At Bedrock Data, we believe that securing the future of AI starts with putting data at the center of every workflow. Our newly GA (Generally Available) MCP Server, powered by our Metadata Lake, enables enterprises with agentic AI systems to self-govern and increase the efficiency of critical activities such as security operations with context-rich, real-time decision-making. Today, we’re excited to share, as part of Bedrock’s growing strategic partnership ecosystem, our integration with Panther, one of the leading detection and response platforms built for scale.

This isn’t just another plug-in. It’s a native, MCP-powered partnership that transforms how security teams prioritize and respond to incidents, by infusing every alert with deep data context such as:

• Was sensitive data exposed? (eg., what should be the alert prioritization during triage, given data exposure context)
• What data was accessed? (e.g., PII, PHI, source code, customer secrets)
• Where is it stored? (e.g., p S3, RDS, Snowflake, etc)
• Who touched it? (e.g., identity risk, role, session metadata, MFA status)
• How sensitive is it? (e.g, mapped to DORA, GDPR, HIPAA, etc)

Why Bedrock + Panther

Security teams are drowning in alerts, but not all alerts matter equally because context matters for precision response. Panther excels at identifying suspicious signals at cloud scale. Bedrock complements this by evaluating the actual data risk behind each signal. Through the MCP Server, we combine our strengths to enrich each Panther alert with Bedrock’s metadata intelligence so that analysts can act faster with more precision.

Key Capabilities

This integration offers far more than webhook-based enrichment.

Within Panther’s systems, users can benefit through:

• Data-Aware Alert Correlation: Alerts from Panther are enriched with Bedrock’s real-time context: data sensitivity, entitlements, usage patterns, identity risk, and regulatory mappings (GDPR, HIPAA, DORA, etc.).
• Improved Signal-to-Noise: False positives are dramatically reduced as alerts are prioritized based on true data impact (eg. did the identity access regulated customer data or just internal test assets?).

Through the Bedrock system, users can perform:

• Faster Root Cause Analysis: Bedrock maps alert metadata to data access history, who accessed what, when, where, and how, enabling clear, auditable, and justifiable decisions. This is made easy through Bedrock’s built-in APIs and Copilot - ensure users do not have to be tool experts.
• Build out a DBOM (Data Bill of Materials):This helps create transparency on what information was used for critical decisions and can supplement future investigations or learning for analysts.

And by combining both Bedrock and Panther MCP servers, users can:

• Run AI-Driven Investigations in Context: By integrating both the Bedrock and Panther MCP servers to tools like Claude and Rewind, analysts can ask: “Did this alert involve PII?” “Has this user touched regulated PHI this week?” “Is this storage bucket hosting customer source code?”

All without ever leaving their AI interface, reducing the technical expertise required for Level 1 and 2 SOC analysts and investigators.

Real-World Use Cases

Here are examples of how security teams are seeing practical benefits:

• Issue – RDS Without KMS: Panther detects an unencrypted database. Bedrock identifies it contains production PII → Prioritized and escalated as a critical issue. If it was not a production datastore and without sensitive data, it would not need a higher priority.
• Issue – IAM User Without MFA: Panther flags an identity misconfiguration and a user does not have MFA enabled for a credential. Bedrock shows the user accessed HR (sensitive) records last week → Escalated as a real data exposure. While MFA should be required as a best practice for all credentials and users if it is not implemented, then prioritization can be implemented until least privilege programs can be implemented.
• Issue – Suspicious privilege escalation: Panther flags an unexpected change in access rights. Bedrock adds visibility into what data the account accessed after the change, including whether any of it was sensitive. What used to be a vague alert (noise) becomes a focused, actionable priority based on real data exposure.

The Bottom Line

This isn’t just about a technical integration between two products—it’s about redefining how incident response should work in the age of agentic AI. Together, Bedrock and Panther bring a new level of data-aware intelligence to the SOC, enabling faster, smarter, and safer decisions — every time.

Next Steps

Contact us to learn more about our Panther MCP integration.