AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2026-01-28 · Documentation low

File: wellarchitected/latest/financial-services-industry-lens/fsisec10.md

Summary

Added data loss prevention considerations for generative AI systems including prompt security, model output monitoring, and AI interaction audit trails

Security assessment

The change introduces new documentation for securing AI-generated content and interactions but doesn't reference any specific data breach or vulnerability. It proactively addresses potential risks in emerging technology without evidence of exploiting incidents.

Diff

diff --git a/wellarchitected/latest/financial-services-industry-lens/fsisec10.md b/wellarchitected/latest/financial-services-industry-lens/fsisec10.md
index 6fc703b5d..d6f9e68fe 100644
--- a//wellarchitected/latest/financial-services-industry-lens/fsisec10.md
+++ b//wellarchitected/latest/financial-services-industry-lens/fsisec10.md
@@ -9 +9 @@ FSISEC10-BP01 Prevent modifications and deletions of logs and dataFSISEC10-BP02
-Data loss as part of a security event, accident or business process can affect both your operation and state of compliance. The following recommendations can help with the protection from theft and inadvertent or malicious loss. 
+Data loss as part of a security event, accident or business process can affect both your operation and state of compliance. The following recommendations can help with the protection from theft and inadvertent or malicious loss. Generative AI systems introduce new considerations for data loss prevention, including model outputs, prompt security, training data, model artifacts, and AI-generated content. 
@@ -13 +13 @@ Data loss as part of a security event, accident or business process can affect b
-Financial services agencies around the world, including the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) in the US, have created rules that require a broker-dealer to maintain and preserve electronic records exclusively in a non-rewriteable, non-erasable format, also known as a write once, read many (WORM) format. 
+Financial services agencies around the world, including the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) in the US, have created rules 
@@ -15 +15,5 @@ Financial services agencies around the world, including the Securities and Excha
-For object data, Amazon [S3 Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) allows you to store objects using a WORM model. You can use WORM protection for scenarios where it is imperative that data is not changed or deleted after it has been written. With S3 Object lock, you can securely deliver logs to a designated S3 bucket, and use the S3 Object Lock feature to make the logs immutable. It blocks object version deletion during a customer- defined retention period so that you can enforce retention policies. In conjunction with [S3 versioning](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html), which protects objects from being overwritten, you're able to keep objects immutable for as long as S3 Object Lock protection is applied. 
+that require a broker-dealer to maintain and preserve electronic records exclusively in a non- rewriteable, non-erasable format, also known as a write once, read many (WORM) format. 
+
+For object data, Amazon [S3 Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) allows you to store objects using a WORM model. You can use WORM protection for scenarios where it is imperative that data is not changed or deleted after it has been written. With S3 Object lock, you can securely deliver logs to a designated S3 bucket, and use the S3 Object Lock feature to make the logs immutable. It blocks object version deletion during a customer- defined retention period so that you can enforce retention policies. In 
+
+conjunction with [S3 versioning](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html), which protects objects from being overwritten, you're able to keep objects immutable for as long as S3 Object Lock protection is applied. 
@@ -18,0 +23,2 @@ For file data, use [SnapLock](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/
+For AI systems, implement secure prompt catalogs and validate model responses for potential data leakage while protecting training data integrity and maintaining continuous monitoring of AI system outputs and establishing audit trails for all AI data interactions. 
+