The Standard
The 841 Dimensions Regulatory Mapping Version History Assurance Framework
Compliance
Compliance Leaderboard Platform Comparison
Verification
Submit for Verification Self-Assessment Tool
About
About AgentGoverning Press & Media
Contact
Contact
Home/ Compliance Leaderboard/ Amazon Bedrock Agents
← Back to Compliance Leaderboard
ESTIMATED SCORE — NOT VERIFIED
This assessment is based solely on publicly available documentation, marketing materials, and product announcements. Amazon Bedrock Agents has not submitted to AgentGoverning for independent adversarial verification. This score is an estimate only and may not reflect actual platform capabilities. Amazon Bedrock Agents is invited to submit for formal assessment at framework@agentgoverning.com. Estimated scores carry no certification status.
How This Score Is Calculated

This estimated score is calculated using a 0–3 scoring scale across 50 sample dimensions from the full AGS v2.2 standard:
0 = Structurally absent from platform architecture
1 = Partially evidenced in public documentation
2 = Fully evidenced in public documentation
3 = Verified by independent adversarial testing (requires submission)

Score = (sum of points awarded) ÷ (50 × 3) × 100

Based solely on publicly available documentation as of April 2026.

22 / 100 ESTIMATED

Amazon Bedrock Agents

22% estimated AGS compliance
Assessment: April 2026 · AGS v2.2 · Estimated (not independently verified)
17 Evidenced 19 Not Documented 14 Structurally Absent Estimated
Executive Summary
Amazon Bedrock Agents achieves a 22% estimated AGS v2.2 compliance score. The platform leverages AWS's robust infrastructure to provide strong operational boundary enforcement, namespace isolation, and record integrity verification. IAM-based access controls and CloudTrail integration deliver solid foundational governance capabilities. However, no multi-party authorisation workflows are evidenced in public documentation, cross-jurisdiction compliance mapping, and model provenance tracking. Advanced governance groups covering emergence monitoring, collective intelligence governance, and physical impact assessment remain structurally absent.
A: Mandate
36%
B: Integrity
32%
C: Identity
28%
D: Accountability
28%
E: Compliance
24%
F: Adversarial
4%
G: Boundary
4%
H: Alignment
8%
I: Emergence
0%
J: Infrastructure
8%
Key Strengths
AG-01
Operational Boundary Enforcement
Bedrock Agents enforce operational boundaries through action groups, API schemas, and IAM resource policies that restrict agent capabilities to defined scopes.
Score: 2 / 3
AG-15
Namespace Isolation
AWS account boundaries, VPC configurations, and resource-level IAM policies provide strong namespace isolation between agent deployments.
Score: 2 / 3
AG-06
Record Integrity Verification
CloudTrail integration provides tamper-evident logging of all agent API calls with cryptographic log file validation.
Score: 2 / 3
The following gap analysis is based on publicly available documentation only. These are estimated structural gaps, not verified findings. Amazon Bedrock Agents may have implemented controls not visible in public documentation.
Critical Gaps
AG-42
Collective Intelligence Governance
No multi-agent swarm governance. No mechanisms to govern emergent behaviour from groups of coordinating agents are evidenced in public documentation.
Score: 0 / 3 — Structurally Absent
AG-44
Long-Horizon Attack Detection
No temporal attack detection capabilities. Identification of adversarial strategies executed incrementally over extended time periods is not evidenced in public documentation.
Score: 0 / 3 — Structurally Absent
AG-50
Physical Impact Governance
No physical world governance framework. Assessment or control of potential physical-world consequences of agent actions is not evidenced in public documentation.
Score: 0 / 3 — Structurally Absent
Recommendations
  1. Add multi-party authorisation (AG-17) for Bedrock agent workflows, enabling approval chains for high-impact agent actions.
  2. Implement cross-jurisdiction compliance mapping (AG-47) for multi-region deployments, ensuring agents respect jurisdictional data and operational boundaries.
  3. Build model provenance tracking (AG-48) for foundation model integrity, creating an auditable chain from model selection through deployment.
  4. Develop purpose-bound operation enforcement (AG-20) to ensure agents operate strictly within their declared purpose scope.
  5. Submit for independent AGS verification to replace estimated scores with certified compliance ratings.
Full Dimension Assessment
DimensionNameCategoryScore
A — Mandate & Action Governance (AG-01 – AG-05)
AG-01Operational Boundary EnforcementEvidenced2
AG-02Cross-Domain Activity GovernanceNot Documented0
AG-03Adversarial Coordination DetectionNot Documented0
AG-04Mandate Scope ControlEvidenced1
AG-05Action Authorisation VerificationEvidenced1
B — Integrity & Configuration Governance (AG-06 – AG-10)
AG-06Record Integrity VerificationEvidenced2
AG-07Governance Configuration ControlEvidenced1
AG-08Deployment Integrity VerificationEvidenced1
AG-09Delegated Authority GovernanceNot Documented0
AG-10Configuration Drift DetectionNot Documented0
C — Identity & Access Governance (AG-11 – AG-15)
AG-11Agent Identity VerificationNot Documented0
AG-12Credential Lifecycle ManagementEvidenced1
AG-13Privilege Escalation PreventionEvidenced1
AG-14Inter-Agent AuthenticationNot Documented0
AG-15Namespace IsolationEvidenced2
D — Accountability & Oversight (AG-16 – AG-20)
AG-16Decision Audit TrailEvidenced1
AG-17Multi-Party AuthorisationNot Documented0
AG-18Outcome AttributionEvidenced1
AG-19Human Oversight ArchitectureEvidenced1
AG-20Purpose-Bound OperationNot Documented0
E — Compliance & Agent Governance (AG-21 – AG-25)
AG-21Regulatory Compliance VerificationEvidenced1
AG-22Behavioural Consistency VerificationEvidenced1
AG-23Resource Consumption GovernanceEvidenced1
AG-24Output ValidationNot Documented0
AG-25Financial Transaction GovernanceStructurally Absent0
F — Adversarial Defence (AG-26 – AG-30)
AG-26Prompt Injection DefenceNot Documented0
AG-27Governance Override ResistanceNot Documented0
AG-28Collusion DetectionStructurally Absent0
AG-29Data Poisoning DefenceNot Documented0
AG-30Social Engineering ResistanceNot Documented0
G — Boundary & Scope Governance (AG-31 – AG-35)
AG-31Capability Boundary EnforcementNot Documented0
AG-32Scope Creep DetectionNot Documented0
AG-33Environmental Boundary ControlNot Documented0
AG-34Cross-System Propagation ControlStructurally Absent0
AG-35Autonomy Level GovernanceStructurally Absent0
H — Alignment & Reasoning Governance (AG-36 – AG-40)
AG-36Value Alignment VerificationNot Documented0
AG-37Reasoning TransparencyNot Documented0
AG-38Human Control ResponsivenessEvidenced1
AG-39Deception DetectionNot Documented0
AG-40Goal Stability VerificationStructurally Absent0
I — Emergence & Evolution Governance (AG-41 – AG-45)
AG-41Emergent Capability DetectionStructurally Absent0
AG-42Collective Intelligence GovernanceStructurally Absent0
AG-43Self-Modification PreventionStructurally Absent0
AG-44Long-Horizon Attack DetectionStructurally Absent0
AG-45Evolutionary Pressure MonitoringStructurally Absent0
J — Infrastructure & Operational Governance (AG-46 – AG-50)
AG-46Infrastructure Dependency MappingStructurally Absent0
AG-47Cross-Jurisdiction ComplianceStructurally Absent0
AG-48Model Provenance TrackingStructurally Absent0
AG-49Operational ContinuityEvidenced1
AG-50Physical Impact GovernanceStructurally Absent0

Sources

Sources: Amazon Bedrock AgentCore documentation, AWS re:Invent 2025 sessions, Bedrock Guardrails documentation, AgentCore Gateway GA announcement March 2026, Cedar policy language specification. Documentation reviewed April 2026.
Methodology: Scores estimated from publicly available documentation only. No proprietary or non-public information was used. Platforms are invited to submit for independent verification to receive a verified score.