Improve AI security on AWS with IBM Guardium AI Security

Organizations implementing AI initiatives require effective security and governance mechanisms to manage their growing AI workloads. To address these requirements, IBM Guardium AI Security is now available as a Software-as-a-Service (SaaS) offering on AWS Marketplace.

IBM Guardium AI Security provides visibility and protection for AI workloads running on AWS. It helps customers maintain an inventory of AI assets, establish governance policies, and implement security controls for AI systems. This integrated approach enables teams to collaborate with shared metrics and unified processes.

In this blog, you’ll learn how IBM Guardium AI Security works on AWS, its key features, integration capabilities with AWS services, and how to subscribe to the service through AWS Marketplace.

What is IBM Guardium AI Security?

IBM Guardium AI Security is designed to help you manage the security of your AI assets, including AI agents, on AWS. The service brings together security and governance capabilities with unified metrics to help your teams work effectively.

When you use IBM Guardium AI Security, you can protect your AI ecosystem across both custom and commercial models running on AWS. The AI Gateway scans and filters prompts sent to your applications and monitors the outputs your AI models generate. You set specific policies for actions such as detecting code injection attempts, PII exposure, and data leakage risks.

IBM Guardium AI Security integrates with IBM watsonx.governance, helping customers keep their AI agents and other generative AI systems secure and responsible at scale. This allows organizations to quickly identify unauthorized AI usage (shadow AI), implement security controls for AI models, and protect their systems from malicious prompts in real-time as shown in Figure 1.

Figure 1. AI Risk dashboard showing key security metrics, identified threats, and actionable insights.

IBM Guardium AI Security first creates an inventory of your AI assets as shown in Figure 2. It then identifies risks and misconfigurations in your AI models, agents, and datasets, with remediation guidance for each issue. The service includes compliance workflows designed for AI regulations and frameworks, streamlining your audit processes. Through integration with watsonx.governance, you can implement governance controls alongside your security measures.

Figure 2. Resources in AI Inventory shows the assets across your AWS environment.

Key Features of IBM Guardium AI Security

• Discover AI assets: Gain visibility into AI systems across your environment, including unauthorized AI usage (shadow AI), generative AI applications, and AI agents. IBM Guardium AI Security provides continuous monitoring for AI models in your cloud environment, code repositories, and embedded AI implementations.
• Detect security vulnerabilities: Identify security issues and misconfigurations in your AI systems using automated security assessments. Map findings to industry frameworks such as OWASP Top 10 for Large Language Models (LLMs) and NIST AI Risk Management Framework (RMF) to guide your remediation efforts.
• Protect against prompt attacks: Monitor and filter prompts sent to your AI applications using customizable security policies. These controls help protect your AI systems from manipulation attempts and unauthorized data access.
• Support compliance requirements: Implement controls that address safety, transparency, and privacy regulations for AI systems. This capability helps you maintain compliance with evolving AI regulatory requirements.

IBM and AWS Integrations

IBM Guardium AI Security integrates with your AWS environment to help secure your AI workloads. The integration process takes minutes to complete, after which the discovery engine identifies AI-related assets in your AWS account for security assessment.

IBM Guardium AI Security integrates with AWS services in two main categories:

• Discovery integration: IBM Guardium AI Security connects with AWS services commonly used for building AI systems, including Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Relational Database Service (Amazon RDS), AWS Secrets Manager and AWS Lambda. This integration helps you maintain visibility across your AI infrastructure components.
• AI services security: For AWS AI services like Amazon SageMaker AI, Amazon Bedrock, Amazon Q, Amazon Comprehend and Amazon Transcribe, IBM Guardium AI Security provides deeper analysis capabilities. This includes AI Security Posture Management, which identifies potential security issues in your AI workloads running on these services.

When you connect IBM Guardium AI Security to these AWS services, you gain unified security monitoring across your AI implementation, from infrastructure components to specialized AI services.

IBM Guardium AI Security use cases

IBM Guardium AI Security provides security capabilities designed for AI workloads on AWS. The following use cases demonstrate how this service implements security and governance controls throughout your AI systems’ lifecycle:

• Discover AI assets and implement safe usage controls: Identify AI models in use across your cloud environment and detect misconfigurations that might expose your AI deployments to common attack vectors such as prompt injection. Map these issues to security frameworks including the OWASP Top 10 for LLMs, NIST AI Risk Management Framework, and MITRE guidelines.
• Maintain AI compliance: Receive recommendations to address issues and help meet requirements for global data privacy and emerging AI regulations. These controls help you adapt as regulatory requirements evolve.
• Manage model usage risk and govern AI lifecycle: Monitor your AI models for fairness, accuracy, and drift through integration with watsonx.governance. Manage and monitor AI assets consistently across AWS services, IBM offerings, and third-party providers.
• Secure AI models: Monitor approved models and identify security issues that affect your overall AI security posture as shown in Figure 3. Run AI security testing (Red teaming) against your models using behavioral policies to identify vulnerabilities before they can be exploited.

Figure 3. Security posture management highlighting vulnerabilities with risk scoring and compliance mapping

Benefits of procuring IBM Guardium AI Security from AWS Marketplace

IBM Guardium AI Security on AWS Marketplace (Figure 4) provides you with a consolidated billing process through your AWS account. This helps procurement and IT teams manage software purchases more effectively and reduces administrative steps when adding new software to your environment.

Figure 4. IBM Guardium AI Security AWS Marketplace listing, showing product details, subscription options, and pricing information.

Conclusion and Next Steps

IBM Guardium AI Security helps you implement comprehensive security controls for your AI systems on AWS. With this service, you can identify AI models, agents, and related assets across your organization. You can then create and apply policies to manage which AI systems your teams can use.

The service monitors for AI security vulnerabilities and misconfigurations, presenting prioritized issues through its dashboard interface. You can implement guardrails to filter both inputs to your AI models and their outputs. The user interface includes views for both security monitoring and compliance requirements.

Subscribing to IBM Guardium AI Security from AWS Marketplace

1. Visit the IBM Guardium AI Security AWS Marketplace listing to review features and pricing.
2. Select a subscription plan that meets your requirements.
3. Complete the purchase process through your AWS account.
4. Access the IBM Guardium AI Security service using the instructions provided after purchase.

For more information about IBM Guardium AI Security, visit the IBM Guardium AI Security product page. To see the product in action, you can book a live demonstration.