Skip to content

Amazon Bedrock

Attach Kaizen to an Amazon Bedrock agent in one line. The wrapper forces enableTrace, streams the agent's run, and inspects every action it takes (an action-group invocation, a knowledge-base lookup, or a return-of-control call) along with the reasoning behind it.

Install

pip install kaizen-security

Attach

import boto3
from kaizen_security import Kaizen
from kaizen_security.integrations.bedrock import KaizenBedrockAgent

kz = Kaizen(api_key="kz_live_...", agent="support-bot")
kz.declare(tools=["lookup_order"], destinations=["api.internal"])

runtime = boto3.client("bedrock-agent-runtime", region_name="us-east-1")
agent = KaizenBedrockAgent(runtime, kz)

result = agent.invoke_agent(
    agentId=AGENT_ID,
    agentAliasId=ALIAS_ID,
    sessionId="session-1",
    inputText="What is the status of order A-1043?",
)

print(result.text)                 # the agent's answer
for action, verdict in result.verdicts:
    print(action.tool, verdict.decision, verdict.reason)

Every action the Bedrock agent takes flows to the isolated Observer, which learns the agent's behavior and flags deviations. Observe-only by default; pass enforce=True to raise on a blocked action.

What gets inspected

  • Action-group invocations (actionGroupInvocationInput): the tool the agent calls and its arguments.
  • Knowledge-base lookups (knowledgeBaseLookupInput): the retrieval, an injection surface.
  • Return-of-control calls handed back to your app.
  • The reasoning trace is captured alongside each action.

Going deeper: the in-tenant Sandbox

The cooperative attach above reads the agent's own account of what it did. The deepest mode, the Kaizen Sandbox, runs in a microVM in your AWS account and also watches the real egress of the action-group Lambdas, so it catches an agent that reports one thing and does another, deciding with Claude on Bedrock through IAM, with only the verdict leaving your account.