ShieldSyncLABS
LabsSecure the Bedrock assistant (prompt injection & Guardrails)
BeginnerFREE~35 minBack to plans
About this lab

A Bedrock-backed support assistant leaks restricted internal notes to a simple prompt injection. Prove the leak, then fix it — attach a Guardrail, scope the invoke role, and turn on model-invocation logging. — AWS Security Lab

The scenario

A startup shipped a Bedrock-backed customer-support assistant fast. It calls Amazon Nova Lite (amazon.nova-lite-v1:0) with a system prompt that includes some "internal notes" — never meant for customers — and simply tells the model not to repeat them. That's it. No independent control backs up that instruction.

Your job: prove the leak, then close it.

What you'll do

First you'll break it — prompt-inject the assistant into revealing the restricted notes (this step just proves the vulnerability; it isn't graded). Then you'll close three real gaps: no Guardrail, an over-broad invoke role, and no invocation logging — and verify each fix with Check my work (panel on the right).

Launch the lab (panel on the right) to spin up your own isolated AWS account — the full step-by-step walkthrough unlocks the moment it's ready.

Your step-by-step walkthrough

Hit Launch lab on the right — your own isolated AWS account spins up and the full guide opens right here, with 🖱️ Console and ⌨️ CLI for every fix.

  1. 1Meet the assistant
  2. 2Break it: prompt-inject the assistant
  3. 3Fix it: create and attach a Bedrock Guardrail
  4. 4Fix it: scope the invoke role to least privilege
  5. 5Fix it: turn on model-invocation logging
  6. 6Verify: the injection is blocked
  7. Check my work — auto-graded against your live account