Dfusion launches a high-stakes AI marketing campaign for Amazon

Opportunity Where communication meets the cloud

Founded in Warsaw and operating at the crossroads of PR, digital and content marketing, Dfusion is anything but a conventional communications agency. Over more than a decade, the agency has built a reputation for combining editorial instincts with technical ambition — running campaigns that sit as comfortably in a boardroom conversation as on a social feed. Its client list spans some of the most demanding brands in Europe: Adyen, Cisco Systems, Microsoft, Samsung, UBER. A public-facing misstep on this stage is simply not a reality any of its customers would be willing to accept. Dfusion's model depends on getting that right, every time.

When Amazon approached Dfusion to run its holiday sales campaign, the scope reflected that trust: a generative AI-powered experience that would offer personalised product recommendations and holiday greetings, served directly to hundreds of thousands of shoppers at one of the most competitive moments in the retail calendar.

Dfusion had already built the necessary chat application and established the core business logic, utilising Amazon Bedrock as their foundation, but actually running a large-scale, consumer-facing AI experience is a very different challenge from building one.

With over 500,000 interactions expected over the course of the campaign and Amazon's brand reputation in the mix, Dfusion needed someone to take a strict look at the experience they had developed — evaluating both its configuration and its outputs against the full spectrum of security and quality requirements that a deployment of this kind demands.

This is where the agency turned to the AI security experts at Chaos Gears to bring those much-needed extra competencies into the project.

Dfusion brought genuine openness to that process. From the first technical conversations, it was clear that the team understood what they had built and were willing to examine it thoroughly. That collaborative spirit, treating the engagement as a knowledge-building exercise rather than an external audit, made it possible to move quickly without cutting corners.

Solution AI security as a first-class concern

From the outset, we strive to fully understand each project in great detail before suggesting, let alone implementing, any infrastructural or architectural change. Most of the guidelines we follow are well-established best practices — such as those underpinning the AWS Well-Architected reviews we typically perform — but where standard software systems and their behaviour are well understood, the emergent properties of AI systems operating within a broader environment require special consideration.

Some potential issues with AI-based deployments carry relatively limited impact when the system is used internally within a company. Consumer-facing LLM deployments, however, carry a specific category of risk — prompt injection, content policy failures, budget overruns from unbounded usage, reputational exposure from unexpected model outputs — that generic cloud assessments are not designed to catch. Our mission within this cutting-edge frontier was, as such, clearly defined.

Establishing a secure foundation

We began with a comprehensive audit of Dfusion's AWS environment. Every IAM role, and permission boundary — especially those in use within the project’s Amazon Bedrock configuration — was examined against the principle of least privilege. Overly broad access rights were identified and replaced with narrowly scoped, role specific policies.

With no agentic capabilities intended for this deployment, the risk of privilege escalation might seem academic — but limiting access and preventing escalation is fundamental to any defence-in-depth strategy. Should other security layers fail in a deployment where the AI is reachable by the general public, an overly permissive access layer becomes a direct path from the internet to the account's most sensitive resources.

Choosing and validating the right model

Not all foundation models perform equally across all tasks. We benchmarked several models available through Amazon Bedrock, primarily against three criteria most relevant to this campaign: factual accuracy, appropriateness and quality of outputs (in a brand-safe holiday context), and response latency under realistic traffic conditions.

The evaluation gave Dfusion an evidence-based rationale for their model selection — and a clear baseline against which to measure future changes. Once the selection had been made, we configured Amazon Bedrock inference profiles with consistent resource tagging for the selected model, enabling precise cost attribution from the moment the system went live.

Protecting the model's outputs and inputs

The most technically nuanced element of the project was making the AI itself safe. A holiday gift recommendation assistant talking directly to Amazon shoppers must never produce misleading product claims, confuse pricing, encourage unsafe behaviour, or be manipulated into doing any of the above through a crafted prompt. In other words, the system needed to withstand both accidental misuse and deliberate adversarial probing — both of which are well-documented failure modes of production LLM deployments.

To address this, we implemented Amazon Bedrock Guardrails with multi-layered coverage: input sanitisation and validation to detect and reject injection-style or policy-violating prompts before they reached the model (i.e. examining the structure and content of every incoming request against defined policies, and blocking those that fell outside acceptable parameters); output filtering to prevent incorrect, misleading content from being returned to users; and content moderation tuned to the specific requirements of a consumer retail context.

Alongside Guardrails’ configuration, we performed prompt engineering to improve baseline output quality, reducing the likelihood of edge-case failures that technical controls alone cannot fully anticipate. Together, these controls ensured that the AI behaved not just safely in the security sense, but responsibly in the reputational one — a distinction that matters greatly when the system is speaking, in effect, on behalf of Amazon.

Modelling usage, managing cost

A campaign expecting half a million interactions needs cost governance built in — not bolted on as an afterthought. Based on projected usage patterns, we modelled expected Amazon Bedrock consumption and configured AWS service quotas accordingly, proactively requesting limit increases where existing thresholds posed a risk to availability.

Alongside this, we set up AWS Budgets alerts to notify the Dfusion team before spend reached defined thresholds. Availability failures in a live consumer campaign are not recoverable in real time: the damage to user experience and brand perception happens the moment the service degrades.

While prevention is always the primary goal, production systems must also be observable. We configured AWS CloudWatch dashboards and traffic alerts to give the Dfusion team real-time visibility into system behaviour throughout the campaign, customer ensuring that any anomaly could be caught and addressed quickly.

With the architecture fully configured, we ran comprehensive load tests using Locust, simulating peak traffic against the full system stack. The objective was straightforward: confirm, before launch, that the architecture would hold. It did.

Outcome The campaign ran. Nothing else did.

For Dfusion, the tangible gains were fourfold. Our partner now had confirmation — backed by audit findings and stress test results — that their AWS environment was correctly configured and their permissions correctly scoped. They had cost governance that meant no budget surprises, regardless of how traffic spiked. They had a validated, load-tested architecture that would not fail under the pressure of peak campaign traffic. And they had content safeguards that protected both end users and the Amazon brand from the documented failure modes of consumer-facing LLMs.

The holiday campaign for Amazon.pl launched on schedule and ran without incident. Across its full duration, the generative AI system served hundreds of thousands of consumer interactions with no security breaches, no unexpected cost spikes and no content complaints.

That outcome is not accidental. It is the result of treating AI security as a first-class engineering concern — not a checkbox to tick before go-live, but a discipline applied at every layer of the stack. The familiarity with AI security principles that Dfusion's team carried out of the project was as much an outcome as the hardened architecture itself.

For an agency whose stock-in-trade is its clients' reputations, that is the only acceptable outcome — and the one we were here to deliver.