Securing AI Workloads in AWS: Why Bedrock and SageMaker Need Runtime Detection and AI-Powered Response

2026-05-19 · Source: Cloud Security Alliance · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Intermediate, long

Summary

Attackers are increasingly targeting Amazon Bedrock and SageMaker, using AI to compromise AWS environments and abuse these services. A November 2025 incident demonstrated an attacker gaining full administrator access in under 10 minutes, leveraging LLMs for automated attacks and LLMjacking on Amazon Bedrock. Traditional posture management is insufficient, as evidenced by Tenable Research findings: 91% of SageMaker users had notebooks with root access, and 14% of Bedrock users failed to block public access to AI training buckets. Securing these high-value AI workloads requires a comprehensive approach integrating AI Security Posture Management (AI-SPM) for configuration, Cloud Infrastructure Entitlement Management (CIEM) for identity, and Cloud Detection and Response (CDR) for real-time runtime behavior monitoring. This combined strategy addresses attack patterns like LLMjacking, training data theft, and GPU instance abuse, which posture-only solutions cannot detect.

Key takeaway

For MLOps Engineers or AI Security Engineers deploying Bedrock and SageMaker, your current posture-only security strategy is insufficient against AI-speed attacks. You must integrate real-time Cloud Detection and Response (CDR) with AI Security Posture Management (AI-SPM) and Cloud Infrastructure Entitlement Management (CIEM). This combined approach allows you to detect behavioral anomalies like LLMjacking and GPU abuse, correlating disparate alerts into actionable threat stories, and responding at machine speed to protect your high-value AI assets.

Key insights

AI workloads in AWS are high-value targets requiring integrated security beyond posture management due to AI-speed attacks.

Principles

• Posture management alone cannot secure AI workloads.
• AI-speed attacks demand real-time detection.
• AI services are high-value attack targets.

Method

Secure AI workloads by combining AI-SPM for configuration, CIEM for identity, and CDR for runtime behavior in a single platform. Correlate alerts into threat stories for AI-powered incident response.

In practice

• Enable Bedrock model invocation logging.
• Disable SageMaker notebook direct internet access.
• Block public access on AI training S3 buckets.

Topics

• AWS Security
• Amazon Bedrock
• Amazon SageMaker
• LLMjacking
• Cloud Detection and Response
• AI Workload Security

Best for: AI Security Engineer, MLOps Engineer, Director of AI/ML

Related on AIssential

• Reference your own AWS Secrets Manager secrets in Amazon Bedrock AgentCore Identity — Amazon Bedrock AgentCore Identity now allows referencing existing AWS Secrets Manager secrets for enhanced credential governance.
• Cloud attacks are getting faster and deadlier - 4 ways to secure your business — AI accelerates cyberattacks, shifting focus to third-party software vulnerabilities and identity exploitation.
• How recruitment fraud turned cloud IAM into a $2 billion attack surface — Recruitment fraud facilitates cloud IAM compromise via trojanized packages, bypassing traditional security and enabling rapid privilege escalation.
• Build Strands Agents with SageMaker AI models and MLflow — SageMaker AI and MLflow provide robust control and observability for enterprise AI agent development.
• SageMaker Pipelines: CI/CD for ML with Terraform — The provided content indicates an error page, stating "Apologies, but something went wrong on our end." It suggests refreshing the page, checking Medium's site status, or finding other content to read.
• Amazon’s OpenAI gambit signals a new phase in the cloud wars — one where exclusivity no longer applies — AWS's new offerings position it as a comprehensive platform for agentic AI, integrating top models with robust security and specialized applications.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Cloud Security Alliance.