LoFP / legitimate administrators may delete guardrails as part of normal operations, such as when replacing outdated guardrails with updated versions, cleaning up test resources, or consolidating security controls. consider implementing an allowlist for expected administrators who regularly manage guardrails configurations.

Techniques

• T1562.008

Sample rules

AWS Bedrock Delete GuardRails

• source: splunk
• technicques:
  • T1562.008

Description

The following analytic identifies attempts to delete AWS Bedrock GuardRails, which are security controls designed to prevent harmful, biased, or inappropriate AI outputs. It leverages AWS CloudTrail logs to detect when a user or service calls the DeleteGuardrail API. This activity is significant as it may indicate an adversary attempting to remove safety guardrails after compromising credentials, potentially to enable harmful or malicious model outputs. Removing guardrails could allow attackers to extract sensitive information, generate offensive content, or bypass security controls designed to prevent prompt injection and other AI-specific attacks. If confirmed malicious, this could represent a deliberate attempt to manipulate model behavior for harmful purposes.

Detection logic

`cloudtrail` eventSource=bedrock.amazonaws.com eventName=DeleteGuardrail  
| rename user_name as user  
| stats count min(_time) as firstTime max(_time) as lastTime values(requestParameters.guardrailIdentifier) as guardrailIds by src user user_agent vendor_account vendor_product dest signature vendor_region   
| `security_content_ctime(firstTime)`  
| `security_content_ctime(lastTime)` 
| `aws_bedrock_delete_guardrails_filter`