AWS unveils AI agents for DevOps and security, balancing autonomy with human oversight

AWS hypes continuous agentic DevOps, puts Kiro in your pocket

Trust is the biggest barrier to AI adoption, says AI chief, claiming that new features in Bedrock AgentCore will prevent bad outcomes AWS today introduced new and enhanced agents aimed at DevOps and code security at its New York Summit, including previews of Continuum for identifying and fixing application vulnerabilities, and an iOS mobile app for its Kiro coding tool. Matt Wood, chief AI and technology officer, said in a press briefing that the company sees AI tools operating continuously in the background, rather than being used on demand. AWS Continuum, now in closed preview, is a set of agents that "continually provide security continuity using artificial intelligence, building on penetration testing and code review," he said. Sounds expensive? According to Wood, the cost of using AI tools is falling despite the rising price of tokens. "While the cost of a token at the frontier continues to go up, if you normalize for a particular point of intelligence, the cost continues to decrease year by year," he claimed. AWS Continuum currently includes two products. Continuum for code vulnerabilities performs vulnerability scans of an AWS environment and is claimed to prioritize findings that are actually reachable in a production path, with exploits demonstrated in a sandbox. The tool will also generate suggested fixes such as network changes or patches for the code. The existing AWS Security Agent will be renamed "Continuum pen testing" and "Continuum code scanning". The AWS DevOps agent, first previewed at the company's re:Invent conference in late 2025, is billed as an AI tool that can resolve and prevent application outages and optimize application reliability and performance. It was made generally available in March. DevOps Agent is gaining release management capabilities, now in preview, which assess code readiness and run software in an AWS-managed isolated environment to verify the builds. The new feature follows other enhancements to DevOps Agent introduced earlier this month. DevOps Agent has always had support for calling tools via Model Context Protocol (MCP) but now exposes its own MCP endpoint, enabling other tools to call the Agent API. There is also support for the Agent2Agent (A2A) protocol, introduced by Google last year to assist agent collaboration. These new endpoints are in addition to the standard AWS REST API. DevOps Agent is designed to use other observability tools as input, including AWS CloudWatch, Datadog, Dynatrace, New Relic, and Splunk, as well as code from repositories such as GitHub and GitLab. It can also connect to Microsoft Azure and Azure DevOps. AWS Transform, an AI service for migrating and modernizing workloads and application code, gets a new preview feature called continuous modernization. AWS suggests it as a tool to cover both the day-to-day work of upgrading and patching libraries, and larger projects such as moving to a more recent framework or runtime for Java or .NET applications. Kiro is an IDE and service for specification-driven AI coding. Kiro can be extended with "powers," wrappers for one or more MCP servers available from GitHub. Powers exist for AWS services such as DevOps Agent and Lambda, as well as for third-party services such as Datadog and Dynatrace. Now in closed preview, the Kiro mobile app for iOS can launch and manage remote sessions. There are three modes of interaction: chat, spec for continuing a specification workflow, and autonomy for delegating tasks. The app shows the live state from cloud sessions, and renders code diffs as cards that the company says are legible on a small screen. According to AWS, it is a true native app, not a wrapper for a web application. In addition to DevOps tools, the company also previewed AWS Context, a service for mapping company data into a knowledge graph for agentic search. It is similar to search in the existing Amazon Quick service, except that Context is designed to be organizational rather than personal. Context publishes its metadata into Amazon S3 tables in Apache Iceberg format. According to AWS, all queries are identity-aware to prevent users from accessing data they are not authorized to see. Amazon Quick will use the same underlying technology as Context. Quick is also getting the ability to create autonomous agents via voice prompts, or to choose from a library of pre-configured agents. Hundreds of connectors add integration with third-party services such as Gmail, Slack, and Microsoft Teams and SharePoint. Finally, Amazon Bedrock AgentCore, a platform for custom agents, adds a managed knowledge base, web search, and the ability for agents to spend money on paid content such as financial market feeds. Companies going all-in on agentic AI will find it costly. Services like Quick are subscription-based, and others like DevOps Agent are based on per-second usage, currently the same for incident response, evaluations (incident prevention), and on-demand tasks such as chat. Pricing is somewhat opaque because the time an agent will take for a task is unknown. There are also additional charges for AWS services an agent consumes, such as CloudWatch queries. Another issue is reliability. In its post on AgentCore, AWS acknowledges that "the most dangerous agent failures aren't the ones that throw errors. They're the ones that look fine on dashboards: an agent that confirms an order modification it never executed, one that fabricates product availability when an API times out, another that skips an approval step while dashboards show a 99 percent success rate." AWS claims new AgentCore features address this with "failure, intent, and trajectory insights across hundreds of sessions." AgentCore also has policy capabilities that define what an agent can and cannot do, and Bedrock Guardrails, which run at a gateway layer outside the agent and evaluate actions for prompt injection, harmful content, and data exposure. "Trust is the single biggest barrier to adoption for artificial intelligence systems inside most organizations," said Wood. He said that AWS is trying to build agents that "exhibit and communicate trusted outcomes to their users," using Bedrock AgentCore policy and guardrails to make AI agents safer and more reliable. ®

Amazon unveils new AI agents, trying to thread the needle between autonomy and human control

Amazon Web Services is announcing a new set of AI agents for businesses, developers, and individual users, capable of everything from fixing security vulnerabilities to triaging email. The agents, unveiled at the AWS Summit in New York, reflect an attempt to maximize autonomy while ultimately keeping humans in control of how much the AI does on its own. It's part of a broader effort by Amazon and others to make AI more powerful without letting it run amok. A new security agent, dubbed AWS Continuum, starts in a supervised "learn mode" and earns the right to act alone only as customers grant it permission, category by category. The Amazon Quick AI assistant will now let users build their own background agents in plain language to handle tasks like following up on stalled business deals or flagging regulatory changes. Amazon gave Quick a redesigned activity feed that triages email, messages, and calendar items into one prioritized view; new links to services including Adobe, Figma, Snowflake, and WhatsApp; and the ability to tap multiple connected services to answer a single question. On the developer side, AWS is also pushing its coding agents to take on more of the grunt work, checking and testing new code before it ships and cleaning up old code, while leaving the final decision to merge or deploy in the hands of humans. A new iPhone app for Kiro, the company's AI coding assistant, will let developers start and monitor that work from their phones. Deepak Singh, the AWS VP who leads the Kiro team, said the overarching idea is to take the background work AI has piled onto people -- reviewing code, triaging security findings, keeping software current -- and let agents handle it with minimal human intervention. The faster AI writes code and surfaces problems, he said, the more there is for humans to review, test, and maintain: "Those are all good problems to have, but they are real problems." AWS also expanded AgentCore, its platform for building agents, and introduced AWS Context, a service that organizes a company's data so agents can reason over it. Announcing the new Continuum security agent, AWS cited the rise of powerful AI models -- most notably Anthropic's Claude Mythos -- that can now find software flaws and chain them into serious attacks faster than any human team can respond. Amazon made headlines for raising concerns about those same models, reportedly warning Trump administration officials about security risks in Anthropic's most advanced AI, before a government order forced the lab to take its two newest models offline. Continuum is starting with code vulnerabilities, and AWS says it will expand to other aspects of security in the future. It works through issues the way a human team would, if given the time: triaging the findings, testing whether a vulnerability is exploitable, and then proposing a fix, with an estimate of what else the change might break. In categories where the customer has granted the agent autonomy, Continuum can apply the fix itself, feeding the change into an existing deployment pipeline. Neha Rungta, AWS director of applied science, said in an interview that this kind of speed is necessary given the acceleration of the threats. AI can now chain minor flaws together, she said, combining two medium-severity findings and a low one into something critical. "That was something that would have taken a lot of effort, expertise, and determination for an attacker to get through -- so the floor has been lowered," said Rungta, who led the work on Continuum. "The goal is to raise that floor up again."

AWS says AI agents can work on their own. It's also building tools to keep them in line

Amazon Web Services has an even more ambitious version of that vision in store. At AWS Summit on Wednesday, the company unveiled new agentic AI capabilities for its platform, aimed at everyday enterprise operations. The centerpiece is a set of updates to Amazon Quick, its workplace AI assistant for nondevelopers, that lets users create autonomous agents by describing them in plain language and deploying them in seconds with no code. Tell it to monitor overnight regulatory filings, compare them against company policies, and deliver an impact assessment by morning. AWS says the agent works continuously in the cloud and grows more effective over time, learning from interactions. But the rest of the Summit announcements tell a stranger, more revealing story. The same company selling effortless autonomy is also shipping an arsenal of tools whose entire purpose is to watch those agents, second-guess them, and undo their work. AWS unveiled a release-management capability for its DevOps Agent that vets AI-generated code for production readiness because, as the company frames it, coding agents now write at extraordinary speed while human review still crawls. It also introduced a tool named Zero Debt, built on the premise that the faster code is generated, the faster technical debt compounds -- meaning cleanup must become continuous and autonomous, too. A new security capability begins every remediation in "learn mode" and graduates to autonomous enforcement only as confidence grows.