This detection rule is designed to identify potential misuse of resources within AWS Bedrock, a managed service for building large AI applications. The rule looks for users generating extraordinarily high input token counts alongside many requests and large response sizes, which might indicate attempts to overload the service or illicit data extraction. Such behavior can signify a significant risk of data breaches or service disruptions. The rule operates on logs from AWS Bedrock's invocation, focusing on user interactions that exceed specified thresholds, thus allowing organizations to flag and investigate suspicious activities. Additionally, it offers detailed triage and response guidance, helping security teams to effectively handle potential incidents involving resource abuse.