AWS Security Hub CSPM adds AI Security Best Practices standard
AWS Security Hub CSPM has launched a new AI Security Best Practices standard, featuring 31 automated controls to assess AI resource security. This standard helps continuously evaluate Amazon Bedrock and SageMaker workloads against security best practices, detecting misconfigurations without manual effort. It covers critical domains like network isolation and encryption, with controls spanning various AI infrastructure components and is available in all Security Hub CSPM regions.
- →New AI Security Best Practices standard in Security Hub CSPM
- →Comprehensive coverage across AI infrastructure
- →Availability and access to the new standard
Features (1) ›
- New AI Security Best Practices standard in Security Hub CSPM
AWS Security Hub CSPM introduces a new standard with 31 automated controls to identify misconfigurations in AI resources, including Amazon Bedrock and Amazon SageMaker workloads. Developed by AWS security experts, it aims to continuously evaluate AI deployments against security best practices.
Enhancements (1) ›
- Comprehensive coverage across AI infrastructure
The controls address critical security domains such as network isolation, encryption, KMS key usage, and authorization, spanning AI infrastructure components like Bedrock AgentCore runtimes, memory stores, SageMaker notebook instances, endpoints, and models.
Notes (1) ›
- Availability and access to the new standard
The AI Security Best Practices standard is available in all AWS Regions where Security Hub CSPM is offered, including AWS GovCloud (US) and China Regions. Users can explore the standard using the identifier 'standards/ai-security-best-practices/v/1.0.0' and benefit from a 30-day free trial.
https://aws.amazon.com/about-aws/whats-new/2026/06/aws-security-hub-cspm-ai-security/