AWS bedrock documentation change
Summary
Expanded sensitive information masking to cover both model requests and responses
Security assessment
Enhances data protection documentation by extending PII masking to input requests, improving defense against accidental sensitive data exposure. While security-related, there's no indication this addresses a specific vulnerability.
Diff
diff --git a/bedrock/latest/userguide/guardrails-sensitive-filters.md b/bedrock/latest/userguide/guardrails-sensitive-filters.md index 8153df19d..df1b42632 100644 --- a//bedrock/latest/userguide/guardrails-sensitive-filters.md +++ b//bedrock/latest/userguide/guardrails-sensitive-filters.md @@ -13 +13 @@ You can configure the following modes for handling sensitive information that gu - * **Mask** — Sensitive information filter policies can anonymize or redact information from model responses. For example, guardrails mask PIIs while generating summaries of conversations between users and customer service agents. If sensitive information is detected in the model response, the guardrail masks it and replaces it with the PII type (for example, `{NAME}` or `{EMAIL}`). + * **Mask** — Sensitive information filter policies can anonymize or redact information from model requests or responses. For example, guardrails mask PIIs while generating summaries of conversations between users and customer service agents. If sensitive information is detected in the model request or response, the guardrail masks it and replaces it with the PII type (for example, `{NAME}` or `{EMAIL}`).