AI agents that can browse the web open powerful possibilities—from research automation to real-time data gathering. However, giving an AI agent unrestricted internet access raises security and compliance concerns. What if the agent accesses unauthorized websites? What if sensitive data is exfiltrated to external domains?
Amazon Bedrock AgentCore provides managed tools that enable AI agents to interact with the web (Browser), execute code (Code Interpreter), and host agents (Runtime). When deployed in an Amazon Virtual Private Cloud (Amazon VPC), you can control tool network access using AWS Network Firewall to implement domain-based filtering. AWS Network Firewall also provides you with managed rules to help reduce access to botnets, known-malware domains, and other high-risk resources.
In this post, we show you how to configure AWS Network Firewall to restrict AgentCore resources to an allowlist of approved internet domains. You can use this architecture…
https://aws.amazon.com/blogs/machine-learning/control-which-domains-your-ai-agents-can-access/
