Detects deletion or modification of AWS Bedrock Automated Reasoning policies by monitoring CloudTrail for DeleteAutomatedReasoningPolicy, UpdateAutomatedReasoningPolicy, or UpdateAutomatedReasoningPolicyAnnotations actions. Automated Reasoning policies enforce formal, rule-based safety controls on model outputs. Tampering with these policies or their annotations by an adversary who gained control of the Bedrock control plane can weaken output validation and enable unsafe or non-compliant model results. Benign governance changes, policy tuning, or environment teardown are explicitly excluded as false positives. The rule operates on CloudTrail logs (index logs-aws.cloudtrail-*) with event provider bedrock.amazonaws.com and matches the listed actions when event.outcome is success. It includes mitigation guidance, investigation steps, and a correlation with Defense Evasion (MITRE T1562.001) under the Impair Defenses tactic, reflecting the risk of weakening safety controls. The rule is intended for rapid detection within a 6-minute window and provides fields to aid investigation (actor identity, source IP, account, region, request/response details).