As organizations adopt leading generative AI tools like Amazon Bedrock, it’s critical to build security into their use. Cloud-native AI services can accelerate innovation, but they need to be configured with the right access, protection, and detection controls to reduce risks. Misconfigured resources can expose sensitive training data, allow unauthorized model access, or lead to unintended data quality issues. AI security builds on familiar security practices and tooling, so you can secure AI adoption without disrupting innovation.
Datadog Cloud Security now includes a library of out-of-the-box detections that help organizations identify and remediate misconfigurations in Amazon Bedrock environments. These detections prioritize risks based on infrastructure context, such as public accessibility and privileged access, and surface them within a unified security workflow that supports both guided remediation and compliance validation.
In this post, we’ll cover:
Amazon Bedrock offers scalable and flexible access to leading foundation models with a unified API interface, making it an attractive choice for organizations building generative AI capabilities. Amazon Bedrock is also built with security at its core, offering robust features to protect your data and models. Securing the use of Amazon Bedrock is the essential next step for customers, as generative AI misconfigurations are a growing target for threat actors.
Datadog’s new AI detections are part of a broader partnership between AWS and Datadog that is focused on helping customers operate their cloud infrastructure securely and efficiently while implementing best practices, such as the AWS Well-Architected Framework. With more than 1,000 out-of-the-box integrations—including more than 100 for AWS—and a partner-built Marketplace, Datadog’s long-standing partnership with AWS and deep integration capabilities has enabled Datadog to quickly develop comprehensive security monitoring for AWS. Using the broader security portfolio covering Code Security, Cloud Security, and Threat Management, organizations running on AWS can use Datadog to secure their full stack.
Datadog’s new detections for Amazon Bedrock resources identify configuration risks that could expose data or models to unauthorized access. Each detection is assigned a severity score using Datadog’s infrastructure-aware severity scoring system, helping teams prioritize and respond to critical issues faster.
The new detections help identify and prevent:
These risks are evaluated in context, such as whether a misconfigured S3 bucket is used in a fine-tuning pipeline. This allows teams to focus their attention on what matters most.
To detect Amazon Bedrock misconfigurations in your environment, you first need to configure the AWS integration in Datadog and enable Datadog Cloud Security. Once enabled, data will start populating after 10 minutes. Datadog will then automatically scan your environment, including Bedrock resources, for risky configurations. Datadog surfaces any risks that it detects automatically and enriches them with context including sensitive data exposure, identity risks, vulnerabilities, and other misconfigurations. Datadog also provides suggested remediation steps that you can apply directly within Datadog and confirm that the misconfiguration has been resolved. You can also set up custom alerts and monitors to get notified when Datadog identifies any AI risks, and surface critical findings in the Security Inbox.
In the example below, Datadog has detected that an Amazon Bedrock custom model is configured to use training data from a publicly writable S3 bucket. This setup opens the door to unintended data contamination, potentially altering model behavior. The detection enables you to securely configure the model to avoid this.
You can also view any detected issues alongside surrounding infrastructure using the Security Map. This uses Cloudcraft to give you live diagrams of your cloud architecture, helping you quickly identify problems and triage them based on their severity score.
Security and compliance standards for AI are evolving rapidly. In 2023, the UK’s National Cyber Security Centre and CISA published joint guidance for building secure AI systems, recommending robust protections for models and infrastructure. The NIST AI RMF similarly provides a voluntary framework to guide risk management in AI deployments.
Datadog can help you track your compliance posture and monitor improvements as you identify and resolve issues. This helps you meet internal benchmarks and regulatory standards. You can also create custom frameworks or iterate on existing ones for tailored compliance controls.
As generative AI is embraced across industries, the regulatory environment will evolve. We’ll continue partnering with AWS to expand our detection library and support secure AI adoption and compliance.
Today, Datadog Cloud Security has over 1,300 out-of-the-box compliance rules and has announced out-of-the-box support for the NIST AI framework. This enables customers to accelerate evidence collection for audits, proactively monitor their posture and route remediations to the infrastructure owner in a shared platform.
Misconfigurations in AI systems can be risky, but with the right tools, you’ll have the visibility and context needed to manage them. With Datadog Cloud Security, teams gain visibility into these risks, detect threats early, and remediate issues with confidence. Detections for Amazon Bedrock are available today alongside other features that help you secure your AI workloads, including Bits Security Analyst, which helps automate triage for AWS CloudTrail signals.
To learn more about how Datadog helps secure your AI infrastructure, visit our documentation. If you’re not already using Datadog, you can get started with Datadog Cloud Security here a 14-day free trial.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。