AWS Security ChangesHomeSearch

AWS devopsagent documentation change

Service: devopsagent · 2026-06-19 · Documentation low

File: devopsagent/latest/userguide/aws-devops-agent-security.md

Summary

Enhanced AI safety protections section to include Amazon Bedrock Guardrails for prompt injection/jailbreak detection; updated links for 'Connecting to privately hosted tools' and 'Invoking DevOps Agent through Webhook' due to documentation restructuring.

Security assessment

The change adds documentation about Amazon Bedrock Guardrails, a security feature that detects and blocks prompt injection/jailbreak attacks. This improves security documentation but doesn't address a specific vulnerability. The link updates are administrative changes.

Diff

diff --git a/devopsagent/latest/userguide/aws-devops-agent-security.md b/devopsagent/latest/userguide/aws-devops-agent-security.md
index 6b72129d6..5a2f769a0 100644
--- a//devopsagent/latest/userguide/aws-devops-agent-security.md
+++ b//devopsagent/latest/userguide/aws-devops-agent-security.md
@@ -165 +165 @@ Prompt injection safeguards:
-  * **AI safety protections** – AWS DevOps Agent uses models with AI Safety Level 3 (ASL-3) protections. These protections include classifiers that detect and prevent prompt injection attacks before they can affect agent behavior.
+  * **AI safety protections** – AWS DevOps Agent uses models with AI Safety Level 3 (ASL-3) protections, which include built-in classifiers that detect and resist prompt injection attempts. The agent also leverages the [Amazon Bedrock Guardrails](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-prompt-attack.html) prompt attack filter to detect and block prompt injection and jailbreak attempts before they can affect agent behavior.
@@ -248 +248 @@ AWS DevOps Agent initiates outbound connections to your third-party systems and
-  * **Privately hosted tools** – If your tools are reachable from within an AWS VPC, you can use AWS DevOps Agent _private connections_ to keep traffic isolated to AWS networks, and off of the public internet. For more information, see [Connecting to privately hosted tools](./configuring-capabilities-for-aws-devops-agent-connecting-to-privately-hosted-tools.html).
+  * **Privately hosted tools** – If your tools are reachable from within an AWS VPC, you can use AWS DevOps Agent _private connections_ to keep traffic isolated to AWS networks, and off of the public internet. For more information, see [Connecting to privately hosted tools](./configuring-integrations-and-knowledge-connecting-to-privately-hosted-tools.html).
@@ -341 +341 @@ AWS DevOps Agent initiates outbound connections to your third-party systems and
-For outbound traffic from your AWS VPC to AWS DevOps Agent (for example, using [Invoking DevOps Agent through Webhook](./configuring-capabilities-for-aws-devops-agent-invoking-devops-agent-through-webhook.html)), you can use VPC Endpoints to keep this network traffic isolated to AWS networks. For more information, see [VPC Endpoints (AWS PrivateLink)](./aws-devops-agent-security-vpc-endpoints-aws-privatelink.html).
+For outbound traffic from your AWS VPC to AWS DevOps Agent (for example, using [Invoking DevOps Agent through Webhook](./configuring-integrations-and-knowledge-invoking-devops-agent-through-webhook.html)), you can use VPC Endpoints to keep this network traffic isolated to AWS networks. For more information, see [VPC Endpoints (AWS PrivateLink)](./aws-devops-agent-security-vpc-endpoints-aws-privatelink.html).