Detects creation of AWS Bedrock Agents by human IAM credentials (IAMUser or Root) via CloudTrail. The rule is scoped to direct human identities and excludes AssumedRole sessions to avoid common CI/CD/SSO automation false positives. It fires when Bedrock CreateAgent is successful, and the CloudTrail context shows a user_identity of type IAMUser or Root, indicating a rogue or misconfigured agent could exfiltrate data, pivot to other services, or act as a persistent AI-driven C2 channel. Investigations focus on: identity (user_identity.arn and type), agent configuration (request_parameters.agentName, foundationModel, instruction, actionGroupExecutor.lambda), and cross-account indicators (Lambda ARNs in action groups from a different account than cloud.account.id). Look for follow-on activity within the next hour (PrepareAgent, CreateAgentAlias, CreateAgentActionGroup, AssociateAgentKnowledgeBase) from the same identity. False positives include developers interactively creating agents with personal credentials; validate against known projects and ensure the agent corresponds to a legitimate deployment. Remediation involves deleting unauthorized agents (DeleteAgent), removing related action groups/aliases, auditing Lambda functions in action groups for malicious code, and restricting bedrock:CreateAgent to specific deployment roles via IAM or SCP. This rule maps to MITRE persistence techniques (T1505) under the Persistence tactic (TA0003).