Deploying AI agents with web access introduces significant security risks, primarily around unauthorized data exfiltration or navigation to malicious sites via prompt injection. Amazon Bedrock AgentCore now provides a structured way to manage these risks by routing agent traffic through an Amazon Virtual Private Cloud (VPC) and AWS Network Firewall. This setup allows developers to implement strict domain-based filtering, ensuring that an agent can only communicate with pre-approved web addresses.

The solution relies on TLS Server Name Indication (SNI) inspection to identify the destination domain before the connection is fully established. By configuring a "default-deny" policy, organizations can block all traffic except for specific entries in an allowlist, such as documentation sites or internal APIs. This is particularly crucial for regulated industries—like finance or healthcare—where audit logs and network isolation are mandatory requirements for any production-grade AI deployment.

Beyond basic filtering, the architecture supports managed rules to automatically block high-risk resources like botnets or malware domains. For more granular control, developers can also integrate DNS-level filtering using Amazon Route 53 Resolver DNS Firewall. This multi-layered approach ensures that even if an agent is "tricked" by a malicious prompt, the underlying infrastructure remains a hard barrier against unauthorized internet access.

Deploying AI agents with web access introduces significant security risks, primarily around unauthorized data exfiltration or navigation to malicious sites via prompt injection. Amazon Bedrock AgentCore now provides a structured way to manage these risks by routing agent traffic through an Amazon Virtual Private Cloud (VPC) and AWS Network Firewall. This setup allows developers to implement strict domain-based filtering, ensuring that an agent can only communicate with pre-approved web addresses.

The solution relies on TLS Server Name Indication (SNI) inspection to identify the destination domain before the connection is fully established. By configuring a "default-deny" policy, organizations can block all traffic except for specific entries in an allowlist, such as documentation sites or internal APIs. This is particularly crucial for regulated industries—like finance or healthcare—where audit logs and network isolation are mandatory requirements for any production-grade AI deployment.

Beyond basic filtering, the architecture supports managed rules to automatically block high-risk resources like botnets or malware domains. For more granular control, developers can also integrate DNS-level filtering using Amazon Route 53 Resolver DNS Firewall. This multi-layered approach ensures that even if an agent is "tricked" by a malicious prompt, the underlying infrastructure remains a hard barrier against unauthorized internet access.