-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Welcome to the Wilma Security Wiki - your guide to understanding and securing AWS Bedrock deployments.
Wilma is an AWS Bedrock security configuration checker that helps you identify and fix security vulnerabilities in your GenAI deployments. Unlike traditional cloud security tools, Wilma focuses on threats unique to Large Language Models and generative AI systems.
Traditional application security focuses on SQL injection, XSS, and authentication bypasses. GenAI introduces entirely new attack vectors:
- Prompt Injection: Attackers manipulate AI behavior through crafted inputs
- Data Poisoning: Compromising training data or RAG knowledge bases
- Model Extraction: Stealing your fine-tuned models
- Excessive Agency: AI agents performing unauthorized actions
- PII Leakage: Models memorizing and exposing sensitive data
Wilma checks for these and 40+ other GenAI-specific security issues.
- GenAI Security Fundamentals - Start here if you're new
- OWASP LLM Top 10 - The industry standard threat model
- MITRE ATLAS Framework - Advanced AI threat tactics
- Real-World Attack Examples - Learn from actual incidents
- Knowledge Bases (RAG) Security - 12 security checks explained
- Guardrails Security - Content filtering and protection
- Agents Security - Securing AI agents with tools
- Fine-Tuning Security - Protecting custom model training
- Installation Guide - Get started in 5 minutes
- Understanding Wilma Output - Interpret security findings
- Remediation Workflows - Fix vulnerabilities step-by-step
- CloudShell Guide - Running Wilma in AWS CloudShell
- CI/CD Integration - Automate security scanning
- AWS Bedrock Security Checklist
- Compliance Frameworks - SOC 2, HIPAA, GDPR
- Security Architecture Patterns
- Incident Response for GenAI
This wiki teaches why things are insecure, not just what to fix. Each security check includes:
- The Threat: What attack does this prevent?
- Real-World Impact: What happens if exploited?
- How Attackers Think: Understanding the attacker's perspective
- Defense in Depth: Why multiple layers matter
- Remediation: Concrete steps to fix the issue
Found a gap in our security coverage? Have a real-world attack example to share? Contribute to Wilma on GitHub.
Wilma is free and open source under GPL v3. Built by Ethan Troy for the GenAI security community.
Start Learning: GenAI Security Fundamentals →