AWS Bedrock Untrusted Model Imported or Marketplace Endpoint Registered

Last updated 3 days ago on 2026-06-04

Created 3 days ago on 2026-06-04

About

Detects when an AWS Bedrock custom model is imported or deployed, or when a marketplace model endpoint is created or registered, via the CreateModelImportJob, CreateCustomModelDeployment, CreateMarketplaceModelEndpoint, or RegisterMarketplaceModelEndpoint API calls. These actions introduce a model artifact from outside the organization's trusted training and approval pipeline. A backdoored, poisoned, or attacker-supplied model that downstream applications subsequently invoke represents a software supply-chain compromise. New model imports and marketplace endpoint registrations should be validated for artifact provenance (S3 source ownership), the registering identity, and whether the model originates from an approved internal pipeline.

Tags

Domain: CloudDomain: LLMData Source: AWSData Source: AWS CloudTrailData Source: Amazon Web ServicesData Source: Amazon BedrockUse Case: Threat DetectionTactic: PersistenceLanguage: kuery

Severity

medium

Risk Score

MITRE ATT&CK™

Persistence (TA0003)(external, opens in a new tab or window)

↳ Implant Internal Image (T1525)(external, opens in a new tab or window)

False Positive Examples

Machine learning engineers, MLOps automation, or platform teams may legitimately import custom models or stand up marketplace model endpoints as part of normal model lifecycle operations. Verify whether the user identity, user agent, source IP, and model artifact source (S3 location) are expected for your environment. Imports performed by approved CI/CD or IaC pipelines can be exempted from this rule. Activity from unfamiliar identities or untrusted artifact sources should be investigated.

License

Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type: Query (Kibana Query Language)
Integration Pack: Prebuilt Security Detection Rules
Index Patterns: logs-aws.cloudtrail-*
Related Integrations: aws(external, opens in a new tab or window)
Query

✄𐘗text code block:
✄𐘗data_stream.dataset: "aws.cloudtrail"
    and event.provider: "bedrock.amazonaws.com"
    and event.action: (
        "CreateModelImportJob" or
        "CreateCustomModelDeployment" or
        "CreateMarketplaceModelEndpoint" or
        "RegisterMarketplaceModelEndpoint"
    )
    and event.outcome: "success"

Install detection rules in Elastic Security

Detect AWS Bedrock Untrusted Model Imported or Marketplace Endpoint Registered in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).