Elastic Security Detection Rules

AWS Bedrock Foundation Model Enumeration Followed by Invocation via Long-Term Key

Last updated 2 days ago on 2026-06-05
Created 2 days ago on 2026-06-05

About

Detects when an AWS principal using long-term IAM user credentials (AKIA* access key) enumerates available Bedrock foundation models and then invokes a model within the same 15-minute window. Most legitimate Bedrock workloads run under IAM roles with short-lived credentials; the combination of model enumeration followed by direct model invocation from a long-term IAM user key is unusual in production environments and consistent with an adversary using stolen credentials to discover and exploit available AI model capabilities. This pattern is associated with LLMjacking attacks where threat actors abuse compromised cloud credentials to run high-volume or high-cost model inference at the account owner's expense.
Tags
Domain: CloudDomain: LLMData Source: Amazon Web ServicesData Source: AWSData Source: AWS CloudTrailUse Case: Identity and Access AuditTactic: DiscoveryTactic: Initial AccessLanguage: eql
Severity
high
Risk Score
73
MITRE ATT&CK™

Discovery (TA0007)(external, opens in a new tab or window)

Cloud Service Discovery (T1526)(external, opens in a new tab or window)

Initial Access (TA0001)(external, opens in a new tab or window)

Valid Accounts (T1078)(external, opens in a new tab or window)

False Positive Examples
First-time Bedrock onboarding by a developer using long-term IAM user credentials. Verify the requesting identity is a known engineer, the use case description is legitimate, and the model invocation follows expected application behavior. Consider migrating Bedrock workloads to IAM roles to eliminate this pattern.
License
Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type
Event Correlation Rule
Integration Pack
Prebuilt Security Detection Rules
Index Patterns
logs-aws.cloudtrail-*
Related Integrations

aws(external, opens in a new tab or window)

Query
text code block:
sequence by aws.cloudtrail.user_identity.access_key_id with maxspan=15m
  [any where data_stream.dataset == "aws.cloudtrail"
    and event.provider == "bedrock.amazonaws.com"
    and event.action == "ListFoundationModels"
    and event.outcome == "success"
    and aws.cloudtrail.user_identity.access_key_id like "AKIA*"]
  [any where data_stream.dataset == "aws.cloudtrail"
    and event.provider == "bedrock.amazonaws.com"
    and event.action : ("InvokeModel", "InvokeModelWithResponseStream", "Converse", "ConverseStream")
    and event.outcome == "success"]

Install detection rules in Elastic Security

Detect AWS Bedrock Foundation Model Enumeration Followed by Invocation via Long-Term Key in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).