This detection rule identifies instances when a single user executes multiple AWS Bedrock invocations without proper guardrails within a one-minute window. Such behavior may indicate potential attempts to circumvent security measures intended to protect sensitive information or to exploit vulnerabilities in the system. The rule is designed for AWS environments and is particularly critical given the growing reliance on AI models. By capturing instances where there are more than five guardrail-less executions in a short time span, the rule aims to alert security personnel to behavior that might compromise security and compliance standards. Key investigation steps include tracking user activity, timing the execution of requests, and assessing the legitimacy of the user actions within the context of organizational policies regarding AWS Bedrock usage. Additionally, detailed remediation steps are outlined to advise on how to respond to detected anomalies effectively, emphasizing incident response procedures, permission reviews, and updating logging policies to enhance future detection capabilities.