AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2026-01-28 · Documentation low

File: wellarchitected/latest/financial-services-industry-lens/fsisec09.md

Summary

Extended cryptographic key management recommendations to include protection for generative AI model artifacts, training data, and prompt catalogs

Security assessment

The change expands encryption guidance to cover AI-specific assets but lacks evidence of addressing a specific security incident. It documents new security considerations for emerging technology rather than patching vulnerabilities.

Diff

diff --git a/wellarchitected/latest/financial-services-industry-lens/fsisec09.md b/wellarchitected/latest/financial-services-industry-lens/fsisec09.md
index 3b9f28e19..79a6b6bd9 100644
--- a//wellarchitected/latest/financial-services-industry-lens/fsisec09.md
+++ b//wellarchitected/latest/financial-services-industry-lens/fsisec09.md
@@ -9 +9 @@ FSISEC09-BP01 Consider compliance obligations regarding location of cryptographi
-In addition to implementing the [data protection recommendations](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/data-protection.html) applicable to any company seen in the AWS Well-Architected Framework Security Pillar, financial institutions often have additional industry-specific requirements that can influence the management of cryptographic keys. 
+In addition to implementing the [data protection recommendations](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/data-protection.html) applicable to any company seen in the AWS Well-Architected Framework Security Pillar, financial institutions often have additional industry-specific requirements that can influence the management of cryptographic keys. With generative AI systems, key management extends to protecting model artifacts, training data, knowledge bases, sensitive prompts and prompt catalogs. 
@@ -34,0 +35,2 @@ Although it's less common, AWS customers who have a compliance or regulatory nee
+  * For AI workloads, implement comprehensive encryption for model artifacts and sensitive training data while protecting prompt catalogs and verifying compliant key management across all AI data flows. 
+