4 Sources
[1]
AWS hypes continuous agentic DevOps, puts Kiro in your pocket
Trust is the biggest barrier to AI adoption, says AI chief, claiming that new features in Bedrock AgentCore will prevent bad outcomes AWS today introduced new and enhanced agents aimed at DevOps and code security at its New York Summit, including previews of Continuum for identifying and fixing application vulnerabilities, and an iOS mobile app for its Kiro coding tool. Matt Wood, chief AI and technology officer, said in a press briefing that the company sees AI tools operating continuously in the background, rather than being used on demand. AWS Continuum, now in closed preview, is a set of agents that "continually provide security continuity using artificial intelligence, building on penetration testing and code review," he said. Sounds expensive? According to Wood, the cost of using AI tools is falling despite the rising price of tokens. "While the cost of a token at the frontier continues to go up, if you normalize for a particular point of intelligence, the cost continues to decrease year by year," he claimed. AWS Continuum currently includes two products. Continuum for code vulnerabilities performs vulnerability scans of an AWS environment and is claimed to prioritize findings that are actually reachable in a production path, with exploits demonstrated in a sandbox. The tool will also generate suggested fixes such as network changes or patches for the code. The existing AWS Security Agent will be renamed "Continuum pen testing" and "Continuum code scanning". The AWS DevOps agent, first previewed at the company's re:Invent conference in late 2025, is billed as an AI tool that can resolve and prevent application outages and optimize application reliability and performance. It was made generally available in March. DevOps Agent is gaining release management capabilities, now in preview, which assess code readiness and run software in an AWS-managed isolated environment to verify the builds. The new feature follows other enhancements to DevOps Agent introduced earlier this month. DevOps Agent has always had support for calling tools via Model Context Protocol (MCP) but now exposes its own MCP endpoint, enabling other tools to call the Agent API. There is also support for the Agent2Agent (A2A) protocol, introduced by Google last year to assist agent collaboration. These new endpoints are in addition to the standard AWS REST API. DevOps Agent is designed to use other observability tools as input, including AWS CloudWatch, Datadog, Dynatrace, New Relic, and Splunk, as well as code from repositories such as GitHub and GitLab. It can also connect to Microsoft Azure and Azure DevOps. AWS Transform, an AI service for migrating and modernizing workloads and application code, gets a new preview feature called continuous modernization. AWS suggests it as a tool to cover both the day-to-day work of upgrading and patching libraries, and larger projects such as moving to a more recent framework or runtime for Java or .NET applications. Kiro is an IDE and service for specification-driven AI coding. Kiro can be extended with "powers," wrappers for one or more MCP servers available from GitHub. Powers exist for AWS services such as DevOps Agent and Lambda, as well as for third-party services such as Datadog and Dynatrace. Now in closed preview, the Kiro mobile app for iOS can launch and manage remote sessions. There are three modes of interaction: chat, spec for continuing a specification workflow, and autonomy for delegating tasks. The app shows the live state from cloud sessions, and renders code diffs as cards that the company says are legible on a small screen. According to AWS, it is a true native app, not a wrapper for a web application. In addition to DevOps tools, the company also previewed AWS Context, a service for mapping company data into a knowledge graph for agentic search. It is similar to search in the existing Amazon Quick service, except that Context is designed to be organizational rather than personal. Context publishes its metadata into Amazon S3 tables in Apache Iceberg format. According to AWS, all queries are identity-aware to prevent users from accessing data they are not authorized to see. Amazon Quick will use the same underlying technology as Context. Quick is also getting the ability to create autonomous agents via voice prompts, or to choose from a library of pre-configured agents. Hundreds of connectors add integration with third-party services such as Gmail, Slack, and Microsoft Teams and SharePoint. Finally, Amazon Bedrock AgentCore, a platform for custom agents, adds a managed knowledge base, web search, and the ability for agents to spend money on paid content such as financial market feeds. Companies going all-in on agentic AI will find it costly. Services like Quick are subscription-based, and others like DevOps Agent are based on per-second usage, currently the same for incident response, evaluations (incident prevention), and on-demand tasks such as chat. Pricing is somewhat opaque because the time an agent will take for a task is unknown. There are also additional charges for AWS services an agent consumes, such as CloudWatch queries. Another issue is reliability. In its post on AgentCore, AWS acknowledges that "the most dangerous agent failures aren't the ones that throw errors. They're the ones that look fine on dashboards: an agent that confirms an order modification it never executed, one that fabricates product availability when an API times out, another that skips an approval step while dashboards show a 99 percent success rate." AWS claims new AgentCore features address this with "failure, intent, and trajectory insights across hundreds of sessions." AgentCore also has policy capabilities that define what an agent can and cannot do, and Bedrock Guardrails, which run at a gateway layer outside the agent and evaluate actions for prompt injection, harmful content, and data exposure. "Trust is the single biggest barrier to adoption for artificial intelligence systems inside most organizations," said Wood. He said that AWS is trying to build agents that "exhibit and communicate trusted outcomes to their users," using Bedrock AgentCore policy and guardrails to make AI agents safer and more reliable. ®
[2]
Amazon unveils new AI agents, trying to thread the needle between autonomy and human control
Amazon Web Services is announcing a new set of AI agents for businesses, developers, and individual users, capable of everything from fixing security vulnerabilities to triaging email. The agents, unveiled at the AWS Summit in New York, reflect an attempt to maximize autonomy while ultimately keeping humans in control of how much the AI does on its own. It's part of a broader effort by Amazon and others to make AI more powerful without letting it run amok. A new security agent, dubbed AWS Continuum, starts in a supervised "learn mode" and earns the right to act alone only as customers grant it permission, category by category. The Amazon Quick AI assistant will now let users build their own background agents in plain language to handle tasks like following up on stalled business deals or flagging regulatory changes. Amazon gave Quick a redesigned activity feed that triages email, messages, and calendar items into one prioritized view; new links to services including Adobe, Figma, Snowflake, and WhatsApp; and the ability to tap multiple connected services to answer a single question. On the developer side, AWS is also pushing its coding agents to take on more of the grunt work, checking and testing new code before it ships and cleaning up old code, while leaving the final decision to merge or deploy in the hands of humans. A new iPhone app for Kiro, the company's AI coding assistant, will let developers start and monitor that work from their phones. Deepak Singh, the AWS VP who leads the Kiro team, said the overarching idea is to take the background work AI has piled onto people -- reviewing code, triaging security findings, keeping software current -- and let agents handle it with minimal human intervention. The faster AI writes code and surfaces problems, he said, the more there is for humans to review, test, and maintain: "Those are all good problems to have, but they are real problems." AWS also expanded AgentCore, its platform for building agents, and introduced AWS Context, a service that organizes a company's data so agents can reason over it. Announcing the new Continuum security agent, AWS cited the rise of powerful AI models -- most notably Anthropic's Claude Mythos -- that can now find software flaws and chain them into serious attacks faster than any human team can respond. Amazon made headlines for raising concerns about those same models, reportedly warning Trump administration officials about security risks in Anthropic's most advanced AI, before a government order forced the lab to take its two newest models offline. Continuum is starting with code vulnerabilities, and AWS says it will expand to other aspects of security in the future. It works through issues the way a human team would, if given the time: triaging the findings, testing whether a vulnerability is exploitable, and then proposing a fix, with an estimate of what else the change might break. In categories where the customer has granted the agent autonomy, Continuum can apply the fix itself, feeding the change into an existing deployment pipeline. Neha Rungta, AWS director of applied science, said in an interview that this kind of speed is necessary given the acceleration of the threats. AI can now chain minor flaws together, she said, combining two medium-severity findings and a low one into something critical. "That was something that would have taken a lot of effort, expertise, and determination for an attacker to get through -- so the floor has been lowered," said Rungta, who led the work on Continuum. "The goal is to raise that floor up again."
[3]
Five thoughts from Swami Sivasubramanian's keynote at AWS Summit and what it means for IT pros
Five thoughts from Swami Sivasubramanian's keynote at AWS Summit and what it means for IT pros When Amazon Web Services Inc. held its New York Summit last week, Vice President of Agentic AI Swami Sivasubramanian as usual was the headline act, delivering the opening keynote. Sivasubramanian made the case to enterprise leaders that the artificial intelligence conversation has moved beyond pilots and productivity hacks into a world where the real advantage lies in compounding momentum across work, security, software delivery and data. For IT pros, that means your architectural decisions over the next 12 to 18 months will determine whether AI agents become a force multiplier or a new source of chaos. Here are five big ideas from Sivasubramanian's keynote and what they mean for those responsible for building and operating enterprise technology: 1. From 'faster search bars' to compounding agents Sivasubramanian's main critique of the first generation of AI assistants is that they never broke out of chat-window gravity. They sit on top of tools, answer a question and then forget. "We gave them chat windows and connected them to our tools," he said. "They answer one question, and then they forget. The promise was intelligence, but what we got was a slightly faster search bar. Faster search doesn't compound; it flatlines." The alternative he laid out is an agentic model in which every completed task feeds the next. "What you really need is agents that actually change the way you work, not just speed up the steps, but completely eliminate them," Swami argued. "If humans are still forced to be the orchestration layer, your momentum actually has a ceiling." In his framing, "every task that their agents complete makes the next one smarter," creating "compounding momentum" and widening the gap between early adopters and those who wait. That's the design center for Amazon Quick, an AI assistant that "states the outcome you want and figures out how to get there across all your systems, all your data and all your context," powered by a knowledge graph that reasons across people, documents, communications and data lakes. In the live demo, Quick assembled a marketing report by pulling data from Slack, Google Drive and OneDrive in about 20 seconds -- work, Sivasubramanian said, "would have taken probably hours of actual research" before. Implications for IT pros: This model assumes your collaboration and data platforms are open to agent access and governed by strong identity and policy controls. The job shifts from choosing yet another assistant to curating an ecosystem where agents can safely traverse silos. Connectors, metadata and policy enforcement become as important as model choice. This is a vastly different role for IT pros, but one that's critical for companies that succeed with their agentic initiatives. 2. Security: Ending the 'walled garden vs. wild garden' tradeoff On security, Sivasubramanian highlighted a dilemma many chief information security officers will face. On one side, "agents that work inside their own walled garden only see what's inside their own productivity suite. The moment you need something outside the wall, you are back to being the orchestrator." On the other hand, open tools "do not offer the level of security, compliance and governance that enterprises demand. You traded the walled garden for the wild one." "This is a false choice," he said. "Quick doesn't ask you to choose. No walls, no copy-and-paste bridges, and every action it takes carries its own governance. Who acted on it, what data they touched, where it went, and whether the policy allowed it." That theme continues with AWS Continuum, a suite of agent-driven security capabilities spanning penetration testing, threat modeling and code vulnerability assessment. Chet Kapoor, who leads security, observability, search and governance products, described the shift from "telemetry, storage, query and dashboards for humans" to "telemetry to context to reasoning to actions for agents." Telemetry without context is "noise," he said; with context, it becomes a "signal" agents can act on. Customer stories were included to make the stakes concrete. Swami cited GoDaddy using Amazon Quick to eliminate "15,000 hours of manual work annually." He also highlighted the NBA's use of Quick to structure 25 years of prospect data into interactive leaderboards and comparisons. Implications for IT pros: Security operations are headed toward agents taking actions under policy, not analysts staring at dashboards. That raises the importance of policy as code, identity boundaries, least-privilege design, and clear "rails" for where agents can operate. The conversation with the CISO is no longer "Should we use AI?" but "What will we allow AI to do, and under what guardrails?" 3. Software delivery as a closed loop If the first wave of generative AI was about coding copilots, this keynote reframed the narrative around end-to-end software delivery loops. "Write it right, ship it fast, keep it modern - not three tools, one continuous loop, always running, always compounding," he said. That loop is already in production at Amazon Stores, where teams behind the retail experience saw a "median 4.5x improvement in how fast correct code reaches production, with some teams hitting up to 17x," and "AI-generated code changes landing with 95% accuracy, higher than the human baseline." Kiro is the engineering agent that anchors the "write it right" part of the loop. You give it a prompt, and it generates "clear requirements, structured design docs, implementation tasks, and validated tests before a single line of code is generated." It then uses agents and property-based testing to implement and verify. Swami pointed to fintech startup Dhan, which needed to support more than 170 complex trading indicators. Without agents, it estimated "over a dozen engineers in a period of 12 to 24 months;" with Kiro, "all this was built by a single engineer in just eight weeks." The loop extends into operations. AWS DevOps Agent started as an incident-response companion used by customers like T-Mobile and United Airlines; now AWS is adding release management. It can project production risk from a code change, explore an application such as an end user, score releases, and feed its report "directly to your coding agent to start implementing those fixes automatically." On the other side of the loop, AWS Transform moves from one-time modernization projects to "continuous modernization," performing "continuous state analysis and remediation at machine speed, always watching, always fixing across every code base you own." AWS says customers have already used Transform to eliminate 1.6 million hours of manual modernization work. Implications for IT pros: This is an opinionated pipeline: spec, code, test, release, modernize, repeat, with agents in each phase. To benefit, enterprises will need to standardize how they organize their Git repositories, pipelines and quality gates so agents can act safely across services and to make a cultural shift that treats modernization and reliability work as continuous flows, not project-of-the-year initiatives. 4. Southwest Airlines: A playbook for a 'modern fleet' of systems The most compelling customer story came from Lauren Woods, executive vice president and chief information officer at Southwest Airlines. She linked technology choices directly to lessons from Winter Storm Elliott. "It wasn't our systems that were failing, but they were not designed to keep up with the pace and the level of complexity happening across the operation all at once," she said. To run like a modern airline, "we need technology that operates like a modern fleet." Southwest chose AWS as its preferred cloud partner for a "secure, scalable foundation" and access to innovation. Regarding AI, Woods said she uses Amazon Quick every day, describing a shift from "looking at data after the fact to interacting with it in real time" across fare and revenue analysis and call center behavioral trends. The impact has been faster decisions, closer to the point of action. For engineering, Southwest scaled Kiro to "more than 2,700 developers, about two-thirds of our engineering organization," using it for unit test generation, infrastructure as code, and faster onboarding. The Southwest.com platform, which is mission-critical and built on legacy architecture, had a long modernization roadmap. Using Kiro, "our teams have accelerated that modernization significantly, pulling the original timeline in by three years," Lauren said. "We're making it easier to build on, evolve and scale as our business changes." Implications for IT pros: Southwest is an excellent case study. AI-augmented decision-making across the business, agents embedded in the SDLC at scale, and modernization and transformation running in parallel. It's also a reminder that the key performance indicator for AI initiatives will increasingly be operational resilience and customer satisfaction, not just developer productivity. 5. Agent platforms: Harness, guardrails and context as first-class primitives The final act of the keynote shifted from AWS-built agents to the agents that customers will build themselves. Sivasubramanian noted that "the agents that will matter the most are the ones for your business that only you can create," but many are "stuck between prototype and production" because teams are re-implementing basics: authentication, memory, tool access, security and governance. Amazon's answer is AgentCore, which provides "core components to build agents" and includes a managed runtime, built-in identity, session memory, observability, evaluations and access controls. It is designed to work with any agent framework and model. Over the past six months, Swami said, "the number of tasks performed by agents in AgentCore has grown by 15x," and customers such as PGA TOUR, Nasdaq and Visa are building production agents in weeks instead of months. Two concepts are important here. First, the harness. Sivasubramanian described the model as the "brain" and the harness as the "body" that provides "state persistence, error recovery, context management, [and] session isolation." AgentCore Harness can turn a model into an agent in minutes with three application programming interface calls. Second, Agent Core Policies define what agents can and cannot do and are enforced "outside the agent's code, where the agent can't bypass it," including detection of prompt attacks, harmful content, and sensitive data. AWS plans to ingest signals from third-party security providers into that policy layer. Underpinning this is context. AWS Context automatically builds a knowledge graph across structured and unstructured data and exposes it to agents at runtime. Swami pointed out that within Amazon, the semantic knowledge store behind Q processes "over 1.8 million requests" per day, mapping business semantics ("escalations" vs. "tickets") and relationships across systems. In the enterprise, that graph spans public web data via managed search tools, organizational content in S3, SharePoint, Confluence, and Google Drive, and structured data in lakes and warehouses. Implications for IT pros: This is the AI platform north star: an agent runtime/harness, a policy and guardrail layer outside prompts, and a governed context service -- often graph-based -- that encodes how your business works. Whether you adopt AWS' stack or assemble your own, success will come down less to prompt engineering and more to how well you design skills, policies and knowledge graphs that reflect your domain. Final thoughts Sivasubramanian's core point is that agents aren't a feature toggle but an architectural choice. The advantage goes to organizations that design for compounding momentum across work, security, software delivery and data, rather than to those that simply switch on Amazon Quick, Kiro or DevOps Agent. For information technology leaders, that means treating agent access, guardrails and context as platform services, embedding AI more deeply in delivery and operations, and copying the Southwest playbook: Start with a high-impact domain, align business and engineering on outcomes, and let agents handle the undifferentiated heavy lifting while your teams focus on domain-specific decisions. Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.
[4]
AWS says AI agents can work on their own. It's also building tools to keep them in line
Amazon Web Services has an even more ambitious version of that vision in store. At AWS Summit on Wednesday, the company unveiled new agentic AI capabilities for its platform, aimed at everyday enterprise operations. The centerpiece is a set of updates to Amazon Quick, its workplace AI assistant for nondevelopers, that lets users create autonomous agents by describing them in plain language and deploying them in seconds with no code. Tell it to monitor overnight regulatory filings, compare them against company policies, and deliver an impact assessment by morning. AWS says the agent works continuously in the cloud and grows more effective over time, learning from interactions. But the rest of the Summit announcements tell a stranger, more revealing story. The same company selling effortless autonomy is also shipping an arsenal of tools whose entire purpose is to watch those agents, second-guess them, and undo their work. AWS unveiled a release-management capability for its DevOps Agent that vets AI-generated code for production readiness because, as the company frames it, coding agents now write at extraordinary speed while human review still crawls. It also introduced a tool named Zero Debt, built on the premise that the faster code is generated, the faster technical debt compounds -- meaning cleanup must become continuous and autonomous, too. A new security capability begins every remediation in "learn mode" and graduates to autonomous enforcement only as confidence grows.
Share
Copy Link
AWS introduced new autonomous agents at its New York Summit, including Continuum for security vulnerabilities and enhanced Amazon Quick capabilities. The announcements reveal a careful balance between AI autonomy and human oversight, as the company deploys tools to monitor and control the same agents it claims can work independently.

AWS introduced a suite of AI agents at its New York Summit designed to operate continuously across security, DevOps, and workplace productivity
1
2
. The centerpiece announcements include AWS Continuum, a security agent now in closed preview that performs vulnerability scans and generates fixes, and significant updates to Amazon Quick, the workplace AI assistant that now lets users build autonomous agents using plain language4
. Matt Wood, chief AI and technology officer, emphasized that these agentic AI systems should run continuously in the background rather than on demand, marking a shift from chat-based assistants to agents that complete tasks without constant human intervention1
.AWS Continuum represents the company's answer to accelerating cyberattacks, particularly those enabled by advanced AI models like Anthropic's Claude Mythos that can chain minor flaws into critical exploits
2
. The security agent prioritizes findings that are actually reachable in production paths, demonstrates exploits in a sandbox environment, and generates suggested fixes including network changes or code patches1
. Neha Rungta, AWS director of applied science who led Continuum's development, explained that AI can now combine two medium-severity findings and a low one into something critical, lowering the barrier for attackers2
. Continuum starts in a supervised "learn mode" and earns the right to act independently only as customers grant permission category by category, revealing AWS's cautious approach to AI autonomy and human control2
.The AWS DevOps Agent, made generally available in March after its preview at re:Invent in late 2025, now includes release management capabilities that assess code readiness and run software in AWS-managed isolated environments
1
. This addition addresses a growing problem: AI-driven DevOps tools now generate code at extraordinary speed while human review remains slow4
. The agent supports Model Context Protocol (MCP) for calling tools and now exposes its own MCP endpoint, plus support for Google's Agent2Agent (A2A) protocol to enable agent collaboration1
. DevOps Agent integrates with observability tools including AWS CloudWatch, Datadog, Dynatrace, New Relic, and Splunk, as well as repositories like GitHub and GitLab, and can connect to Microsoft Azure and Azure DevOps1
.Swami Sivasubramanian, VP of Agentic AI at AWS, criticized first-generation AI assistants as "slightly faster search bars" that answer questions and forget, arguing the industry needs agents that create "compounding momentum" where each completed task feeds the next
3
. Amazon Quick now allows users to create background agents via voice prompts or choose from pre-configured agents, with a redesigned activity feed that triages email, messages, and calendar items into one prioritized view1
2
. The service now connects to hundreds of third-party services including Gmail, Slack, Microsoft Teams, SharePoint, Adobe, Figma, Snowflake, and WhatsApp1
2
. GoDaddy reportedly eliminated 15,000 hours of manual work annually using Quick3
.Related Stories
Kiro, AWS's specification-driven AI coding assistant, now offers a closed preview iOS mobile app that lets developers launch and manage remote sessions from their phones
1
. The native app features three interaction modes—chat, spec for specification workflows, and autonomy for delegating tasks—and renders code diffs as cards designed for small screens1
. Deepak Singh, AWS VP leading the Kiro team, noted that faster AI code generation creates more work for humans to review, test, and maintain, describing these as "good problems to have, but real problems"2
. AWS also introduced AWS Context, a service that maps company data into knowledge graphs for agentic search, publishing metadata into Amazon S3 tables in Apache Iceberg format with identity-aware queries1
. Bedrock AgentCore, the platform for custom agents, now includes managed knowledge bases, web search, and the ability for agents to access paid content like financial market feeds1
.Sivasubramanian framed security and governance as a false choice between "walled gardens" that limit agent capabilities and "wild gardens" that lack enterprise controls
3
. Quick addresses this by ensuring every action carries its own governance, tracking who acted, what data they touched, where it went, and whether policy allowed it3
. For IT professionals, this shift means architectural decisions over the next 12 to 18 months will determine whether autonomous agents become force multipliers or sources of chaos, with policy as code, identity boundaries, and least-privilege design becoming as critical as model selection3
. The simultaneous release of autonomous capabilities and extensive guardrails suggests AWS recognizes the tension between selling effortless autonomy and the reality that enterprises need tools to monitor, second-guess, and potentially undo agent actions4
. Wood claimed that while frontier token costs continue rising, the cost normalized for a particular level of intelligence decreases year over year, though services like Quick use subscription pricing and DevOps Agent charges per-second usage fees1
.Summarized by
Navi
[1]
[2]
[3]
02 Dec 2025•Technology

28 Apr 2026•Technology

17 Jul 2025•Technology

1
Technology

2
Policy and Regulation

3
Policy and Regulation
