Guardrails for Amazon Bedrock: AI Safety and Compliance Guide
.png)
With Guardrails for Amazon Bedrock, Amazon has taken a leading role in the drive towards responsible AI. Amazon Bedrock Guardrails is a set of built-in safety and compliance features that keep your AI models secure and responsible. By integrating Guardrails directly into their platform, Amazon is showing a commitment to addressing key concerns around AI, especially bias, privacy, and security.
Here, we are taking a look at how Amazon is taming the AI frontier and the different types of threats that Guardrails defends against. We’ll also include a practical guide to using Guardrails and cover some important concepts.
What is Amazon Bedrock?
As AWS’ Generative AI model hub, Amazon Bedrock offers a centralized location for accessing and deploying a variety of foundational models. The platform offers a selection of Foundation Models (FMs) from multiple providers, including models developed by AWS and third-party models from companies like AI21 Labs, Anthropic, and Stability AI. These models cover different capabilities, from natural language processing to computer vision, and more.
A foundation model (FM) is the "brain" of a Generative AI application. It’s what provides the core capabilities an application needs to produce conversational output. Continuing the metaphor just a little, a Generative AI application is like the face or persona that developers build on top of the FM. This persona is what you encounter when you ask a Large Language Model for answers, content, or any other type of task that it performs by understanding and responding to user inputs.
Amazon Bedrock is a managed service offered by AWS (Amazon Web Services), offering a suite of these FMs. It allows developers to build, customize, and deploy AI-driven applications using a range of pre-trained models. To keep these models operating correctly, Amazon has built Guardrails into the platform.
What is Guardrails for Amazon Bedrock?
Guardrails is Amazon’s inbuilt safety and compliance framework. Through this framework, Guardrails assess user inputs and model outputs against predefined safety criteria and regulatory standards. It offers developers and other stakeholders a range of tools to ensure that their AI models generate appropriate, compliant and safe content.
How do Guardrails for Amazon Bedrock Work? A Practical 8-Point Guide to Getting Started with Guardrails
1. Associate Guardrails with a Model
By Using AWS Bedrock Guardrails, you can implement consistent safeguards for different foundation models and GenAI applications. Use it during model inference, or associate guardrails with agents or apply them when querying knowledge bases.
2. Configure Content Filters
Start by configuring content filters for both the incoming prompts and the returning completions. You can adjust filter strengths for categories like hate speech, insults, sexual content, violence, and misconduct. For the incoming prompts, you can also set protection against prompt attacks.
3. Define Denied Topics
In the next step you can define denied topics to detect and block incoming prompts and returning completions that fall into them. You can optionally add for each topic some representative phrases that refer to it, similar to how you’d write a prompt.
4. Set Up Word Filters
After that, you can set up word filters to block specific words or phrases to be blocked by the guardrail, and even block profanity that is inappropriate for your application.
5. Sensitive Information Filters
You can add sensitive information filters, like personally identifiable information (PII), or define your own by using RegEx. There’s a long list of PII types that the guardrail can detect and handle by the desired behavior.
6. Define Block Messages
Lastly, you can also define the messages that will be shown if the input or model output is blocked by the guardrail.
7. Test the Guardrail
After successfully creating the guardrail you can even test it using a built-in test window to ensure they meet your application requirements.
8. Customer-Managed Keys
For more granular control, you can set customer-managed keys (CMKs) to encrypt the guardrails, which provides additional security and helps meet compliance requirements.
4 Key Reasons Why Organizations Should Use Guardrails for AI Development
1. Versatile Guardrails
Amazon Bedrock Guardrails work across various foundational models and AI agents, enabling consistent safety and compliance standards. Developers can easily integrate them at the API level, applying uniform policies to chatbots, image models, and more, ensuring outputs align with organizational AI guidelines.
2. Easy Content Filtering
Guardrails let developers define and block specific topics using short natural language descriptions, allowing precise control over model outputs. This feature enables easy filtering for regulated industries, ensuring content stays within responsible AI guidelines.
3. Prevent Sensitive Information Leakage
Amazon Bedrock Guardrails provides a flexible approach to handling sensitive information. Developers can select from a predefined list of types of Personally Identifiable Information (PII), or define custom sensitive information types using regular expressions (RegEx). This customization makes it possible to tailor sensitivity settings to specific business needs.
4. Reduce Risk of GenAI Threats
Minimizing the risk of GenAI threats is crucial for maintaining security and compliance. By implementing Guardrails, organizations can effectively manage and mitigate potential risks. These guardrails enable precise control over content generation by using short natural language descriptions to define and block specific topics. This ensures that models do not produce outputs related to sensitive or restricted areas, such as medical conditions or financial advice.
Benefits of Using Lasso Security’s Secured Gateway for LLMs
Model-Agnostic Guardrails for Any Platform
Lasso Security’s Secure Gateway for LLMs is designed to be completely model-agnostic, seamlessly integrating with any AI platform, whether you are using AWS Bedrock, OpenAI, or another foundation model. Regardless of the underlying model architecture, Lasso ensures consistent guardrails, offering robust protection and compliance across different applications. This means you can confidently use Lasso's security features with any model type, maintaining essential safeguards like data protection, prompt injection prevention, and secure outputs—no matter the platform or model used.
Safeguard Against Prompt Injections and Jailbreak Attacks
Lasso Security's guardrails are specifically designed to mitigate critical threats like prompt injections and jailbreak attacks. In a prompt injection, attackers use crafted inputs to manipulate the model, while jailbreak attacks involve bypassing a model's safety constraints. Lasso Security protects against these threats through input validation, output filtering, and continuous monitoring:
- Input Validation: Screens prompts for malicious content before processing.
- Output Filtering: Scans responses for inappropriate content, blocking or sanitizing as necessary.
- Continuous Monitoring: Automatically detects suspicious patterns in real-time, enabling swift responses to potential security breaches.
Define Denied Topics with Natural Language Descriptions
Lasso Security enables organizations to restrict specific topics or content with simple, natural language descriptions. Developers have the flexibility to define exact content guidelines, aligning AI outputs with industry-specific regulations. For example, in sectors like healthcare or finance, Lasso’s guardrails can prevent the model from generating outputs related to sensitive medical conditions or financial advice. The use of natural language makes it easy for non-technical team members to contribute, ensuring all stakeholders can help define and manage restrictions.
Redact or Block Sensitive Information
Lasso Security's guardrails offer customizable options to handle sensitive information. Developers can select predefined categories of Personally Identifiable Information (PII) or create custom categories using RegEx for tailored sensitivity controls. This is particularly beneficial for applications like AI-driven call centers, where conversations are summarized by AI. Lasso's guardrails automatically redact or block sensitive details from summaries, safeguarding data and ensuring compliance with privacy regulations. This enhances the overall security of AI applications and reinforces user trust by ensuring sensitive information is properly managed.
Seamless integration. Easy onboarding.
Schedule a Demo
