You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Through CloudTrail's <code>ListFoundationModels</code> and <code>InvokeModel</code> events.
If model invocation logging is enabled, invocations requests are logged on CloudWatch and/or S3 buckets with additional details, including prompt content and response. This greatly helps in detecting malicious invocations.
It is not recommended to alert on every model invokation, thus you can consider the following options for a more reasonable detection:
- Detecting <code>InvokeModel</code> with "ValidationException", raised when using an invalid request parameter. This is a technique used by some attackers to verify if they have proper permissions.
- Adding other APIs in your detection pattern, such as <code>PutFoundationModelEntitlement</code> and <code>PutUseCaseForModelAccess</code>, used for enabling models before invoking them.
