AWS Bedrock API Key Used for Destructive or Anti-Recovery Action

Last updated 3 days ago on 2026-07-06
Created 3 days ago on 2026-07-06

About

Identifies an Amazon Bedrock API key (bearer token) being used to perform a destructive or anti-recovery control-plane action, such as deleting a guardrail, deleting a custom or imported model, removing provisioned throughput, or disabling model invocation logging. Bedrock API keys are bearer credentials intended for model invocation (InvokeModel, Converse); using one to delete Bedrock resources or disable logging is inconsistent with that purpose and is characteristic of LLMjacking or sabotage following key theft. Every Bedrock API key call is identifiable in CloudTrail by "additionalEventData.callWithBearerToken" being true. The rule matches regardless of outcome, because a destructive attempt via a bearer token is suspicious even when denied.
Tags
Domain: CloudData Source: AWSData Source: Amazon Web ServicesData Source: AWS CloudTrailData Source: Amazon BedrockUse Case: Threat DetectionTactic: ImpactTactic: Defense EvasionLanguage: esql
Severity
high
Risk Score
73
MITRE ATT&CK™

Impact (TA0040)(external, opens in a new tab or window)

Defense Evasion (TA0005)(external, opens in a new tab or window)

False Positive Examples
Automation that intentionally manages Bedrock resources using an API key could match. Confirm the principal in "aws.cloudtrail.user_identity.arn", the affected resource in "aws.cloudtrail.request_parameters", and whether the change was expected. Known maintenance principals can be excluded after validation.
License
Elastic License v2(external, opens in a new tab or window)

Definition

Integration Pack
Prebuilt Security Detection Rules
Related Integrations

aws(external, opens in a new tab or window)

Query
text code block:
FROM logs-aws.cloudtrail-* METADATA _id, _version, _index | WHERE event.provider == "bedrock.amazonaws.com" AND aws.cloudtrail.additional_eventdata RLIKE """.*callWithBearerToken=true.*""" AND event.action IN ( "DeleteGuardrail", "DeleteModelInvocationLoggingConfiguration", "PutModelInvocationLoggingConfiguration", "DeleteImportedModel", "DeleteCustomModel", "DeleteModelCustomizationJob", "DeleteProvisionedModelThroughput", "DeleteMarketplaceModelEndpoint" ) | KEEP _id, _version, _index, @timestamp, aws.*, cloud.*, event.*, source.*, user.*, user_agent.*

Install detection rules in Elastic Security

Detect AWS Bedrock API Key Used for Destructive or Anti-Recovery Action in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).