Sold by: Kriv AI
Kriv AI deploys and tunes Amazon Bedrock Guardrails for regulated-industry Customers (healthcare / life sciences / financial services). Scope: industry-specific denied-topics taxonomies, custom PHI / PII blocklists, content filters, word filters, sensitive-information filters via Amazon Comprehend Medical + Amazon Macie, contextual grounding checks, fairness filters (disparate-impact detection + protected-class proxy scanning), jailbreak / prompt-injection defenses aligned to OWASP Top 10 for LLM Applications (2024/2025), A/B testing vs baseline with precision / recall / F1 / FPR tracked, evidence mapping to SOC 2 Type II Common Criteria + HIPAA §164.308/312/316 + NIST AI RMF. Integrates with Bedrock Agents, Claude Agent SDK, and MCP servers. Three tiers: $35K / $65K / $95K + $15K Extra Denied-Topic Suite. AWS Select + Databricks + Anthropic CPN (April 9, 2026).
Overview
Bedrock Guardrails out-of-box is not tuned for PHI / PII / NPI. Healthcare, life sciences, and financial services need industry-specific denied-topics taxonomies, custom PHI / PII blocklists, fairness filters, and jailbreak / prompt-injection defenses before production launch. Until now, no fixed-fee regulated-industry Bedrock Guardrails implementation SKU has existed on AWS Marketplace.
Amazon Bedrock Guardrails is the policy-enforcement layer around Claude-powered agents operating on PHI, PII, NPI (GLBA), cardholder data (PCI DSS), and protected-class attributes. Guardrails ships with generic denied topics, content filters, PII redaction, word filters, and contextual grounding, but none are tuned for regulated-industry contexts. Healthcare needs medical-misinformation filters, self-diagnosis guardrails, unprescribed-medication denial, PHI-disclosure-prompt detection. Life sciences needs unapproved-indication filters, GxP deviation denial, adverse-event handling, controlled-substance advice blocks. Financial services needs unlicensed-investment-advice filters, fair-lending / disparate-impact detection, OFAC / PEP sanctions-adjacency, market-manipulation / insider-trading denial. All three need jailbreak + prompt-injection + indirect-PI defenses (OWASP Top 10 for LLM 2024/2025) tuned against adversarial corpora, not generic thresholds.
Existing AWS Marketplace listings don't close this gap. EnviroWay Advisory is generalist; AIM Consulting is assessment-only; DevIQ HIPAA Bedrock Review is architecture review; TCS 5A Framework is methodology; Data Reply / Altimetrik / CrowdStrike AI Red Team are offensive testing, not defensive deployment. Off-Marketplace consulting (Slalom, Caylent, Rackspace, Deloitte) $75K–$250K custom-priced. Content-safety SaaS (Lakera Guard, Protect AI, Arthur AI) are $50K–$300K/yr subscriptions.
Bedrock Guardrails configured + tuned. Denied topics, Healthcare (medical misinformation, self-diagnosis, unprescribed-medication, PHI-disclosure prompts); Life sciences (unapproved indications, GxP deviations, adverse-event mishandling, controlled-substance advice); FS (unlicensed investment advice, fair-lending violations, OFAC/PEP, market manipulation, insider trading). Content filters tuned per industry. PII redaction (built-in + custom regex for SSN, MRN, policy/account numbers, credit cards). Word filters (clinical terminology, controlled vocabulary). Contextual grounding (RAG + relevance thresholds calibrated against test corpus). Sensitive-info filters (Comprehend Medical PHI entities; Macie PII at rest). Custom fairness filters (disparate-impact + proxy scanning). Jailbreak + PI defenses (input validation, output sanitization, indirect-PI scanning, tool-poisoning for MCP-wired agents). A/B testing harness (precision / recall / F1 / FPR). Red-team corpus (Enterprise), OWASP Top 10 for LLM.
Reference architecture. Guardrails per-agent around Bedrock Agents, Claude Agent SDK, MCP servers. Comprehend Medical for PHI; Macie for PII at rest. CloudTrail + Bedrock Model Invocation Logging capture every trigger + override. CloudWatch + QuickSight dashboards.
Week-by-week. W1 Scoping + baseline. W2 Denied topics + PII redaction (5/15/30 topics per tier). W3 Content filters + Comprehend Medical + Macie + contextual grounding + integration, Foundation closes. W4 Standard, jailbreak + PI tuning; fairness; A/B testing (45-day warranty). W5 Enterprise, custom PHI/PII blocklists; full fairness; red-team; SOC 2 + HIPAA + NIST AI RMF evidence (60-day hypercare).
Three tiers. Foundation $35K (3 wk; 1 industry; 5 denied-topics; 1 agent; 30-day warranty) for mid-sized regulated with single customer-facing agent. Standard $65K (4 wk; 2 industries; 15 denied-topics; jailbreak + PI tuning; fairness; A/B testing; SOC 2 evidence; 45-day warranty) for multi-agent / multi-industry. Enterprise $95K (5 wk; all 3 industries; 30 denied-topics; custom PHI/PII blocklists, ICD-10, drug names, sanctions lists, fair-lending proxies; full fairness; OWASP Top 10 red-team; full SOC 2 + HIPAA + NIST AI RMF evidence; 60-day hypercare) for large regulated, G-SIB banks, top-25 payers + pharmas. Optional Extra Denied-Topic Suite $15K each.
Important disclosures. Kriv does NOT develop Customer agents, Guardrails tune surrounding controls only. Does NOT operate Guardrails post-deployment (unless Managed Service retainer). Issues no SOC 2 / HIPAA / HITRUST / ISO certifications. No legal / regulatory / compliance advice. No 100% jailbreak / PI prevention guarantee, defense-in-depth, not absolute. No Bedrock Guardrails API stability guarantee. AWS + Anthropic + Bedrock + Guardrails per-text-unit consumption separate. Red-team scoped Enterprise only. No false-positive elimination guarantee. No HHS OCR / FTC / state-regulator outcome guarantee. Anthropic CPN membership does not constitute endorsement.
Highlights
- First regulated-industry Bedrock Guardrails implementation SKU on AWS Marketplace, healthcare + life sciences + FS. Industry-specific denied-topics taxonomies: healthcare (medical misinformation, self-diagnosis, unprescribed-medication, PHI-disclosure prompts); life sciences (unapproved indications, GxP deviations, adverse-event mishandling, controlled-substance advice); FS (unlicensed investment advice, fair-lending, OFAC/PEP, market manipulation, insider trading).
- Denied-topics + custom PHI / PII blocklists (SSN, MRN, policy numbers, account numbers, credit cards, EINs) + word filters (clinical terminology, controlled vocabulary) + contextual grounding checks + sensitive-information filters via Amazon Comprehend Medical (PHI) + Amazon Macie (PII) + custom fairness filters (disparate-impact + protected-class proxy scanning) + jailbreak / prompt-injection defenses aligned to OWASP Top 10 for LLM Applications (2024/2025) + A/B testing harness.
- A/B testing vs baseline (precision / recall / F1 / FPR reported); SOC 2 Type II Common Criteria + HIPAA §164.308 / §164.312 / §164.316 + NIST AI RMF evidence mapping per tier. Three tiers: $35K Foundation (3 weeks; 1 industry; 5 denied-topics; 1 agent); $65K Standard (4 weeks; 2 industries; 15 denied-topics; jailbreak + fairness; SOC 2 mapping); $95K Enterprise (5 weeks; all 3 industries; 30 denied-topics; red-team corpus; full SOC 2 + HIPAA + NIST AI RMF evidence; 60-day hypercare).
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. First response within 2 US business days (Mon–Fri 9 am – 6 pm ET, ex-US federal holidays). Active engagements: Engagement Lead within 4 business hours weekdays. Post-incident (PHI/PII leak) or critical-red-team-finding engagements compress to same business day.
Onboarding SLA. First customer contact within 2 US business days of buyer inquiry / private-offer acceptance. Kickoff within 1–2 weeks of SOW; 3–5 business days post-incident.
Escalation. (1) Engagement Lead (named in SOW) → (2) Practice Director (info@kriv.ai ) → (3) CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Microsoft Teams channel; weekly 60-min video checkpoint; Friday written status. Customer SMEs 3–5 hrs/week (CISO, HIPAA Privacy Officer, Head of Trust & Safety, CAIO, Head of AI Platform, Head of Security Engineering).
Handoff. Word/Excel/PDF in customer secure share; denied-topics taxonomies as JSON + Word; custom regex + word filters as JSON; A/B testing results as Excel (precision / recall / F1 / FPR); SOC 2 + HIPAA + NIST AI RMF evidence mapping as Excel indexed to control IDs.
Out of scope. Does NOT develop Customer agents, Guardrails tune surrounding controls only. Does NOT operate Guardrails post-deployment (unless Managed Service retainer). Issues no SOC 2 / HIPAA / HITRUST / ISO certifications. No legal / regulatory / compliance advice. No 100% jailbreak-prevention or false-positive-elimination guarantee. No Bedrock Guardrails API stability guarantee. Red-team scoped Enterprise only.
AWS + Anthropic-side billing. AWS infrastructure + Bedrock Guardrails per-text-unit + Anthropic API + Bedrock Claude consumption separate.
Holiday coverage. Closed on US federal holidays.