AWS Security ChangesHomeSearch

AWS wellarchitected medium security documentation change

Service: wellarchitected · 2025-11-22 · Security-related medium

File: wellarchitected/latest/generative-ai-lens/gensec06-bp01.md

Summary

Expanded guidance on data poisoning prevention with specific integration steps for Amazon SageMaker AI HyperPod (EKS/Slurm), added automated data validation/cleansing workflows, updated procedural steps, and added related resources

Security assessment

The changes explicitly address defense against data poisoning attacks (a security risk) by adding concrete implementation patterns for data validation using AWS security tools like Bedrock Guardrails. The additions emphasize proactive threat mitigation through automated filtering, logging, and continuous monitoring - all security-focused controls. Specific security mechanisms include containerized validation services and toxicity detection integrations.

Diff

diff --git a/wellarchitected/latest/generative-ai-lens/gensec06-bp01.md b/wellarchitected/latest/generative-ai-lens/gensec06-bp01.md
index 387332dd9..c0e2c86f4 100644
--- a//wellarchitected/latest/generative-ai-lens/gensec06-bp01.md
+++ b//wellarchitected/latest/generative-ai-lens/gensec06-bp01.md
@@ -19 +19,13 @@ Data poisoning is best handled at the data layer before training or customizatio
-_Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning, where _poisoned_ data is introduced, intentionally or by mistake, into a model. Data poisoning is considered successful if the model has learned from poisoned data. Protect models from poisoning during pre-training and ongoing training steps by isolating your model training environment, infrastructure, and data. Data should be examined and cleaned for content which may be considered poisonous before introducing that data to a training job. There are several ways to accomplish this, all of which are dependent on the data used to train a model. For example, consider using Amazon Transcribe's Toxicity Detection capability for voice data. For text data, consider using the Amazon Bedrock Guardrails API to filter data. Trained models can be tested using toxicity evaluation techniques from fmeval or Amazon SageMaker AI Studio's model evaluation capability. Carefully consider what your use case defines as poisonous, and develop mechanisms for surfacing this kind of data before it is introduced to a model through pre- and post-training steps. 
+_Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning, where _poisoned_ data is introduced, intentionally or by mistake, into a model. Data poisoning is considered successful if the model has learned from poisoned data. Protect models from poisoning during pre-training and ongoing training steps by isolating your model training environment, infrastructure, and data. Data should be examined and cleaned for content which may be considered poisonous before introducing that data to a training job. There are several ways to accomplish this, all of which are dependent on the data used to train a model. 
+
+For example, consider using Amazon Transcribe's Toxicity Detection capability for voice data. For text data, consider using the Amazon Bedrock Guardrails API to filter data. Trained models can be tested using toxicity evaluation techniques from fmeval or Amazon SageMaker AI Studio's model evaluation capability. Carefully consider what your use case defines as poisonous, and develop mechanisms for surfacing this kind of data before it is introduced to a model through pre- and post-training steps. 
+
+When using Amazon SageMaker AI HyperPod with both Amazon EKS and Slurm, integrate automated data validation and cleansing steps into your data pipeline before training begins. 
+
+Start by using tools or scripts that scan incoming datasets for inappropriate, biased, or irrelevant content with AWS services like Amazon Bedrock Guardrails or custom validation logic. Apply these filters as a preprocessing step in your workflow, and pass only clean and relevant data to the distributed training jobs. 
+
+For Amazon EKS-based HyperPod, incorporate these checks into your Kubernetes jobs or data ingestion pipelines, possibly using containerized data validation services. 
+
+For Slurm-based HyperPod, run data purification scripts as a prerequisite batch job before launching the main training task. 
+
+Always log and monitor the filtering process to catch anomalies and continuously update your filters based on new threats or data issues. This proactive approach helps safeguard model quality and security across both orchestration systems. 
@@ -25 +37,3 @@ _Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning
-  2. Develop filters to check for data which may be considered poisonous to the model. 
+  2. Consult your organization's AI policy or data cards to identify relevant filters for the data. 
+
+  3. Develop filters to check for data which may be considered poisonous to the model. 
@@ -31 +45,3 @@ _Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning
-  3. Consider a guardrail from Amazon Bedrock Guardrails or a third-party solution to check for less discrete signals of poisoning. 
+  4. Consider a guardrail from Amazon Bedrock Guardrails or a third-party solution to check for less discrete signals of poisoning. 
+
+  5. Run these checks on the data intended for model pre-training and model customization, remediating issues as they are discovered. 
@@ -33 +49 @@ _Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning
-  4. Run these checks on the data intended for model pre-training and/or model customization, remediating issues as they are discovered. 
+  6. Consider a relevance test or filter on data used for model customization workloads. 
@@ -40 +56 @@ _Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning
-**Related practices:**
+**Related best practices:**
@@ -47 +63 @@ _Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning
-**Related guides, videos, and documentation:**
+**Related documents:**
@@ -52,0 +69,4 @@ _Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning
+  * [Command-line tool for submitting and managing jobs on HyperPod clusters orchestrated by EKS](https://github.com/aws/sagemaker-hyperpod-cli)
+
+  * [Ready-to-use training recipes and scripts for both EKS and Slurm orchestration, including data pipeline integration](https://github.com/aws/sagemaker-hyperpod-recipes)
+
@@ -59,0 +80,4 @@ _Data poisoning_ happens during pre-training, domain adaptation, and fine-tuning
+  * [Blog: Unified Data Preparation](https://aws.amazon.com/blogs/machine-learning/part-2-unified-data-preparation-model-training-and-deployment-with-amazon-sagemaker-data-wrangler-and-amazon-sagemaker-autopilot/)
+
+  * [Scalable Training Platform with SageMaker AI HyperPod](https://aws.amazon.com/blogs/machine-learning/scalable-training-platform-with-amazon-sagemaker-hyperpod-for-innovation-a-video-generation-case-study/)
+