Wiz

Wiz Enhances AI-SPM Support for Amazon Bedrock

Safeguard Amazon Bedrock with Wiz AI-SPM capabilities to gain visibility into GenAI pipelines and detect and proactively remove risks

3 minutes read
Shaked Rotlevi, Alon Weiss

In September 2023, Amazon Web Services (AWS) announced the general availability of Amazon Bedrock, a fully managed AWS service that helps customers easily build generative AI applications using a choice of high-performing foundational models (FMs) along with a broad set of capabilities that customers need to build generative AI (Gen AI) applications — simplifying development while supporting privacy and security. Amazon Bedrock provides access to leading FMs from AI21 Labs, Anthropic, Cohere, Meta, Stability AI, and Amazon, giving customers the flexibility to innovate with a variety of models on a serverless platform and create GenAI applications that are fully integrated with the rest of their AWS environment.

AWS customers can easily experiment and evaluate top FMs for their use cases, customize and fine-tune them with their data, and build agents that perform specific tasks using their own organizational data. Even though the service was recently released (in 2023), the Wiz Research Team found that 15% of organizations already have an instance of Amazon Bedrock in their environment. We expect that percentage to increase substantially over the coming months as more customers use Amazon Bedrock to build applications with their data to create new customer experiences.

When building GenAI applications with Amazon Bedrock and customizing models for specific use cases, AWS customers need to ensure they maintain visibility into their custom models and the training data used so they can proactively stay ahead of any risks in their GenAI pipelines. Based on McKinsey’s State of AI in 2023 report, only 21% of organizations report having established policies governing employees’ use of GenAI technologies.

Wiz is committed to helping our customers accelerate AI adoption no matter what service or platform they use. That's why we're extending our AI-SPM (Security Posture Management) support for Amazon Bedrock, helping AWS customers bring their GenAI applications to production even faster. This is in addition to other services and platforms already supported, including Amazon SageMaker and others.

Amazon Bedrock is a fully managed generative AI service that offers a choice of high-performing foundation models from leading AI companies via a single API, along with a broad set of capabilities organizations need to build generative AI applications with security, privacy, and responsible AI. Bedrock provides the easiest way to build and scale generative AI applications with foundation models. Wiz enables our mutual customers to further enhance security and promote the responsible usage of generative AI while accelerating innovation on AWS.

Atul Deo, General Manager of Amazon Bedrock, Amazon Web Services

Visibility into Amazon Bedrock pipelines and misconfigurations

With this launch, Wiz now provides AI-BOM (AI-Bill of Materials) visibility into Amazon Bedrock custom models and fine-tuned jobs on the Wiz Security Graph. Users customizing Amazon Bedrock models with their own data can now visualize their fine-tuned jobs with a graph-based view that shows the model being customized, the training data used to fine-tune it, and the access and exposure to the training data.

With Amazon Bedrock, you have full control over the data you use to customize the foundation models for your generative AI applications. Your data is encrypted in transit and at rest. Additionally, you can create, manage, and control encryption keys using the AWS Key Management Service (AWS KMS). Identity-based policies provide further control over your data, helping you manage what actions users and roles can perform, on which resources, and under what conditions. To help you ensure you follow security best practices, Wiz provides you with out-of-the-box configuration rules that assess your Amazon Bedrock configuration. For example, Wiz can detect if an Amazon Bedrock custom model is configured with a customer-managed encryption key and help you quickly detect and remediate the misconfiguration.

Remove attack paths to Amazon Bedrock models

With this release, Wiz is also extending our attack path analysis to Amazon Bedrock, bringing in cloud context to detect attack paths to models available in Amazon Bedrock. Wiz correlates context around vulnerabilities, misconfigurations, identities, data, and secrets to help you prioritize the critical risks. You can view the list of prioritized AI risks in the AI Security Dashboard, which provides a holistic view of your security posture across all AI tools, services, and platforms you use.

Empowering AI practitioners to innovate with machine learning

We're excited to add AI-SPM support to Amazon Bedrock in addition to the variety of existing AI cloud services, technologies, and platforms we already support. And we're also excited to continue empowering our customers to innovate with AI securely! Learn more about Wiz AI-SPM by visiting the Wiz Docs (login required). If you prefer a live demo, we would love to connect with you.

Tags
#Product

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo