This detection rule monitors and identifies attempts to delete AWS Bedrock Knowledge Bases, which are critical resources for managing domain-specific data for AI applications. By analyzing AWS CloudTrail logs for DeleteKnowledgeBase API calls, this rule aims to spot potential malicious activities such as adversaries trying to erase knowledge bases after compromising credentials. This deletion could serve as an effort to disrupt business operations, eliminate evidence of unauthorized data access, or degrade AI performance by removing crucial business context. If such activity is confirmed as malicious, it indicates a serious risk to the integrity and functionality of AI models, potentially leading to significant service disruption or data loss.