AI agents are writing your code now. Not helping you write it, but actually specs, designing systems, scaffolding infrastructure, and opening pull requests. The job of a dev is changing into reviewing and directing, not typing line by line code.

That's what AWS Kiro is built for.

And it raises an uncomfortable question: if an AI agent is generating your code, who's responsible for making it secure?

We've spent the last couple of years building Aikido into the places developers actually work (IDE integrations, CI/CD pipelines, cloud posture checks). We've watched the toolchain evolve, and we've been deliberate about where we place our bets. Today, we're placing a big one.

Aikido is the first security ISV globally that AWS is going to market with Kiro and the first security company in our region selected as part of this pilot program.

What Kiro is (and why security can't be an afterthought)

Kiro is AWS's new agentic development environment. It's not a code assistant bolted onto an IDE. It's an autonomous system: you give it a goal, it generates requirements, designs the system, writes the code, runs the tests, and updates the docs. Spec-driven, agent-executed.

While powerful, agentic development expands the attack surface.

When code generation was 10% of the workflow, you could catch security issues in review. When agents are generating roughly 60 to 70% of the code (including infrastructure configs, dependency selections, and API integrations), "catching it in review" doesn't scale. You need security to be part of the loop that the agents are already in. 

The integration: Security in the agent loop

Aikido integrates directly into Kiro's agentic workflow. Every change those agents produce is automatically analyzed for:

• Vulnerabilities in application code across all major languages and frameworks
• Exposed secrets and credentials caught before they ever hit a commit
• Insecure infrastructure configuration IaC scanning from the first line

What you get is not a post-deployment scan, but continuous analysis running inside the development environment, feeding security context back into the same workflow the agents are using to build.

Kiro's agent hooks now include Aikido security checks. The result is what we're calling a self-securing development environment: Kiro builds the feature; Aikido validates and secures it.

"Agentic engineering is changing how startups build, and it's changing how they need to think about security. You can't manually review what an agent produces at the pace it produces it. Aikido's integration with Kiro solves that at the source, which is why they're the first security partner we're going to market with globally."
– Siddharth Iyer, Head of Agentic Engineering GTM Strategy, AWS Startups EMEA

When Aikido finds something, Kiro agents can act on it directly. 

Secure Velocity: eliminating the trade-off

The conventional wisdom has always been that security slows you down. Ship fast, harden later. Get it out the door, then worry about the CVEs. We've never bought that framing, and agentic development makes it completely obsolete.

With their powers combined, Aikido and Kiro end the tension between security and speed. Together, you get the best of both. 

Kiro provides the velocity: teams save 5 to 7x time in the development phase by resolving requirements in the planning phase, before writing any code.

‍Aikido provides the security: automated scanning and fixing across code, cloud, and runtime, so security never becomes the bottleneck (our customers like n8n have seen this first-hand).

Together, they deliver what we're calling secure velocity: the ability to ship AI-generated software at full speed, with built-in security guardrails that scale with the pace of development.

What this means for teams building on Kiro

If you're building cloud-native applications using Kiro, you now have security coverage that moves at the same speed as your agents:

• No context switching: Security insights appear inside your development workflow instead of just a separate dashboard
• No false-positive fatigue: Aikido's reachability analysis filters out irrelevant alerts, surfacing only exploitable risks
• No late-stage surprises: Vulnerabilities caught during development, not during security review before a release
• Compliance without the manual grind: Automated reporting for SOC2, ISO 27001, PCI, DORA, NIS2, HIPAA, and more
• Fast onboarding: Developers up and running in minutes via IDE, CI/CD, and issue management integrations

Why we're excited about partnering with Kiro 

The industry is moving in one direction: security has to be native to AI-driven development, not bolted on after the fact. Being selected as AWS's first global security partner to jointly go to market with Kiro is a signal that we're building in the right place.

The teams that win the next five years are going to be the ones that figure out how to give AI agents the security context they need to build things correctly, not the ones still running manual security reviews on AI-generated code. 

"Security used to follow development. First in CI/CD, then in the IDE. With Kiro, it moves directly into the agent: the thing writing the code. That's where it needs to be. That's what we built this partnership for.”
– Johan De Keulenaer, Head of Partnerships & Channel

If you're building on Kiro, we'd love to show you what Aikido looks like inside that workflow. And if you're not on Kiro yet, you should probably be paying attention.

Want to learn more about how Aikido secures AI-generated code? Check out our Kiro integration page.