
Summary
Identifies prompts submitted to the Amazon Bedrock AgentCore runtime that contain credential material such as AWS access keys (AKIA or ASIA), Bedrock API keys (ABSK tokens), or PEM-encoded private keys. The AgentCore logs (aws.bedrock_agentcore.request_payload.prompt) capture user-supplied prompts, and credentials embedded in prompts can be exposed to the model provider, persist in observability logs, and potentially appear in completions or be used by downstream tools. This typically indicates accidental secret leakage by a user/application or an attempt to stage credentials for misuse through the agent. Secrets should never be passed to an agent in clear text. The rule monitors InvokeAgentRuntime events using the Bedrock observability dataset (aws_bedrock_agentcore.runtime_application_logs) to detect credential patterns in prompts and alerts when found. It maps to MITRE ATT&CK Unsecured Credentials (T1552) under Credential Access (TA0006). Affected workflow involves identifying the specific agent, session, and surrounding prompts to determine origin and legitimacy, and whether the credential is live and belongs to a sanctioned principal. The rule includes guidance for triage, remediation, and prevention, such as rotating/revoking live credentials, removing secrets from logs, notifying owners, and implementing input filtering or guardrails to block credential patterns.
Categories
- Cloud
- AWS
Data Sources
- Application Log
ATT&CK Techniques
- T1552
Created: 2026-07-08