AWS prescriptive-guidance documentation change
Summary
Updated introduction to focus on AI security, added audience section, updated contributors and date, refined guidance scope to foundational security controls for AI workloads, and updated navigation links.
Security assessment
Changes emphasize security frameworks (Generative AI Security Scoping Matrix, Agentic AI Security Scoping Matrix) and foundational security controls for AI workloads, but there's no evidence of addressing a specific security vulnerability. The updates enhance security documentation rather than patching an issue.
Diff
diff --git a/prescriptive-guidance/latest/security-reference-architecture-generative-ai/introduction.md b/prescriptive-guidance/latest/security-reference-architecture-generative-ai/introduction.md index 7896a9d82..54ea36860 100644 --- a//prescriptive-guidance/latest/security-reference-architecture-generative-ai/introduction.md +++ b//prescriptive-guidance/latest/security-reference-architecture-generative-ai/introduction.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture (AWS SRA) – generative AI](introduction.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture (AWS SRA) – AI security](introduction.html) @@ -5 +5 @@ -# AWS Security Reference Architecture (AWS SRA) – generative AI +Intended audience @@ -7 +7 @@ - _Global Services Security Team, Amazon Web Services_ ([contributors](./contributors.html)) +# AWS Security Reference Architecture (AWS SRA) – AI security @@ -9 +9,3 @@ -_December 2025_ ([document history](./doc-history.html)) + _AWS Security Customer Outcomes Team, Amazon Web Services_ ([contributors](./contributors.html)) + +_February 2026_ ([document history](./doc-history.html)) @@ -14,3 +16 @@ Influence the future of the AWS Security Reference Architecture (AWS SRA) by tak -This guide provides current recommendations for using generative AI securely to improve the productivity and efficiency for users and organizations. It focuses on the use of Amazon Bedrock based on the AWS SRA's holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. This guidance builds upon the [AWS SRA – core architecture](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/) to enable generative AI capabilities within an enterprise-grade, secure framework. It covers key security controls such as AWS Identity and Access Management (IAM) permissions, data protection, input/output validation, network isolation, logging, and monitoring that's specific to Amazon Bedrock generative AI capabilities. - -The target audience for this guidance are security professionals, architects, and developers who are responsible for securely integrating generative AI capabilities into their organizations and applications. +AI solutions span multiple use cases, each with distinct security requirements. The [Generative AI Security Scoping Matrix](https://aws.amazon.com/blogs/security/securing-generative-ai-an-introduction-to-the-generative-ai-security-scoping-matrix/) defines security scope and disciplines for different use cases, and the [Agentic AI Security Scoping Matrix](https://aws.amazon.com/blogs/security/the-agentic-ai-security-scoping-matrix-a-framework-for-securing-autonomous-ai-systems/) defines the autonomy and agency given to an agent. @@ -18 +18 @@ The target audience for this guidance are security professionals, architects, an -Generative AI solutions cover multiple use cases that affect your security scope. To better understand the scope and corresponding key security disciplines, see the AWS blog post [Securing generative AI: An introduction to the Generative AI Security Scoping Matrix](https://aws.amazon.com/blogs/security/securing-generative-ai-an-introduction-to-the-generative-ai-security-scoping-matrix/). Depending on your use case, you might use a managed service where the service provider takes more responsibility for the management of the service and model, or you might build your own service and model. AWS offers a wide range of services to help you build, run, and integrate artificial intelligence and machine learning (AI/ML) solutions of any size, complexity, or use case. These services operate at all [three layers of the generative AI stack](https://aws.amazon.com/blogs/machine-learning/welcome-to-a-new-era-of-building-in-the-cloud-with-generative-ai-on-aws/). In this guidance we focus on the middle layer, which provides access to all the models and tools you need to build and scale generative AI applications by using Amazon Bedrock. +Depending on your use case, you can use a managed service where the provider handles operations, or build your own. AWS offers a wide range of services to help you build, run, and integrate artificial intelligence and machine learning (AI/ML) solutions of any size, complexity, or use case. These services operate at all [three layers of the generative AI stack](https://aws.amazon.com/blogs/machine-learning/welcome-to-a-new-era-of-building-in-the-cloud-with-generative-ai-on-aws/): infrastructure, large language models (LLMs), and applications. @@ -20 +20 @@ Generative AI solutions cover multiple use cases that affect your security scope -For an introduction to generative AI, see [What is Generative AI?](https://aws.amazon.com/what-is/generative-ai/) on the AWS website. +This guide focuses on the middle layer, which provides access to all the models and tools you need to build and scale generative AI applications and applications on AWS. Although AI (machine learning and LLMs) can be used for security purposes, this guide focuses on the foundational security controls to protect AI workloads deployed on AWS. @@ -22 +22 @@ For an introduction to generative AI, see [What is Generative AI?](https://aws.a -###### Note +## Intended audience @@ -24 +24 @@ For an introduction to generative AI, see [What is Generative AI?](https://aws.a -The scope of this current guidance is exclusively around the generative AI capabilities of Amazon Bedrock. Future updates will iteratively expand the scope and add guidance to include the full array of AWS services for generative AI. +The intended audience for this guidance is security professionals, architects, and developers who are responsible for securely integrating generative AI capabilities into their organizations and applications using AWS services. @@ -26 +26 @@ The scope of this current guidance is exclusively around the generative AI capab -In this guide: +**In this guide:** @@ -30 +30 @@ In this guide: - * [Generative AI for the AWS SRA](./gen-ai-sra.html) + * [AWS SRA for AI](./gen-ai-sra.html) @@ -36,3 +36 @@ In this guide: - * [Contributors](./contributors.html) - - * [Document history](./doc-history.html) + * [Conclusion](./conclusion.html)