17 / 1700

How Amazon Bedrock catches AI-generated phishing

TL;DR

AWS outlines a Bedrock workflow for AI-generated phishing emails: SPF, DKIM and DMARC run first, then a model checks word choice, communication style and whether the request fits the context. The system builds sender baselines: how a contact usually writes, what they normally ask for and who they communicate with. A first-ever payment change request gets treated as higher risk.

Nauti's Take

This is clearly an AWS sales piece, but the core idea is useful: phishing detection has to ask whether an email fits the relationship, not whether it looks polished. The hard part is the guardrail tradeoff.

Too loose, and the model may leak data or produce bad output. Too strict, and suspicious content gets kicked into manual review.

The real work is less the model call and more the baselines, review loop and escalation design.

Briefingshow

AI phishing removes the old warning signs: typos, awkward grammar and generic greetings. AWS moves detection toward behavior and context instead. That is the right direction, but it depends heavily on clean sender baselines and a feedback process that security teams actually maintain.

Sources