Detects first-time mutations by a given AWS identity ARN to Bedrock knowledge bases or their backing RAG data sources, using CloudTrail data events to identify control-plane changes that could poison a retrieval-augmented generation (RAG) corpus. Monitors actions including IngestKnowledgeBaseDocuments, StartIngestionJob, DeleteKnowledgeBaseDocuments, CreateDataSource, UpdateDataSource, DeleteDataSource, and UpdateKnowledgeBase performed against Bedrock resources (action and provider bedrock.amazonaws.com) with a successful outcome. This rule specifically flags new identity usage within a history window (new terms) to catch initial tampering attempts rather than ongoing maintenance. It relies on Bedrock data-event logging (data events) to capture direct document ingestion/deletion, which is not enabled by default and affects coverage. The rule maps to MITRE ATT&CK Data Manipulation (Stored Data Manipulation) under Impact, reflecting the risk of poisoning model outputs by corrupting the underlying corpus. False positives include legitimate maintenance or automation activities (document onboarding, scheduled re-ingestion) by data engineering or MLOps pipelines; such activity should be validated or exempted if approved. The rule contributes to incident response by guiding containment (suspend/revert corpus), credential rotation, and auditing ingestion/document changes, and it emphasizes least-privilege access to mutation operations for Bedrock resources. Acknowledges the need to enable Bedrock data-event logging on CloudTrail for full coverage.