Amazon Bedrock launches a new API that lets developers apply safety checks at any point in AI agent workflows without pre-creating guardrail resources, giving them finer control over when and how to block or log risky content.

What happened: Amazon announced the InvokeGuardrailChecks API for Bedrock Guardrails, which allows developers to run individual safety checks—such as content filters, prompt attack detection, and sensitive information detection—at any step of an agentic AI application without provisioning separate guardrail resources upfront. The API returns numeric scores (severity or confidence, both on a 0–1 scale with discrete values {0, 0.2, 0.4, 0.6, 0.8, 1.0}) so developers can define their own thresholds and decide whether to block, bypass, retry, or log results.

Why it matters: AI agents operate in multi-turn loops where each step carries different safety risks—for example, a customer support agent might encounter prompt injection in the initial user query, harmful model outputs in intermediate responses, and PII exposure in follow-up inputs. Previously, applying separate guardrail resources at each stage would require creating, invoking, and deleting resources repeatedly, creating operational overhead that scales poorly across dozens of agents. The new API eliminates this lifecycle burden, letting developers add or adjust safety checks on the fly within their application logic.

What to watch: The API is resourceless (no CreateGuardrail step or resource IDs to track), operates in detect-only mode (it returns findings but does not block or rewrite content), and separates prompt attack detection (jailbreak, injection, leakage) as a standalone check independent of content filters. Developers need an AWS account with Amazon Bedrock access and an IAM role with bedrock:InvokeGuardrailChecks permission to use it.