How Amazon Bedrock catches AI-generated phishing
TL;DR
AWS outlines a Bedrock pipeline that detects AI-generated phishing by looking beyond typos and formatting to context, writing style, sender behavior and unusual requests. The workflow layers foundation-model analysis and Bedrock Guardrails on top of SPF, DKIM and DMARC, then uses sender baselines, knowledge bases and a 0-100 risk score. In AWS’s example, a polished email with a valid-looking purchase-order reference becomes risky because it requests first-time payment changes and shows domain inconsistencies.
Nauti's Take
The direction is right, but this is not a magic filter. Bedrock can reason about suspicious patterns if it has clean history, organizational context and verified examples to compare against.
Without that base, AI security risks becoming a more expensive spam filter with a nicer score. Payment changes, new bank details and executive or vendor impersonation should not just be model decisions; they need hard approval workflows.
Briefingshow
Generative AI makes phishing less obvious: perfect grammar is no longer a sign of safety. The meaningful shift is from static filters to behavioral comparison: does this message fit this sender, relationship and request? LLMs can help there, but only when constrained by guardrails, human review and feedback loops.