Your Team Is Using AI. But Is It Secure?
We wrote recently about the shadow AI problem -- employees pasting client data into free ChatGPT and Claude accounts that use their inputs for model training. The response from clients was overwhelming: "Okay, we get it. Free tools are risky. But what is the secure alternative?"
The answer for a growing number of businesses is AWS Bedrock. Not because it is the only option, but because it solves the specific problem that keeps CISOs and compliance officers up at night: how do you give your team access to the best AI models without your data leaving your controlled environment?
This is the practical guide to what Bedrock actually is, what it costs, when it makes sense, and when it does not.
The question is no longer whether your team should use AI. It is whether they are using it in a way that protects your data, your clients, and your compliance posture.
What AWS Bedrock Actually Is
Amazon Bedrock is a fully managed service that gives you access to foundation models from multiple AI providers through a single API. Instead of signing up for separate accounts with Anthropic, OpenAI, Meta, and Mistral, you access all of their models through your existing AWS infrastructure.
The models available include Claude (Anthropic), Llama (Meta), Mistral, Amazon Titan, and others. Same models, same capabilities -- but running inside AWS's security perimeter rather than through consumer-facing APIs.
Think of it as the difference between letting your employees use their personal Gmail for work versus deploying Google Workspace with admin controls, audit logs, and data retention policies. The underlying technology is similar. The governance is completely different.
Why Security Is the Headline Feature
Bedrock's primary value proposition for businesses is not access to AI models -- you can get that from the providers directly. The value is in how it handles your data.
Your Data Never Leaves AWS
When you use Claude through Bedrock, your data stays within AWS's secure environment. It is not sent to Anthropic. It is not used for model training. It is not stored or logged by the model provider. Your prompts and responses live within your AWS account, subject to your existing security policies, encryption settings, and access controls.
This is fundamentally different from using the free or even paid tiers of consumer AI products. When an employee uses ChatGPT Plus, their data goes to OpenAI's servers. When they use Claude through Bedrock, it stays in your VPC. For businesses handling client data, financial records, or protected health information, this distinction is everything.
Enterprise-Grade Compliance
Bedrock is in scope for major compliance frameworks including SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP High, and CSA STAR Level 2. If your business operates in a regulated industry -- healthcare, finance, legal, government -- Bedrock inherits the compliance certifications that your AWS environment already has.
This matters because building compliance controls around a direct API integration is expensive. One analysis estimated that regulated-industry clients spend $28,000 or more in engineering time to security-harden a direct API setup. Bedrock gives you audit-ready AI access from day one.
VPC-Scoped Access
Through AWS PrivateLink, Bedrock inference calls never touch the public internet. If your CISO has a "no external API calls" policy -- common in financial services, healthcare, and government -- Bedrock is your path to AI adoption without violating that policy.
Bedrock Guardrails: AI Safety Built In
Beyond data security, Bedrock includes a feature called Guardrails that lets you set boundaries on what AI can and cannot do in your environment.
- Content filtering -- Block harmful content across text and images, including hate speech, violence, and inappropriate material. AWS reports Guardrails block up to 88 percent of harmful content.
- PII detection and redaction -- Automatically detect and redact personally identifiable information in inputs and outputs. You can configure which PII types to catch -- Social Security numbers, credit card numbers, medical record numbers -- or define custom patterns.
- Hallucination detection -- Automated Reasoning checks identify correct model responses with up to 99 percent accuracy, helping prevent factual errors from reaching your users or clients.
- Topic restrictions -- Define topics that the AI should refuse to engage with entirely. If your customer-facing chatbot should never discuss competitor products or make legal claims, you can enforce that at the platform level.
These are not nice-to-haves. For any business deploying AI in client-facing or compliance-sensitive contexts, Guardrails turn AI from a liability into a controlled tool.
What It Costs
Bedrock uses pay-per-use pricing based on input and output tokens. You are not paying for the platform -- you are paying for the AI processing you actually use. The pricing varies by model:
- Claude 3.5 Sonnet -- $0.003 per 1,000 input tokens, $0.015 per 1,000 output tokens
- Llama 3 70B -- $0.00099 per 1,000 input tokens, $0.00099 per 1,000 output tokens
- Amazon Nova Pro -- $0.0008 per 1,000 input tokens, $0.0032 per 1,000 output tokens
- Amazon Titan Express -- $0.0002 per 1,000 input tokens (most affordable option)
For context: a typical business query -- a paragraph of input producing a paragraph of output -- costs fractions of a cent. A company processing 1,000 customer support queries per day through Claude on Bedrock would spend roughly $50-100 per month on AI inference. That is less than most individual SaaS subscriptions.
For high-volume workloads, Bedrock offers Provisioned Throughput with 1-month or 6-month commitments, and batch inference at 50 percent lower pricing than on-demand rates.
Bedrock vs. Direct API Access: When to Use Which
If you are already using Claude or ChatGPT through their direct APIs, the natural question is: should you switch to Bedrock? The answer depends on your priorities.
Choose Bedrock When
- You handle regulated data (HIPAA, FINRA, SOC 2 requirements)
- Your security policy prohibits external API calls
- You need audit trails and access controls out of the box
- You already run infrastructure on AWS
- You want to use multiple AI providers through one integration
- You need Guardrails for content filtering and PII redaction
Choose Direct API When
- You need the newest models immediately (Bedrock availability lags by weeks or months)
- Latency matters -- direct APIs are roughly 3-4 seconds faster per request
- You are a small team with simple security needs
- You want the simplest possible integration (direct API setup takes minutes, Bedrock takes longer due to IAM and VPC configuration)
Use Both
This is actually what we recommend to most clients. Use the direct Claude API for internal development work where speed and latest features matter. Use Bedrock for production deployments, client-facing applications, and any workflow that touches sensitive data. The models are identical -- the difference is the security wrapper.
Real-World Use Cases
Here is how businesses are actually using Bedrock:
Customer service automation. Deploy a chatbot powered by Claude that handles product inquiries, processes returns, and tracks orders -- with Guardrails ensuring it never shares sensitive account details or makes unauthorized promises.
Document processing in regulated industries. Healthcare organizations use Bedrock to process clinical documentation, extract key information from patient records, and generate summaries -- all within a HIPAA-eligible environment. Law firms process contracts with the same AI capabilities they would get from a direct Claude account, but with the data privacy controls that attorney-client privilege demands.
Content generation at scale. E-commerce companies generate thousands of product descriptions using Bedrock's batch inference at half the on-demand cost, with PII redaction ensuring no customer data leaks into generated content.
Financial analysis. Robinhood scaled from 500 million to 5 billion tokens daily on Bedrock in six months, cutting AI costs by 80 percent and development time in half.
How to Get Started
If you already have an AWS account, getting started with Bedrock is straightforward:
- Enable Bedrock in your AWS console and request access to the models you want to use.
- Set up IAM permissions to control which team members and applications can access AI models.
- Configure Guardrails with your content filtering, PII redaction, and topic restriction policies.
- Start with a single use case -- pick the workflow where AI will have the highest impact and build from there.
- Monitor usage and costs through CloudWatch and AWS Cost Explorer.
If you do not have AWS infrastructure, or if the IAM and VPC configuration feels overwhelming, that is exactly the kind of setup we handle for clients. Our 30-day onboarding process includes configuring the right AI infrastructure for your security requirements, whether that means Bedrock, direct API access, or a hybrid approach.
The Bottom Line
AWS Bedrock is not the only way to use AI securely, and it is not the right choice for every business. But for companies that handle sensitive data, operate in regulated industries, or simply want enterprise-grade controls around their AI usage, it solves the hardest problem in AI adoption: giving your team powerful tools without giving away your data.
The days of choosing between "use AI and accept the risk" or "ban AI and fall behind" are over. Bedrock is one of several paths that let you have both -- if you set it up right.
The question is no longer "should we use AI?" It is "are we using AI in a way we can defend to our clients, our regulators, and our board?"