This rule detects tampering of deployed Amazon Bedrock components by monitoring control-plane changes to existing Bedrock agents and their wiring. Specifically, it looks for CloudTrail events where Bedrock APIs modify an existing agent's configuration or its related components, including UpdateAgent, CreateAgentActionGroup, UpdateAgentActionGroup, AssociateAgentCollaborator, UpdateAgentCollaborator, CreateAgentAlias, UpdateAgentAlias, and PrepareAgent. Creation of new agents (CreateAgent) is intentionally excluded to focus on persistence risks from compromising established, trusted agents. A tampered configuration becomes active only after PrepareAgent, enabling malicious behavior to persist within a trusted resource. The detection uses the Bedrock data stream from AWS CloudTrail and flags successful outcomes (event.outcome =