Sure! The translation to American English is:“Protecting Amazon Bedrock Agents: A Guide to Defending Against Indirect Prompt Injections.”

Generative artificial intelligence tools have significantly transformed the way we work, create, and process information. In this context, Amazon Web Services (AWS) has prioritized security by offering Amazon Bedrock, which includes security controls and best practices to safeguard applications and data. This article discusses the security measures and strategies provided by Amazon Bedrock agents, focusing on protection against indirect command injections, a type of attack that compromises the integrity of AI interactions.

Indirect command injections are harder to detect than direct injections, as they typically involve inserting malicious instructions into seemingly innocuous content, such as documents or emails. When a user requests a summary of such contaminated content from their AI assistant, these instructions hide the possibility of the AI being manipulated, resulting in the exposure of sensitive data or the spread of misinformation. Therefore, it is essential to understand and mitigate these risks.

Similar to SQL injections, indirect command injections exploit the combination of trusted code and potentially harmful inputs, which can occur when processing untrustworthy content. If the attack is successful, it could lead to manipulation of the conversation context, with serious security implications, including remote code execution.

A particularly concerning aspect is that many of these attacks are invisible to the user, as malicious instructions can be hidden in Unicode characters or obscure text formats. Thus, a simple request for a summary could trigger unwanted events, such as the accidental deletion of emails.

Mitigating these injections does not have a one-size-fits-all solution, as it depends on the architecture of each application. It is crucial to adopt a layered defense strategy that combines security controls and preventive measures. Amazon Bedrock agents have developed essential vectors that must be protected, including user input, tool input, tool output, and the final response of the agent.

A suggested strategy is to require user confirmation before executing critical functions. Additionally, Amazon Bedrock Guardrails provide robust filtering capabilities, blocking inappropriate content or sensitive data. It is also advisable to implement secure command engineering by training the language model to recognize and avoid malicious instructions.

Other measures include access control and the use of controlled environments that protect against these attacks. Having a comprehensive monitoring system will help detect unusual patterns in interactions, such as spikes in queries or repetitive commands.

In conclusion, by applying a depth defense approach and maintaining constant vigilance, the vulnerability to indirect injections can be significantly reduced. Security should not be viewed as a one-time implementation, but as an ongoing commitment that must adapt over time. Careful implementation of these strategies will allow Amazon Bedrock agents not only to offer advanced capabilities but also to operate safely and as intended.