The Partnership: Shared Responsibility for AI
Who is responsible for what? Master the boundary between AWS and the Customer in the complex world of AI/ML security.
Defining the Boundary
In the cloud, security is a Team Sport. You can't just throw your data into an AWS bucket and "hope" AWS keeps it safe. Conversely, you don't have to worry about the physical security of the server hardware—AWS handles that.
The Shared Responsibility Model defines where AWS's job ends and your job begins. For the AWS AI Practitioner exam, this boundary moves depending on whether you are using a Managed Service (Bedrock) or a Custom Model (SageMaker).
1. The Core Split: "Of" vs. "In"
- AWS is Responsible for Safety OF the Cloud: (The physical servers, the electricity, the cooling, the global network, and the underlying AI service code).
- The Customer is Responsible for Safety IN the Cloud: (The data you upload, the prompt you write, the IAM roles you assign, and the application you build).
2. Shared Responsibility for AI/ML Services
The boundary shifts based on the "Layer" of abstraction:
A. Managed AI Services (e.g., Bedrock, Rekognition)
- AWS Manages: The model training data (for base models), the model code, the scaling of the API.
- You Manage: Your input data (Prompts), your output filters (Guardrails), and who has access to the API.
B. Custom ML Services (e.g., SageMaker on EC2)
- AWS Manages: The underlying infrastructure and the SageMaker software.
- You Manage: The Training Data, the Algorithm choice, the Deployment configuration, and the Security patches inside your notebook instances.
3. The Shared Responsibility Matrix
| Item | AWS Responsibility | Customer Responsibility |
|---|---|---|
| Physical Data Center | YES | NO |
| Encryption Keys (KMS) | The tool to create them | Managing & Rotating them |
| Data Classification | NO | YES (Identifying PII/Secret) |
| Model Weights (Custom) | NO | YES (Selecting the training) |
| IAM Access Control | The engine | YES (Writing the policies) |
4. Visualizing the Boundary
graph TD
subgraph CUSTOMER_Responsibility_IN_the_Cloud
A[Customer Data / Prompts]
B[Identity & Access Management - IAM]
C[Encryption & Data Integrity]
D[Model Evaluation / Testing]
end
subgraph AWS_Responsibility_OF_the_Cloud
E[Compute / Storage / Database Architecture]
F[Global Infrastructure / Regions]
G[Foundation Model Hosting Hardware]
H[Underlying Service Code]
end
A & B & C & D --- |The Interface| E & F & G & H
5. Summary: Don't Blame the Maker
If you use Amazon Bedrock but you don't turn on Guardrails, and your AI gives a harmful answer, that is YOUR responsibility, not AWS's. If the Bedrock service goes down because of a power outage in Virginia, that is AWS's responsibility.
Exercise: Identify the Responsible Party
A data scientist launches a SageMaker Notebook Instance to clean a patient dataset. The data scientist forgets to add a "Password" or "IAM Role" to the notebook, and a random hacker finds it and steals the data. Who is responsible for this breach according to the Shared Responsibility Model?
- A. AWS (The "OF the cloud" provider).
- B. The Customer (The "IN the cloud" user).
- C. Amazon.com (The parent company).
- D. NVIDIA (The chip manufacturer).
The Answer is B! The customer chose the security settings for their specific notebook instance. AWS provided the "Fence" (VPC/IAM), but the customer left the gate wide open.
Knowledge Check
?Knowledge Check
In the AWS Shared Responsibility Model for Managed AI services (like Amazon Bedrock), who is responsible for the 'Security OF the Cloud' (the foundation models and underlying infrastructure)?
What's Next?
We know who is responsible. But what are we guarding against? In our final security lesson, we look at the "Dark Arts." Find out in Lesson 4: Protecting against adversarial attacks.