built-in controls provide a strong foundation. However, most organizations build across multiple services and environments. They need an additional layer of visibility and control that spans their full cloud security posture, not just AI workloads in isolation. Rather than treating AI security as a separate problem, TrendAI Vision One™ approaches it as part of the broader cloud security posture alongside identity exposures, data governance, and compliance.

Because TrendAI Vision One™ is available directly through AWS Marketplace, customers can add this layer of AI security protection without separate procurement cycles. They can apply their existing AWS committed spend and consolidate costs under a single AWS bill.

The TrendAI Vision One™ platform provides two layers of protection for AI workloads:

  1. Before deployment – TrendAI Vision One™ AI Scanner stress-tests AI applications with simulated attacks such as prompt injection, jailbreaks, and data exfiltration attempts. This helps catch insecure prompt logic and vulnerabilities before they reach production.
  2. In production – TrendAI Vision One™ AI Guard monitors prompts and responses in real time, blocking malicious inputs before they reach the model and filtering risky outputs before they reach users. This works alongside Amazon Bedrock Guardrails to provide additional application-layer protection.

AI-SPM: Centralized visibility into AI assets

TrendAI Vision One™ AI Security Posture Management (AI-SPM) gives security teams a single view of their AI assets across AWS. It detects vulnerabilities, misconfigurations, and usage patterns that can pose security or compliance risks.

With TrendAI Vision One™ Cloud Security, teams can monitor sensitive data flows, detect unauthorized access to AI models, identify misconfigurations as they occur, and enforce governance policies tailored to AI workloads.

Detecting AI security risks in Amazon Bedrock

TrendAI™ has built security detections specifically for Amazon Bedrock and other AI services. These detections address seven categories of risk that are common in AI deployments:

  1. Unauthorized model access
  2. Sensitive data in prompts or outputs
  3. Misconfigured access policies
  4. Unencrypted data flows
  5. Noncompliant usage patterns
  6. Missing guardrails
  7. Pre-deployment risk discovery

The next sections explain these categories of risk in more detail.

Unauthorized model access

When unapproved IAM roles or external sources attempt to access Amazon Bedrock models, TrendAI Vision One™ detects the anomalous access pattern. It also flags potential insider threats or compromised credentials interacting with AI endpoints.

The following screenshot shows how TrendAI Vision One™ surfaces unauthorized access attempts in the console.

Unauthorized access detection TrendAI Vision One

Figure 1: Unauthorized access detection

Sensitive data in prompts or outputs

PII, credentials, or regulated data can end up in AI prompts or responses unintentionally. TrendAI Vision One™ identifies these exposures and helps prevent data leakage through model interactions.

This detection works at two levels. At the infrastructure level, it checks whether Amazon Bedrock Guardrails has sensitive information filters configured. At the application level, AI Guard inspects prompts and responses in real time, blocking sensitive data leaks and prompt-injection attacks before they reach the model or end user.

The following screenshot shows the sensitive data detection in action.

Sensitive data exposure detection TrendAI Vision One

Figure 2: Sensitive data exposure detection

The following screenshot shows the dashboard with AI Guard results.

AI Application Security AI Guard TrendAI Vision One

Figure 3: AI Application Security – AI Guard

Misconfigured access policies

Overly permissive IAM policies or missing restrictions on Amazon Bedrock resources can enable unintended access. TrendAI Vision One™ alerts on these misconfigurations and helps enforce least-privilege access for AI-related resources before an overly permissive policy becomes an entry point.

Unencrypted data flows

When AI data isn’t encrypted in transit or at rest, or when customer-managed keys aren’t in use, TrendAI Vision One™ flags the gap. This helps teams maintain encryption standards across their Amazon Bedrock deployments before they create compliance exposure.

The following screenshot shows the current Amazon Bedrock encryption rules in the Vision One console.

Encryption compliance rules TrendAI Vision One

Figure 4: Encryption compliance rules

Noncompliant usage patterns

TrendAI Vision One™ flags usage of AI services that might not align with governance policies or external regulations such as General Data Protection Regulation (GDPR) or Health Insurance Portability and Accountability Act (HIPAA). This helps teams maintain responsible AI practices and stay audit ready.

Missing guardrails

When Amazon Bedrock models are deployed without safety controls, TrendAI Vision One™ identifies the gap. It can also trigger remediation actions, such as revoking access permissions directly through IAM, to help enforce protection against harmful or biased outputs.

The following screenshot shows how TrendAI Vision One™ detects deployments that are missing guardrails.

Missing guardrails detection TrendAI Vision One

Figure 5: Missing guardrails detection

Pre-deployment risk discovery

Before AI applications go live, TrendAI’s AI Scanner runs automated adversarial tests that simulate real-world attacks, including prompt injection, jailbreaks, and data exfiltration. It detects insecure prompt logic and vulnerabilities that infrastructure controls alone might not catch.

The scanner provides detailed risk reports with actionable feedback. Issues identified during scanning can then be addressed using AI Guard in production for ongoing protection.

The following screenshot shows the AI Scanner results view.

AI Scanner pre-deployment results TrendAI Vision One

Figure 6: AI Scanner pre-deployment results

How TrendAI Vision One™ monitors Amazon Bedrock in production

Beyond the detection rules described in the preceding section, TrendAI Vision One™ provides three ongoing monitoring capabilities for Amazon Bedrock environments:

  1. Content inspection – TrendAI Vision One™ monitors conversations with Amazon Bedrock APIs, including Converse, ConverseStream, InvokeModel, and InvokeModelWithResponseStream. It blocks threats such as prompt injections, PII exposure, malicious file uploads, and responses containing unsafe URLs in real time.
  2. Infrastructure monitoring – TrendAI Vision One™ cloud security posture management (CSPM) technology continuously validates IAM configurations, network security settings, and encryption across Amazon Bedrock resources. It checks for misconfigurations automatically and alerts teams when settings drift from security best practices.
  3. Connected detection and response – TrendAI Vision One™ extended detection and response (XDR) security approach correlates Amazon Bedrock activity with signals from other applications and services across the organization. Rather than generating isolated alerts, it builds contextual investigation stories that help security teams identify compromised accounts or risky behaviors spanning multiple services.

Getting started with TrendAI Vision One™ in AWS Marketplace

Amazon Bedrock provides a secure foundation for building AI applications. TrendAI Vision One™ extends that foundation by giving security teams visibility into misconfigurations, data flows, access patterns, and deployment practices across AI workloads.

Get started with a 30-day trial in AWS Marketplace. Procuring through AWS Marketplace lets you apply existing AWS committed spend, consolidate costs on a single AWS bill, and skip separate procurement cycles, so your security team can protect Amazon Bedrock workloads in days, not weeks. Learn more at the TrendAI Vision One™ solution hub.

TrendAI

TrendAI has been recognized as a Leader in all 21 Gartner® Magic Quadrant™ reports for Endpoint Protection since 2002. TrendAI applies that experience to AI security, helping organizations gain visibility into their environments, identify emerging risks, and respond faster with AI-assisted analysis.

About Authors

Jose Alvarez

Jose Alvarez is a Partner Solutions Architect at Amazon Web Services (AWS) working with Worldwide Public Sector cybersecurity partners. Prior to joining AWS, he served in various cybersecurity roles and programs within the Department of Defense (DoD). At AWS, he spends his time working with partners to support customers in working toward their security objectives.

Adam Hunter

Adam Hunter is a Senior Solutions Architect for TrendAI focusing on all customers. He specializes in general cloud security related to risk management, automation, API, containers, AI, code, data, identity, network, file, and IPS-related capabilities within the Vision One platform. He provides technical and architectural guidance to all customers use cases.