AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User

Last updated a month ago on 2025-07-16

Created a year ago on 2024-05-02

About

Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs.

Tags: Domain: LLMData Source: AWS BedrockData Source: AWS S3Use Case: Policy ViolationMitre Atlas: T0015Mitre Atlas: T0034Language: esql
Severity: high
Risk Score: 73
False Positive Examples: Legitimate misunderstanding by users or overly strict policies
License: Elastic License v2(opens in a new tab or window)

Definition

Integration Pack: Prebuilt Security Detection Rules
Related Integrations: (opens in a new tab or window)
Query

from logs-aws_bedrock.invocation-*

// Filter for access denied errors from GenAI responses
| where gen_ai.response.error_code == "AccessDeniedException"

// keep ECS and response fields
| keep
  user.id,
  gen_ai.request.model.id,
  cloud.account.id,
  gen_ai.response.error_code

// count total denials per user/model/account
| stats
    Esql.ml_response_access_denied_count = count(*)
  by
    user.id,
    gen_ai.request.model.id,
    cloud.account.id

// Filter for users with repeated denials
| where Esql.ml_response_access_denied_count > 3

// sort by volume of denials
| sort Esql.ml_response_access_denied_count desc

Install detection rules in Elastic Security

Detect AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(opens in a new tab or window).