AWS Bedrock Agent or Action Group Manipulation

Last updated 3 days ago on 2026-06-04

Created 3 days ago on 2026-06-04

About

Detects modification of deployed Amazon Bedrock agents and their action groups, collaborators, or aliases via the Bedrock Agent control plane. Adversaries with access to an AWS account can tamper with an existing, trusted agent by altering its instructions (UpdateAgent), adding or changing action groups that wire the agent to Lambda functions or APIs (CreateAgentActionGroup, UpdateAgentActionGroup), attaching or modifying collaborators (AssociateAgentCollaborator, UpdateAgentCollaborator), or repointing an alias to a tampered version (CreateAgentAlias, UpdateAgentAlias). A PrepareAgent call is required to make a tampered configuration live. By implanting malicious behavior into an agent that legitimate users continue to invoke, an attacker can maintain durable access through a trusted component. Creation of brand-new agents (CreateAgent) is intentionally excluded as lower-signal activity.

Tags

Domain: CloudDomain: LLMData Source: AWSData Source: AWS CloudTrailData Source: Amazon Web ServicesData Source: Amazon BedrockUse Case: Threat DetectionTactic: PersistenceLanguage: kuery

Severity

medium

Risk Score

MITRE ATT&CK™

Persistence (TA0003)(external, opens in a new tab or window)

↳ Server Software Component (T1505)(external, opens in a new tab or window)

False Positive Examples

Bedrock agent and action group changes are common during legitimate development, prompt tuning, and CI/CD deployments. Verify whether the user identity, user agent, and/or source IP should be modifying agents in your environment, and confirm a corresponding change request exists. Automation roles (IaC pipelines, deployment tooling) may routinely call these APIs and can be exempted from the rule if they generate false positives.

License

Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type: New Terms Rule
Integration Pack: Prebuilt Security Detection Rules
Index Patterns: logs-aws.cloudtrail-*
Related Integrations: aws(external, opens in a new tab or window)
Query

✄𐘗text code block:
✄𐘗data_stream.dataset: "aws.cloudtrail" and
    event.provider: "bedrock.amazonaws.com" and
    event.action: (
        "UpdateAgent" or
        "CreateAgentActionGroup" or
        "UpdateAgentActionGroup" or
        "AssociateAgentCollaborator" or
        "UpdateAgentCollaborator" or
        "CreateAgentAlias" or
        "UpdateAgentAlias" or
        "PrepareAgent"
    ) and
    event.outcome: "success"

Install detection rules in Elastic Security

Detect AWS Bedrock Agent or Action Group Manipulation in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).