Identifies anomalous high-frequency Bedrock model inference activity from a single AWS principal across a short window. The rule inspects AWS CloudTrail logs for Bedrock runtime operations (InvokeModel, InvokeModelWithResponseStream, Converse, ConverseStream) and requires a successful outcome. It extracts the Bedrock modelId from request_parameters and aggregates counts by aws.cloudtrail.user_identity.arn, cloud.account.id, and Esql.model_id. A threshold of 500 calls within the observed window triggers an alert, capturing context such as the action values, source IPs, user agents, identity type, and region to aid investigation. This is a volumetric/behavioral signal intended as a precursor to more definitive membership-inference or data-exfiltration activity. The rule does not rely on model confidence scores and is tuned for the loud variant; low-and-slow or distributed probing may evade it. It should be used as corroborating evidence alongside other Bedrock alerts and configured with guardrails like quotas and least-privilege IAM policies. The setup notes that Bedrock and CloudTrail logs are needed and that the rule relies on CloudTrail management events, which are logged by default. It includes alert suppression by principal/account to reduce noise within a 60-minute window, and provides recommended investigation steps and remediation actions.