AWS AI Security: Securing AI workloads on AWS

Why AI security for AWS matters

AI adoption happens in the cloud, which is no surprise: The cloud’s scalability and agility make it the perfect place for AI innovation. To keep up with this rapid growth, cloud providers have been expanding their AI offerings just as fast. AWS, in particular, now offers 13 out-of-the-box AI services alongside a range of self-managed to fully-managed AI infrastructure solutions.

But with rapid adoption comes heightened risk. AI security challenges such as data poisoning, supply chain risks, and adversarial attacks are very real concerns. Our Wiz Research Team uncovered two real-world AI vulnerabilities on AWS in 2024—a potential cross-tenant attack vulnerability and LLM hijacking activity.

As developers, understanding and implementing AI security best practices on AWS is key to driving AI innovation in the cloud while safeguarding your organization. You can start by uncovering the top 7 AI security risks you should be aware of.

AI Security Sample Assessment

In this Sample Assessment Report, you’ll get a peek behind the curtain to see what an AI Security Assessment should look like.

Download PDF

Recap: What AI services does AWS offer?

From the get-go, AWS has positioned itself as a one-stop-shop for AI developers by offering a comprehensive suite that covers the entire AI lifecycle. Whether you’re prepping data, training models, or deploying them into production, AWS’s portfolio has got you covered.

At the heart of it all is AWS SageMaker, a centralized platform that streamlines end-to-end AI development and management. SageMaker not only simplifies model training and deployment but also provides robust monitoring and optimization tools, making it a favorite for devs who value both efficiency and scalability.

Figure 1: Amazon SageMaker centralizes all your data, analytics, and AI on AWS (Source: Amazon)

But that’s just the tip of the iceberg. AWS offers a variety of managed AI services tailored to diverse use cases一from natural language processing and image recognition to predictive analytics and automated decision-making.

These services range from self-managed solutions that give you full control over your environment to fully managed offerings that let you focus on building your application while AWS handles the heavy lifting. This flexibility allows you to strike the right balance between technical requirements, ease of adoption, cost, expertise required, and customization needs.

Figure 2: An overview of the AWS stack across AI services, ML services, and ML frameworks/infrastructure (Source: Amazon)

Digging a little deeper under the hood, you’ll find that AWS provides a powerful set of computational options for AI infrastructure. Whether you’re leveraging EC2 instances optimized for machine learning or containerized environments via ECS and EKS, the platform is designed to scale with your workload.

Additionally, AWS offers a solid end-to-end data foundation for AI一with services like Amazon S3 for storage, AWS Glue for data integration, and other data tools that ensure your datasets are secure and readily accessible. AWS’s ecosystem also integrates seamlessly with numerous third-party tools, especially with GenAI partner solutions, enabling developers to experiment with different options to supercharge innovation.

In essence, AWS offers a complete suite for businesses looking to build, deploy, and scale AI applications while ensuring seamless integration, scalability, and security. Still, it’s important to note that though these capabilities are powerful, developers must address the security risks that come with such comprehensive solutions.

What is AWS’s shared responsibility model for AI?

Cloud computing brings inherent security guarantees, but keep in mind that security is a shared responsibility between you and your cloud provider. While AWS’s shared responsibility model refers generally to cloud computing, it can be extended to AI applications on the cloud.

Figure 3: The security and compliance responsibilities of customers and AWS as defined by AWS’s shared responsibility model (Source: Amazon)

In AWS’s model, AWS takes care of the security of the cloud—the underlying infrastructure, hardware, and managed services—while you, the customer, are responsible for securing what you put in the cloud, including your data, applications, and AI models.

When it comes to AI workloads, this shared responsibility extends further: You must ensure that your datasets are protected, your models are trained and deployed securely, and your access controls are rigorously managed. Specifically, this means safeguarding data against issues like data poisoning attacks, protecting models from adversarial AI techniques, and managing access through robust IAM policies.

By understanding these four pillars—data, models, access, and applications—you can align your AI security strategy with AWS’s best practices for building responsible AI, making sure your AI stays strong and secure in today’s fast-changing threat landscape.

GenAI Security Best Practices Cheat Sheet

This cheat sheet provides a practical overview of the 7 best practices you can adopt to start fortifying your organization’s GenAI security posture.

Download PDF

What are key AWS AI security risks?

As we’ve seen, securing AI workloads on AWS comes with a unique set of challenges. It makes sense, considering the intricate interplay of data, models, access, and applications一which are your security responsibility on the AWS cloud. Let’s break down the key AI security risks you need to consider:

Data risks: When you feed your AI systems, remember that not all data is safe data. As the foundation of AI, data needs security controls that counteract:
Data poisoning: Malicious actors introduce corrupted or misleading data into training sets, which can skew model performance and lead to unreliable outcomes.
Insufficient encryption: Sensitive information may be exposed if data is not encrypted properly during storage or transit.
Data privacy violations: Lack of data protection measures expose critical user information, violating privacy regulations and putting your systems at risk.
Model risks: Your models are the heart of your AI solution, and they need protection against direct manipulation such as:
Adversarial AI attacks: Subtle manipulations are designed to confuse or deceive machine learning models, ultimately leading to erroneous predictions.
Model theft: Attackers replicate your proprietary model architecture and weights, undermining your competitive edge.
Model drift: A gradual deviation of a model’s performance over time due to changing data patterns results in degraded accuracy if you don’t combat this risk through continuous monitoring and updates.
Access risks: Secure access is critical for protecting your AI environment. Key access risks include:
Weak IAM policies: Overly broad access permissions allow for unauthorized users to interact with your AI systems.
Privilege escalation: Attackers can gain elevated permissions to access or modify sensitive resources.
Insecure API access: Vulnerabilities in APIs provide entry points for exploitation by unauthorized users.
Application risks: Your AI applications require constant oversight to prevent vulnerabilities such as:
Misconfigured pipelines: Misconfigurations can inadvertently expose your models or data to unintended parties.
Model misuse: Either intentional or accidental, this can lead to inappropriate application or even manipulation of AI outputs.
Third-party dependency risks: External services or libraries may introduce their own security vulnerabilities.

Best practices for securing AI workloads on AWS

While your AI risk management practice should generally apply to a variety of solutions, it can make a difference to tailor controls to specific infrastructure, so we recommend applying AWS-specific security controls for your AWS AI workloads.

Let’s break down some key AWS security best practices that can both mitigate risks and streamline your operations:

Data security best practices

Protect data throughout its lifecycle to ensure data privacy and integrity are never compromised:

Use Amazon Macie to automatically discover, classify, and protect sensitive data—especially structured data containing personally identifiable information (PII). Note that Macie is optimized for structured PII in Amazon S3, so it’s important to pair it with other tools or techniques for unstructured or non-PII data.
Configure your AI pipelines to automatically redact PII in your datasets with SageMaker Data Wrangler.
Ensure that all data is encrypted on AWS, both at rest and in transit, using AWS KMS for centralized key management, S3 encryption, and SSL/TLS protocols.

Model security best practices

Safeguard your AI models from both external and internal threats to ensure your AI applications function as expected at their core:

Use SageMaker Notebook Instances to experiment with and employ techniques like adversarial training that improve model resistance to AI attacks.
Detect model bias and explainability issues with SageMaker Clarify.
Continuously track model performance and detect issues like performance drift or potential attacks with SageMaker Model Monitor.

Access security best practices

When it comes to securing access to your AI workloads, it’s all about keeping things tight and controlled throughout the lifecycle—at training, data processing, or inference times. To prevent unauthorized actions or privilege escalation:

Apply AWS’s IAM security best practices across all roles, with a special focus on enforcing the principle of least privilege with all IAM roles and enabling MFA for administrative access to AI resources.
Deploy your AI models securely by following Amazon SageMaker endpoint security best practices.

Application security best practices

Maintain a vigilant watch over your AI applications in order to catch vulnerabilities, anomalies, and evolving threats early on:

Monitor the performance and health of AI models and applications in real time with Amazon CloudWatch.
Define AWS Config rules to ensure AI resources are configured according to security best practices.
Review the SLAs and T&Cs for all AWS models and underlying third-party providers一e.g., if using Amazon Bedrock to deploy DeepSeek, make sure to also review DeepSeek’s T&Cs.

In the end, building a multi-layered defense is key. By integrating these recommended AI security measures in your AWS security framework, you can empower your team to innovate confidently with AI every day.

AWS AI security with Wiz AI-SPM

Wiz AI-SPM is a specialized offering within the Wiz CNAPP suite designed to provide continuous visibility and proactive defense for your AI services in the cloud.

Figure 4: The centralized AI Security dashboard offered as part of the Wiz CNAPP solution

In today’s fast-paced environment, where AI security risks are always evolving, Wiz AI-SPM offers a unified solution that keeps your cloud-hosted AI systems secure. Let’s explore three core functionalities of Wiz AI-SPM:

Wiz AI-SPM delivers AI inventory management for full-stack visibility so that you always know exactly what AI assets you have running.
It gives you end-to-end visibility into AI pipelines including the models, data, application, and the infrastructure they run on.
With its robust attack path analysis capabilities, Wiz AI-SPM conducts comprehensive scans for data,AI model, and AI services security. This includes identifying potential AI-specific misuses—such as improperly exposed model endpoints, publicly accessible training datasets, or IAM misconfigurations that could allow lateral movement from low-privilege roles to critical AI services like SageMaker or Bedrock or to sensitive training data. It also offers threat detection for AI pipelines to detect misus, flagging risky behaviors such as an AI model invoked from previously unseen countries..
Wiz AI-SPM can triage AI security risks with built-in AI configuration rules and risk prioritization一meaning you can quickly identify which issues need immediate attention and take action before they escalate.

And to make it easier than ever to incorporate advanced security controls into your existing workflows, Wiz is continuously expanding its third-party integrations and offers direct support for AWS services一including SageMaker and Bedrock for integrated AWS AI security.

Beyond AI defense, Wiz AI-SPM also leverages AI itself for advanced security operations (SecOps) with AWS:

The Amazon Q Developer plugin allows you to access Wiz-powered security insights directly from the AWS console, streamlining the monitoring process.
Automated detection and remediation for risks in data, models, IAM, and supply chain一including vulnerabilities identified via Amazon Bedrock一helps you stay one step ahead of potential threats.

The bottom line? Wiz AI-SPM’s seamless integration with AWS not only enhances your AI security but also simplifies compliance and operational efficiency. It’s built to evolve with your infrastructure, offering continuous protection as your cloud environment scales.

Accelerate AI Innovation

Securely Learn why CISOs at the fastest growing companies choose Wiz to secure their organization's AI infrastructure.

Get a demo

What’s next?

With AI adoption skyrocketing, it’s time to assess your current AI security posture and determine where improvements can be made. By implementing AWS best practices and following the guidance outlined in this article, you can defend against evolving AI risks and stay ahead of threats.

Ready to explore Wiz AI-SPM to discover an advanced, integrated solution that directly connects with AWS and other AI platforms? Visit the Wiz for AI webpage, or if you prefer a live demo, we would love to connect with you.