AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2026-04-22 · Documentation low

File: bedrock/latest/userguide/abuse-detection.md

Summary

Updated terminology from 'Titan' to 'first-party' models, specified that CSAM detection returns a ValidationException (HTTP 400) error, and added clarification that abuse detection notifications are sent to the AWS account email address.

Security assessment

The changes clarify existing security features (abuse detection, CSAM blocking, and violation reporting) but do not indicate a new security vulnerability. The update to specify the exact error type (ValidationException) and HTTP status code (400) for CSAM detection provides more precise documentation for developers, which can help in error handling. The addition of email notification details emphasizes the importance of maintaining updated contact information for security incident response, but there is no evidence of a specific security incident being addressed.

Diff

diff --git a/bedrock/latest/userguide/abuse-detection.md b/bedrock/latest/userguide/abuse-detection.md
index 114e233d5..c71f8fb30 100644
--- a//bedrock/latest/userguide/abuse-detection.md
+++ b//bedrock/latest/userguide/abuse-detection.md
@@ -15 +15 @@ Automated abuse detection includes:
-  * **Categorize content** — We use classifiers to detect harmful content (such as content that incites violence) in user inputs and model outputs. A classifier is an algorithm that processes model inputs and outputs, and assigns type of harm and level of confidence. We may run these classifiers on both Titan and third-party model usage. This may include models that are fine-tuned using Amazon Bedrock's model customization. The classification process is automated and does not involve human review of user inputs or model outputs.
+  * **Categorize content** — We use classifiers to detect harmful content (such as content that incites violence) in user inputs and model outputs. A classifier is an algorithm that processes model inputs and outputs, and assigns type of harm and level of confidence. We may run these classifiers on both first-party and third-party model usage. This may include models that are fine-tuned using Amazon Bedrock's model customization. The classification process is automated and does not involve human review of user inputs or model outputs.
@@ -19 +19 @@ Automated abuse detection includes:
-  * **Detecting and blocking child sexual abuse material (CSAM)** — You are responsible for the content you (and your end users) upload to Amazon Bedrock and must ensure this content is free from illegal images. To help stop the dissemination of CSAM, Amazon Bedrock may use automated abuse detection mechanisms (such as hash matching technology or classifiers) to detect apparent CSAM. If Amazon Bedrock detects apparent CSAM in your image inputs, Amazon Bedrock will block the request and you will receive an automated error message. Amazon Bedrock may also file a report with the National Center for Missing and Exploited Children (NCMEC) or a relevant authority. We take CSAM seriously and will continue to update our detection, blocking, and reporting mechanisms. You might be required by applicable laws to take additional actions, and you are responsible for those actions.
+  * **Detecting and blocking child sexual abuse material (CSAM)** — You are responsible for the content you (and your end users) upload to Amazon Bedrock and must ensure this content is free from illegal images. To help stop the dissemination of CSAM, Amazon Bedrock may use automated abuse detection mechanisms (such as hash matching technology or classifiers) to detect apparent CSAM. If Amazon Bedrock detects apparent CSAM in your image inputs, Amazon Bedrock will block the request and return a `ValidationException` (HTTP 400) error in the API response. Amazon Bedrock may also file a report with the National Center for Missing and Exploited Children (NCMEC) or a relevant authority. We take CSAM seriously and will continue to update our detection, blocking, and reporting mechanisms. You might be required by applicable laws to take additional actions, and you are responsible for those actions.
@@ -24 +24 @@ Automated abuse detection includes:
-Once our automated abuse detection mechanisms identify potential violations, we may request information about your use of Amazon Bedrock and compliance with our terms of service or a third-party provider’s AUP. In the event that you are non-responsive, unwilling, or unable to comply with these terms or policies, AWS may suspend your access to Amazon Bedrock. You may also be billed for the failed fine-tuning jobs if our automated tests detect model responses being inconsistent with third-party model-providers' license terms and policies.
+Once our automated abuse detection mechanisms identify potential violations, we may request information about your use of Amazon Bedrock and compliance with our terms of service or a third-party provider’s AUP. These requests are sent to the email address associated with your AWS account, so ensure that your account contact information is current and monitored. In the event that you are non-responsive, unwilling, or unable to comply with these terms or policies, AWS may suspend your access to Amazon Bedrock. You may also be billed for the failed fine-tuning jobs if our automated tests detect model responses being inconsistent with third-party model-providers' license terms and policies.