惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
IT之家
IT之家
Cyberwarzone
Cyberwarzone
T
Troy Hunt's Blog
有赞技术团队
有赞技术团队
阮一峰的网络日志
阮一峰的网络日志
T
Threat Research - Cisco Blogs
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes
The Hacker News
The Hacker News
Jina AI
Jina AI
T
Tor Project blog
V
Vulnerabilities – Threatpost
酷 壳 – CoolShell
酷 壳 – CoolShell
Spread Privacy
Spread Privacy
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog
Security Latest
Security Latest
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
博客园 - 司徒正美
V2EX - 技术
V2EX - 技术
I
Intezer
The Cloudflare Blog
Cisco Talos Blog
Cisco Talos Blog
SecWiki News
SecWiki News
博客园 - 【当耐特】
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
L
Lohrmann on Cybersecurity
Scott Helme
Scott Helme
Google Online Security Blog
Google Online Security Blog
量子位
The Last Watchdog
The Last Watchdog
AI
AI
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security Affairs
P
Palo Alto Networks Blog
S
Secure Thoughts
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Attack and Defense Labs
Attack and Defense Labs

AWS Open Source Blog

Open Protocols with the Strands Agents SDK | Amazon Web Services Introducing MCP server for Registry of Open Data on AWS | Amazon Web Services Building a Stateful IT Service Desk Agent with LangGraph on Amazon EKS | Amazon Web Services Open Governance for MySQL: A Step Forward for the Community | Amazon Web Services Governing AI Assets at Scale with MCP Gateway and Registry | Amazon Web Services Introducing Trusted Remote Execution: Policy-Enforced Scripts for AI Agents and Humans | Amazon Web Services Decoupling Authorization at Scale: MongoDB Atlas and Cedar-Based Resource Policies | Amazon Web Services Deploying cloud-based engineering workbenches with the Virtual Engineering Workbench on AWS | Amazon Web Services OCSF Achieves ITU Support: Powering AI-Ready Security Operations | Amazon Web Services AWS and Others Invest $12.5M to Defend the Open Source Ecosystem from AI Threats | Amazon Web Services Introducing Strands Labs: Get hands-on today with state-of-the-art, experimental approaches to agentic development | Amazon Web Services Cedar Joins CNCF as a Sandbox Project | Amazon Web Services Building intelligent physical AI: From edge to cloud with Strands Agents, Bedrock AgentCore, Claude 4.5, NVIDIA GR00T, and Hugging Face LeRobot | Amazon Web Services Shaping the future of MCP: AWS’s commitment and vision | Amazon Web Services Introducing Strands Agent SOPs – Natural Language Workflows for AI Agents | Amazon Web Services Announcing ml-container-creator for easy BYOC on SageMaker | Amazon Web Services The Swift AWS Lambda Runtime moves to AWSLabs | Amazon Web Services Jupyter Deploy: Create a JupyterLab application with real-time collaboration in the cloud in minutes | Amazon Web Services Introducing CLI Agent Orchestrator: Transforming Developer CLI Tools into a Multi-Agent Powerhouse | Amazon Web Services Strands Agents and the Model-Driven Approach | Amazon Web Services AWS joins the DocumentDB project to build interoperable, open source document database technology | Amazon Web Services Open Protocols for Agent Interoperability Part 4: Inter-Agent Communication on A2A | Amazon Web Services Powering AI-Driven Security with the Open Cybersecurity Schema Framework | Amazon Web Services Introducing Strands Agents 1.0: Production-Ready Multi-Agent Orchestration Made Simple | Amazon Web Services Open Protocols for Agent Interoperability Part 3: Strands Agents & MCP | Amazon Web Services Open Protocols for Agent Interoperability Part 2: Authentication on MCP | Amazon Web Services Introducing AWS CDK Community Meetings | Amazon Web Services Secure your Express application APIs in 5 minutes with Cedar | Amazon Web Services
Building secure AI agents at scale: Introducing Loom for AWS | Amazon Web Services
Heeki Park · 2026-07-10 · via AWS Open Source Blog

As organizations move to adopt agentic capabilities to accelerate their business objectives, they are challenged with enabling those capabilities within a security and governance framework that complies with enterprise requirements. Some organizations lean into the promise of serverless capabilities, as those fully managed services enable them to build fast and deliver customer value quickly. Amazon Bedrock AgentCore is a portfolio of services for building, deploying, and operating AI agents in production at scale.

While AWS provides the building blocks, organizations must still build agent platforms that weave together agent capabilities and deploy them with guardrails and least privilege security.

To address these challenges, we’re releasing Loom for AWS (Loom), an enterprise-grade platform for building agents with AWS Strands Agents and deploying and operating them on Amazon Bedrock AgentCore Runtime. This post outlines some key capabilities and is targeted for teams that are looking to securely scale agent deployments.

The project is available in AWS Labs at: https://github.com/awslabs/loom/.

A simple, opinionated, enterprise-grade agent platform

Loom provides a unified management UI and backend API with identity provider integration, scope-based authorization, multi-persona navigation, and full lifecycle management for agents, memory, MCP servers, and A2A integrations. It integrates with AWS Agent Registry for discovery and governance and tracks compute and model usage for cost transparency.

When building an agent, Loom brings together all the required, pre-validated configurations. Agents can be deployed as a low-code option onto AgentCore Runtime with a pre-written but configurable Python agent in AWS Strands or directly as a no-code option via AgentCore’s managed harness. The managed harness in AgentCore makes it simple to define and deploy an agent using configuration. Loom layers on top of both, offering agent builders customizability and simplicity of deployment.

Loom is built with three tenets in mind.

Simple. Loom is an agent platform that gives builders the ability to easily create AI agent applications, integrate data sources, and connect to other agents, all with security and governance baked in.

Opinionated. Loom is an opinionated implementation of an agent builder platform that implements agents using the Strands Agents SDK under the hood and leverages AWS managed services like Bedrock for model inference and AgentCore for agent infrastructure, while abstracting the implementation details from the end-user. Thus, Loom is intended for platform engineering teams who are looking to build a greenfield application using fully managed AWS services.

Enterprise-grade. Loom implements enterprise best practices by using a paved path approach, i.e., blueprints with best practices baked-in, to packaging and deploying agentic applications, applying least privilege security, abstracting configuration parameters, and applying strict guardrails on deployments.

The following screenshot shows Loom’s catalog view, the administrator’s landing page and dashboard of agents, memory resources, MCP servers, and A2A agents that are configured in Loom.

In the rest of the post, I outline seven common challenges and how Loom addresses them.

  1. Enforcing consistent application of tags on deployed resources
  2. Implementing fine-grained role-based and attribute-based controls
  3. Implementing blueprints for new services and patterns
  4. Deploying software with rigorous testing, validation, and security scanning
  5. Managing identity propagation through delegated actor chains
  6. Managing the proliferation of agents, tools, and skills
  7. Requiring human-in-the-loop review before taking sensitive actions

Automated resource tagging for cost attribution and governance

Resource tagging in AWS is a standard practice for both cost attribution and applying conditional governance policies. While configuration management databases can track metadata about resource deployments, tags provide simple in-console visibility to relevant metadata, e.g., application identifier, group association, owner id, etc.

Challenge #1. Enforcing consistent application of tags on deployed resources can be challenging. Paved path blueprints are one way customers enforce tagging on deployed resources.

Loom requires three tags and automatically applies them to every resource that it deploys. These include loom:application, loom:group, and loom:owner. It also allows for creating additional custom tags, as organizations often have their own set of required tags.

Loom then combines a set of tags as a tag profile. The three required tags are always included in a tag profile. An administrator can optionally select additional custom tags to include. If additional custom tags are selected, a value is required for that tag profile. For example, suppose I wanted to also include a tag that includes a cost center id. I could create a custom tag loom:cost.center and set a value of 4015 in the tag profile. When Loom creates any resource, a tag profile is a configuration requirement and is used whenever a new resource is created.

The following screenshot shows how tag profiles are constructed. The first shows the base tag profile with three platform required tags and two optional tags. The latter three boxes are example tag profiles with values for each of those required and optional tags.

Implementing RBAC and ABAC for multi-tenant agent security

Granting access based on role or persona is a standard practice for using any type of modern application. Further refining access based on attributes of a particular user profile is a commonly desired capability of most software as a service products.

Challenge #2. Implementing fine-grained role-based and attribute-based controls can be challenging. Unless that is baked into the product at inception, it can be quite challenging to retrofit those security requirements, especially as the user base scales.

Loom uses a 2-dimensional approach for access control: 1/ role type, 2/ group tags. The role type defines the core capabilities and view that is presented, while group tags define which resources are accessible.

For role-based access control (RBAC), Loom has two roles: 1/ administrator, 2/ end user. Administrators see the administrator view upon login, while end users see the chat interface.

For administrators, Loom has two administrator types. The super administrator has full access to the entire system, while the demo administrator has access to most aspects but is restricted in some ways, e.g., can’t see the admin dashboard which has usage metrics, can’t modify resources outside its own demo group.

For users, Loom has administrators, a test user, and a number of demo users. Administrators see the administrator interface, have views into different pages, and can see all resources for pages to which they have access. End users see the chat interface, can only see agents that belong to the same group, and can only see their own conversation history.

For attribute-based access control (ABAC), Loom uses the group tag to define what resources that particular user is allowed to see.

The following chart depicts each of the groups and their associated permissions via scopes.

This approach ensures that users have just the right amount of access to only the subset of resources that they should see.

Performing secure agent deployments with paved path blueprints

Conducting agent deployments with paved path blueprints coupled with governance controls are common among enterprises. Platform engineering teams rigorously test and validate those blueprints to ensure that resources are deployed with least privilege configurations and are integrated with cost management and reporting mechanisms.

Challenge #3. Implementing blueprints for new services and patterns are non-trivial and could require months of research, implementation, and validation.

Loom implements its own control plane API using FastAPI for prescriptively managing agent deployments. It is an abstraction layer on top of the boto3 SDK and implements only the parameters allowed by the system.

This approach collapses the deployment process into an opinionated control plane API and handles the functions of a traditional deployment pipeline.

Conducting configuration-driven agent deployments

Building software involves a lot of moving parts, especially with the latest advancements in agentic coding tools.

Challenge #4. Deploying software requires rigorous testing, validation, and security scanning before agent deployments can occur. This is all the more true of AI-generated code.

Loom builds and deploys agents using Strands Agents and uses a pre-written agent for deployments into AgentCore Runtime. In other words, no code is generated at runtime and deployed into any environment. That would be untrusted code and would need to operate in a secure, isolated compute environment.

The following diagram depicts where configurations are injected during the agent deployment process.

  • Behavioral guidelines are collected from the agent builder and passed in.
  • An optional memory resource deployed in AgentCore Memory is passed in so that lifecycle hooks interact appropriately, with pre-configured long-term memories processing asynchronously.
  • Optional MCP servers and/or A2A agents are configured with requisite, preconfigured OAuth2 configurations.

OAuth2 configurations are pre-defined by the security administrator. In scenarios where both a client id and client secret are required for machine-to-machine auth, only the security administrator is privy to that information. Furthermore, secrets and credentials are not stored directly in Loom. Those are all externalized in AWS Secrets Manager and pulled in only when required. When deployed, inbound and outbound auth is managed using AgentCore Identity.

This low-code approach allows for platform teams to bake a pre-written agent with enterprise customizations, like enterprise logging requirements, and scan it once for deployment, as the code does not change from deployment to deployment. Only configuration is changed, and those configurations are managed by the control plane API.

Alternatively, if no customizations are required, the no-code approach with managed harness for AgentCore can be used. The same approach for deploying agents has been applied to harness with the deployment configurations common but simplified in the backend deployment.

Propagating end user identity and permissions for agentic request chains

As agents become more capable and take actions on behalf of end users, agent systems need to ensure that permissions are scoped to the user and propagate information that an agent is involved in the request chain.

Challenge #5. Managing identity propagation through delegated actor chains is a hard problem to solve. Mapping scopes from hop-to-hop is doubly hard, as disparate identity systems may not have consistent scope nomenclature nor scope semantics.

Loom implements the full authorization code flow when users interact with both the frontend and backend. AgentCore Identity also supports the RFC 8693 token exchange process, which enables both the end user and agent identity to be included in downstream access tokens, while also maintaining the delegation chain. Loom implements and visualizes the full token exchange flow.

The following screenshot shows an agent invocation, which hops from agent in AgentCore Runtime to MCP server in AgentCore Runtime to REST API endpoint in Amazon API Gateway. Each of those hops uses a different access token for authorization, using the on-behalf-of token exchange process.

This ensures that chained agentic requests maintain the originating user’s identity and permissions. This way, downstream actors maintain a least privilege posture, exposing only the data and resources that the originating user is permitted to access.

Managing agentic proliferation with discovery and governance

As adoption of agentic capabilities grows, so does the sprawl of agentic resources, just as we saw in the proliferation of microservices. Traditionally, developer portals and service meshes have acted as discovery mechanisms for cataloging resources. Registries are acting as the central point of collating and exposing information about available and approved agentic resources.

Challenge #6. Managing the proliferation of agents, tools, and skills is a growing challenge as organizations continue to explore agentic capabilities.

Loom integrates with AWS Agent Registry, currently in public preview, for managing agent and tool records, complying with the A2A agent card specification and the MCP tool schema specification. It includes information about agent and MCP server endpoints, authorization, and capabilities. It also applies a governance process, ensuring that agents undergo a review process by some agentic review board before they can be published and made available for production usage.

This helps wrangle the agentic sprawl across the organization, giving teams visibility to what is approved and allowed for usage. It also allows review teams to act as a gate to ensure that agentic adoption is governed and secure.

Using human-in-the-loop approval workflows for agent actions

As agents grow more advanced in capability and access more data systems, organizations should enable these systems in a controlled and incremental manner. Human-in-the-loop feedback can be used in early prototyping to verify that the agentic system is acting as intended builds confidence as production usage ramps and in production when allowing agents to take sensitive actions.

Challenge #7. Requiring human-in-the-loop review before taking sensitive actions is critical, as teams are wary of allowing non-deterministic systems to access and even act on systems that store business or operational data.

Loom implements three patterns of human-in-the-loop feedback, using the underlying Strands Agents hook framework and MCP elicitations to introduce human approval before invoking downstream tools. It uses hooks and interrupts in the Strands Agents framework and native MCP elicitations as defined by the MCP specification and implemented in the MCP SDK.

This ensures that sensitive actions are reviewed and approved by appropriate human users before taking said actions.

Contributing

Loom is an open source project and your feedback and contributions are welcomed! You can find more details for contributing to the code repository.

Conclusion

Loom for AWS is a simple, opinionated, enterprise-grade agent platform. It aims to serve as a concrete example on how organizations might build their own agent platforms.

You can view the source code at https://github.com/awslabs/loom/. The repository includes additional overview documentation, the specifications used to build it, and a deployment guide to test it out yourself. The deployment guide includes information on how to clean up the resources after completing your testing and evaluation.