AWS prescriptive-guidance documentation change
Summary
Updated document title, restructured capability list (added Capability 5 & 6), and reorganized content framework to include rationale/security/remediation sections. Changed focus from Amazon Bedrock to general AI security.
Security assessment
Changes restructure and expand security documentation but show no evidence of addressing specific vulnerabilities. The added capabilities (5-6) and explicit security consideration/remediation sections enhance security guidance without referencing incidents.
Diff
diff --git a/prescriptive-guidance/latest/security-reference-architecture-generative-ai/generative-ai-capabilities.md b/prescriptive-guidance/latest/security-reference-architecture-generative-ai/generative-ai-capabilities.md index ec8fe1a08..cf523bc24 100644 --- a//prescriptive-guidance/latest/security-reference-architecture-generative-ai/generative-ai-capabilities.md +++ b//prescriptive-guidance/latest/security-reference-architecture-generative-ai/generative-ai-capabilities.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture (AWS SRA) – generative AI](introduction.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture (AWS SRA) – AI security](introduction.html) @@ -10 +10 @@ Influence the future of the AWS Security Reference Architecture (AWS SRA) by tak -This section explores the security considerations and best practices for these Amazon Bedrock generative AI capabilities: +This section discusses secure access, usage, and implementation recommendations for the following generative AI capabilities: @@ -14 +14 @@ This section explores the security considerations and best practices for these A - * [Capability 2. Providing secure access, usage, and implementation to generative AI RAG techniques](./gen-ai-rag.html) + * [Capability 2. Providing secure access, usage, and implementation for generative AI model customization](./gen-ai-rag.html) @@ -16 +16 @@ This section explores the security considerations and best practices for these A - * [Capability 3. Providing secure access, usage, and implementation of generative AI autonomous agents](./gen-ai-agents.html) + * [Capability 3. Providing secure access to data and systems for generative AI](./gen-ai-agents.html) @@ -18 +18 @@ This section explores the security considerations and best practices for these A - * [Capability 4. Providing secure access, usage, and implementation for generative AI model customization](./gen-ai-customization.html) + * [Capability 4. Providing secure access, usage, and implementation of tools](./gen-ai-customization.html) @@ -19,0 +20 @@ This section explores the security considerations and best practices for these A + * [Capability 5. Providing secure access, usage, and implementation of generative AI agents](./gen-auto-agents.html) @@ -20,0 +22 @@ This section explores the security considerations and best practices for these A + * [Capability 6. Providing secure access, usage, and implementation for AI applications](./ai-apps.html) @@ -23 +25,16 @@ This section explores the security considerations and best practices for these A -The subsections expand on each capability, discuss the rationale of what the capability is and its usage, cover security considerations pertaining to the capability, and explain how you can use AWS services and features to address the security considerations (remediation). The rationale, security considerations, and remediations of using foundation models (capability 1) applies to all other capabilities, because they all use model inference. For example, if your business application uses a customized Amazon Bedrock model with retrieval augmented generation (RAG) capability, you have to consider the rationale, security considerations and remediations of capabilities 1, 2, and 4. + + +Most capability sections include the following information: + + * **Rationale** explains what the capability does and when to use it. + + * **Security considerations** describes risks that are specific to the capability. + + * **Remediations** reviews the AWS services and features that address the risks. + + * **Recommended AWS services** to build the capability securely. + + + + +All capabilities build on Capability 1 (foundation model inference) because they all invoke models. When you combine capabilities, apply security controls from each relevant section. For example, a customized model with Retrieval Augmented Generation (RAG) requires controls from Capabilities 1, 2, and 3. @@ -31 +48 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -AWS SRA for generative AI +AWS SRA for AI