LoFP / legitimate users may encounter access denied errors during permission testing, role transitions, or when service permissions are being reconfigured. access denials may also happen when automated processes are using outdated credentials or when new bedrock features are being explored.

Techniques

• T1078
• T1550

Sample rules

AWS Bedrock Invoke Model Access Denied

• source: splunk
• technicques:
  • T1078
  • T1550

Description

The following analytic identifies access denied error when attempting to invoke AWS Bedrock models. It leverages AWS CloudTrail logs to detect when a user or service receives an AccessDenied error when calling the InvokeModel API. This activity is significant as it may indicate an adversary attempting to access Bedrock models with insufficient permissions after compromising credentials. If confirmed malicious, this could suggest reconnaissance activities or privilege escalation attempts targeting generative AI resources, potentially leading to data exfiltration or manipulation of model outputs.

Detection logic

`cloudtrail` eventSource=bedrock.amazonaws.com eventName=InvokeModel errorCode=AccessDenied  
| rename user_name as user  
| stats count min(_time) as firstTime max(_time) as lastTime values(requestParameters.modelId) as modelIds by src user user_agent vendor_account vendor_product dest signature vendor_region result result_id 
| `security_content_ctime(firstTime)`  
| `security_content_ctime(lastTime)` 
| `aws_bedrock_invoke_model_access_denied_filter`