At Amazon, our culture, built on an honest and transparent discussion of our growth opportunities, enables us to focus on investment and innovation to continually elevate our ability to deliver significant value to our customers. Earlier this month, we had the opportunity to share an example of this process at work in Mantle, our next-generation engine for Amazon Bedrock. As the direction of productive AI and optimization workloads continues to evolve, we need to transform the way we work to guide our customers in an improved way, leading to the evolution of Mantle.
As we set out to rethink the design of our next-generation engine, we made raising the bar on safety a priority. AWS shares our customers' unwavering focus on security and data privacy. This has been a cornerstone of our business from the beginning, and has been a major focus since the early days of Amazon Bedrock. We've understood early on that artificial intelligence presents an unprecedented opportunity for customers to leverage the hidden value of their data, but with that opportunity comes the need to ensure the highest standards of security, privacy, and compliance as our customers build artificial intelligence systems that process their sensitive data and interact with their mission-critical systems.
As a foundation, Amazon Bedrock is built with the same operational security standards you see throughout AWS. AWS has always used a least privilege model in practice, where each AWS operator has access to only a small set of systems needed to perform their assigned task, limited to the time when that privilege is needed. Any access to systems that store or process customer data or metadata is logged, anomalies noted, and audited. AWS guards against any actions that might disable or override these controls. Additionally, at Amazon Bedrock your data is never used to train models. Model providers have no way to access customer data, because the rollback is only done within an account managed by Amazon Bedrock that model providers do not have access to. This strong security posture has been a key enabler for our customers to unlock the power of productive AI applications for their sensitive data.
With Mantle, we raised the bar a lot. Following the AWS Nitro Program approach, we designed Mantle from the ground up to be zero operator access (ZOA), where we intentionally left out any technical means for AWS operators to access customer data. Instead, systems and services are managed using automation and secure APIs that protect customer data. With Mantle, there is no way for any AWS operator to log into the underlying computer systems or access any customer data, such as views or completions. Functional communication tools such as Secure Shell (SSH), AWS Systems Manager Session Manager, and serial consoles are not included anywhere in Mantle. Additionally, all inference software updates need to be signed and verified before they are put into service, ensuring that only approved code runs on Mantle.
Mantle uses the recently released EC2 instance-proven capability to configure a robust, scalable, and scalable computing environment for processing customer data. The services in Mantle are responsible for managing the model weights and performing directional tasks in the client's knowledge which are also supported by high authentication of privately signed proof-of-concepts from the Nitro Trusted Platform Module (NitroTPM).
When a client calls a Mantle endpoint (for example, bedrock-mantle.[regions].api.aws) like those that provide the Answers API on Amazon Bedrock, customer data (notification) leaves the customer's environment via TLS, and is encrypted all the way to the Mantle service, which works with ZOA. In all flows and Mantle, no operator, whether from AWS, the customer, or the model provider can access the customer's data.
I'm looking forward
Mantle's ZOA design exemplifies AWS's long-term commitment to the security and privacy of our customers' data. It is this focus that has enabled teams across AWS to invest in improving security standards. At the same time, we have made the core private computing capabilities we use internally at Amazon, such as NitroTPM Attestation, available to all customers to use on Amazon Elastic Compute Cloud (Amazon EC2).
We don't stop here; we are committed to continuing to invest in improving the security of your data and providing you with more transparency and certainty about how we achieve this.
About the authors
Anthony Liguori he is AWS VP and Principal Engineer for Amazon Bedrock, and lead engineer for Mantle.
