AWS SRA – AI Security is Amazon’s official, end‑to‑end security architecture for protecting generative AI, LLM, RAG, and agentic AI workloads on AWS. It provides threat‑driven guidance, scoping matrices, and prescriptive controls for securely building and operating AI systems using services like Amazon Bedrock, SageMaker, and AWS-native security tooling.

Below is a clear, structured breakdown tailored for your architectural work.

What AWS SRA – AI Security Is

AWS Security Reference Architecture (SRA) – AI Security is a specialised extension of the core AWS SRA. It focuses on:

• Securing generative AI workloads

• Securing agentic AI systems

• Applying AWS-native controls across identity, data, network, and runtime

• Providing scoping matrices to determine the right level of security for each AI use case

• Offering prescriptive guidance for secure model inference and RAG implementations

It is maintained by the AWS Security Customer Outcomes Team and updated regularly (latest major update: February 2026).

Core Components of AWS SRA – AI Security

1. Generative AI Security Scoping Matrix

This matrix helps architects determine the required security controls based on:

• Use case sensitivity

• Data classification

• Model type (foundation, fine‑tuned, custom)

• Deployment pattern (managed vs self‑hosted)

It defines which AWS security disciplines must be applied for each scenario.

2. Agentic AI Security Scoping Matrix

This matrix defines:

• Levels of autonomy and agency given to an AI agent

• Required guardrails for tool use, API calls, and action execution

• Controls for preventing unsafe or unintended agent behaviour

This is AWS’s answer to the emerging risks of autonomous AI systems.

3. Foundational Security Controls for AI Workloads

The framework emphasises securing:

A. Data Pipelines

• Encryption (KMS)

• Access control (IAM, Lake Formation)

• Data integrity and provenance

B. Model Access & Inference

• VPC‑only access to Bedrock

• IAM‑scoped model invocation

• Prompt injection detection

• Logging and monitoring (CloudTrail, CloudWatch)

C. RAG Architectures

AWS provides prescriptive patterns for securing:

• Vector stores

• Embedding pipelines

• Retrieval layers

• Knowledge base integrity

AWS has also released code examples for secure RAG and model inference, including CloudFormation templates.

4. Integration with Amazon Bedrock

The SRA explains how to securely integrate traditional cloud workloads with Amazon Bedrock, including:

• Network segmentation

• Identity boundaries

• Encryption

• Monitoring and anomaly detection

This ensures AI workloads inherit AWS’s cloud‑native security posture.

Intended Audience

AWS states the SRA – AI Security is designed for:

• Security architects

• Cloud architects

• Developers integrating generative AI

• Organisations adopting Bedrock, SageMaker, or custom LLMs