AWS Bedrock Third-Party or External Knowledge Base Associated to Agent

Last updated 3 days ago on 2026-06-04

Created 3 days ago on 2026-06-04

About

Detects when an Amazon Bedrock agent is associated with, or updated to use, a knowledge base via the AssociateAgentKnowledgeBase, or UpdateAgentKnowledgeBase API actions. Bedrock agents consume knowledge base (RAG) content as trusted context for the model. By wiring an agent to an externally controlled or third-party knowledge base, or by swapping in an attacker-controlled knowledge base, an adversary can redraw the agent's trust boundary toward an untrusted source. This is a software-supply-chain compromise and an indirect prompt-injection delivery vector: poisoned or adversarial content served from the associated knowledge base is treated as authoritative by the agent. Validate that the associated knowledge base, and any underlying data source, is owned and controlled by your organization.

Tags

Domain: CloudDomain: LLMData Source: Amazon Web ServicesData Source: AWSData Source: AWS CloudTrailUse Case: Threat DetectionTactic: PersistenceLanguage: kuery

Severity

medium

Risk Score

MITRE ATT&CK™

Persistence (TA0003)(external, opens in a new tab or window)

↳ Server Software Component (T1505)(external, opens in a new tab or window)

False Positive Examples

Legitimate platform, ML, or application teams may associate or update knowledge bases on Bedrock agents as part of normal development, onboarding, or RAG pipeline changes. Verify that the actor identity, user agent, and source IP correspond to expected automation or authorized engineers, and that the associated knowledge base is an approved, organization-owned resource. If known behavior is causing false positives, it can be exempted from the rule.

License

Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type: New Terms Rule
Integration Pack: Prebuilt Security Detection Rules
Index Patterns: logs-aws.cloudtrail-*
Related Integrations: aws(external, opens in a new tab or window)
Query

✄𐘗text code block:
✄𐘗data_stream.dataset: "aws.cloudtrail"
    and event.provider: "bedrock.amazonaws.com"
    and event.action: (
        "AssociateAgentKnowledgeBase" or
        "UpdateAgentKnowledgeBase"
    )
    and event.outcome: "success"

Install detection rules in Elastic Security

Detect AWS Bedrock Third-Party or External Knowledge Base Associated to Agent in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).