AWS Amazon Bedrock: Empowering Generative AI with AIShield GuArdIan

Amazon Web Services (AWS) has introduced Amazon Bedrock, a fully managed service designed to assist organizations in developing new generative AI applications. This service provides access to foundation models (FMs) from leading AI companies through a single application programming interface (API). Integrated with AWS offerings, AIShield GuArdIan monitors data flow to and from Large-Language Models (LLMs), ensuring compliance with established policies. With features like dynamic policy mapping and jailbreak protection, GuArdIan offers a robust defense against potential AI risks. Its practical applications are demonstrated in scenarios such as safeguarding a software company's chatbot and enforcing role-based access in healthcare settings.

Generative AI, which mimics human decision-making, is ushering in a new technological era. This advancement encourages businesses and policymakers to leverage its vast potential across various industries, including consumer services, energy, finance, government, healthcare, technology, media, and telecommunications. By the end of 2023, nearly 70% of organizations prioritized the adoption of GPT/LLMs/Generative AI. However, this rapid adoption has not been without challenges. Gartner's survey highlights generative AI as a significant emerging risk, with concerns about IP infringement, data breaches, and other vulnerabilities. A notable 79% of senior IT leaders express concerns about these security threats, emphasizing the need for ethical, transparent, and accountable use of these technologies.

This article explores how generative AI and LLMs can enhance organizational capabilities, from software development to improving customer engagement and driving internal efficiency. By utilizing AWS cloud services, businesses can access powerful computational tools essential for scalable generative AI applications. We will also address the inherent risks of Generative AI and LLMs and introduce solutions like AIShield GuArdIan, supported by Amazon Bedrock, which ensures responsible application, empowering firms to harness the full potential of this groundbreaking technology with confidence.

Applications of Generative AI

Generative AI offers compelling applications across various functions:

1. Advising: Generative AI serves as an invaluable assistant, enhancing worker efficiency by providing personalized insights. These models navigate complex customer interactions to determine intent and refine responses. Examples include:

• Virtual public servants enhancing citizen engagement in public services
• Gen AI-powered financial assistants for financial services clients
• Personalized patient interactions as a physician’s message manager in healthcare
• Customer support or virtual shopping assistants

2. Creating: Generative AI accelerates creativity in copy creation and real-time personalization. In marketing, it acts as a content assistant, streamlining and tailoring content generation. In the government sector, it automates the RFP and SoW writing process by generating initial drafts based on templates, historical documents, or specific prompts provided by procurement officials.

3. Automating: Generative AI introduces a new era of efficiency, particularly in business process automation. Its ability to summarize and predict is already being leveraged by firms. For instance:

• In finance, it facilitates post-trade email processes, minimizing manual interventions and optimizing client interactions.
• In the legal sphere, it assists legislative teams in swiftly transcribing and condensing hearings, official documents, and announcements.

4. Coding: Generative AI aids in code development, supporting software developers in writing and maintaining code. Amazon CodeWhisperer, an AI assistant utilizing generative AI, enhances developer productivity by providing real-time code suggestions from developers' natural language comments within their Integrated Development Environment (IDE). It accurately detects code issues and offers intelligent remedies.

5. Protecting: Generative AI strengthens defenses against fraud and ensures stringent compliance. Its capabilities range from website classification to malware interpretation in cybersecurity. However, vigilance is necessary to prevent misuse, such as generating malicious codes or designing intricate phishing tactics.

The value of generative AI use cases can be realized across six dimensions: cost reduction, process efficiency, growth, innovation, discovery and insights, and government citizen services.

Addressing Risks in Generative AI

AWS supports generative AI with tools and platforms designed for seamless integration. Amazon Bedrock provides API access to foundation models from Amazon, AI21 Labs, Anthropic, and Stability AI, catering to both text and image data. Concurrently, Amazon SageMaker JumpStart offers a hub with pre-configured foundation models, algorithms, and ML solutions deployable via UI or SDK. As enterprises scale generative AI deployments, Amazon EC2 Inf2 instances powered by AWS Inferentia2 efficiently manage inference for models with parameter counts reaching hundreds of billions.

Generative AI models can help consumers, streamline organizational processes, and free up time for employees to take on higher-value tasks. However, risks to privacy, cybersecurity, regulatory compliance, third-party relationships, legal obligations, and intellectual property have emerged with the adoption of generative AI. The top risks associated with enterprise use of LLMs, according to OWASP, include Intellectual Property (IP) Infringement, data privacy breaches, plagiarism, toxicity, and an increased attack surface. To fully benefit from this groundbreaking technology, enterprises must manage the wide array of risks it poses.

AIShield GuArdIan: A Solution for Risk Management

AIShield GuArdIan provides guardrails based on organizational policies, rules, and ethical guidelines to leverage Generative AI usage while managing its associated risks. It acts as a robust ‘middleware’ between users and the Target LLM, analyzing inputs and outputs from the LLM.

The solution's internal architecture is designed for ease of use, configurability, and scalability. Independent blocks inspect input and output separately, allowing for different policy settings for user prompts and LLM responses.

AIShield GuArdIan seamlessly deploys on-premises, residing within an enterprise's VPC in a dedicated private subnet, leveraging advanced architecture within the AWS ecosystem. Its primary function is to meticulously oversee both inbound data streams and resulting outputs, rigorously ensuring strict adherence to predefined policies. When incoming data aligns with these guidelines, GuArdIan interfaces directly with the Amazon Bedrock service, providing access to a comprehensive suite of Large-Language Models (LLMs). Importantly, GuArdIan's vigilance extends beyond this initial interaction. It continuously scrutinizes LLM outputs, actively searching for any policy deviations. When discrepancies are detected, GuArdIan initiates immediate intervention.

Real-World Applications of AIShield GuArdIan

A leading software company sought to deploy a generative AI and LLM-driven internal chatbot, utilizing its extensive internal document database to assist global employees in tasks like coding, data analysis, and support. Aware of inherent risks, the firm's cybersecurity team, supported by IT/Data Security and legal units, aimed for a robust risk mitigation strategy. They turned to AIShield, leveraging GuArdIan's features for a risk assessment.

The AIShield team conducted an initial assessment of information leak and copyright infringement risks related to the selected LLM model, identified, and enabled the mitigation step from GuArdIan’s feature matrix, and ultimately deployed and evaluated GuArdIan’s performance with the selected chatbot. AIShield GuArdIan was easily deployed with Amazon Bedrock, demonstrating a significant enhancement in warding off jailbreak attack attempts compared to standard LLM content filters. This translated to substantial risk reduction of IP and copyright infringement leaks, increasing the security and efficiency of the company's internal productivity chatbot and enabling its widespread use among employees to enhance their productivity and efficiency.

A prominent hospital implemented a generative AI-powered chatbot to boost staff productivity while ensuring data privacy. The challenge was managing different access levels for doctors and auditors. With AIShield’s GuArdIan, role-specific data access was established - doctors accessed specialized or curated surgical lists and medical recommendations, while auditors, administrators, and compliance officers accessed broader data.

AIShield GuArdIan's Python-SDK ensured seamless chatbot integration while enhancing application security. It was able to ingest domain- and organization-specific policies. Using the 3x3 framework, policies were mapped effortlessly for enforcing role-based control. GuArdIan’s dynamic enforcement and textual violation support further fortified the system. The result was a precise balance of accessibility and privacy in the chatbot, enabling a more secure generative AI application.

Features of AIShield GuArdIan

GuArdIan addresses three main areas of risk: input/output management by filtering data, ensuring data protection and privacy with a need-to-know basis approach, and enhancing cybersecurity to guard against malicious behavior. AIShield GuArdIan provides a set of practical features supporting the usage of trustworthy and responsible Generative AI at the enterprise level, including:

• Policy enforcement: The solution offers predefined policies for content moderation (protection against harmful content, gender and racial bias, not-safe-for-work filtering), privacy protection (detection and blocking PII leaks), and security (jailbreak protection). You can easily activate these policies or create custom ones.
• Domain and organization-specific controls: Alongside generic policies, you can set specific rules for different sectors. For customized deployments, the solution is also capable of ingesting organizational policy documents for specialized controls. It uses transfer learning to adapt to different domains, making it capable of addressing industry-specific requirements, such as healthcare, finance, and software development.
• Dynamic policy mapping: Inspired by Identity-Access Management (IAM) Systems, AIShield.GuArdIan controls LLM Usage policies based on User-Role. Dynamic mapping enforces contextual policies for users' roles, queries, and responses. Upon user query, relevant policy control is retrieved for moderation.
• Easy integration: Its readymade Python-SDK facilitates effortless application integration with diverse LLMs and deployments such as Amazon Bedrock and other third-party services. Dynamic policy enforcement adapts to each user input, providing horizontal implementation of security measures.
• Jailbreak Protection: AIShield.GuArdIan employs algorithms to prevent unauthorized manipulation or jailbreaking of the AI system. It detects and thwarts jailbreak attempts with an effectiveness boost of almost 400% over unprotected systems, preserving system integrity against malicious exploitation.
• Reasoning and observability: The system provides clear alerts and detailed explanations for query decisions. GuArdIan’s logging functionality is useful for compliance audits.
• Real-time monitoring: This functionality empowers organizations to track compliance, identify potential threats, and take immediate action to mitigate risks.

Conclusion

Generative AI is ushering in a new era of innovation and heightened productivity. AWS offers generative AI capabilities that empower you to revolutionize your applications, create entirely novel customer experiences, enhance productivity significantly, and drive transformative changes in your business. However, as we build and embrace this powerful tool, we must also be vigilant about the risks it presents. AIShield.GuArdIan stands sentinel, fortifying Generative AI and Large Language Models (LLMs), shielding against ethical dilemmas, misinformation, IP theft, data breaches, and vulnerabilities. With integration into Amazon Bedrock and other tools on the AWS generative AI suite of tools, it steps in as an additional layer of protection against ethical concerns, IP theft, and data breaches. As we harness the power of generative AI, this helps organizations meet their security and compliance goals.

AIShield has received notable accolades for its technology, including the CES Innovation Award 2023, IoT World Congress Award 2023: Best Cybersecurity Solution, and recognition from Gartner in its Market Guide for AI Trust, Risk and Security Management. Furthermore, highlighting its significance in the AI realm, GuArdIan was cited among the 28 pivotal tools for generative AI in the "Catalogue of Tools and Metrics for Trustworthy AI," launched by the OECD in April 2023, and subsequently discussed in the G7 Hiroshima's focus on the pressing need for safety, quality control, and trust in AI. This recognition underscores the pivotal role of AIShield GuArdIan in shaping a secure and promising future for generative AI.