惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
P
Palo Alto Networks Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Cisco Talos Blog
Cisco Talos Blog
AI
AI
L
LINUX DO - 最新话题
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The GitHub Blog
The GitHub Blog
I
Intezer
Blog — PlanetScale
Blog — PlanetScale
有赞技术团队
有赞技术团队
S
Securelist
博客园_首页
IT之家
IT之家
Schneier on Security
Schneier on Security
博客园 - 叶小钗
罗磊的独立博客
WordPress大学
WordPress大学
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
W
WeLiveSecurity
The Register - Security
The Register - Security
D
DataBreaches.Net
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Recorded Future
Recorded Future
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tailwind CSS Blog
N
News and Events Feed by Topic
Cyberwarzone
Cyberwarzone
T
Tor Project blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com

The Register - Special Features: AWS Re:invent

DJ Garman drops the ball instead of the bass in AWS re:Invent keynote Amazon keeps the pressure on Intel, AMD with 192-core Graviton5 CPU Amazon is forging a walled garden for enterprise AI AWS offers AI-in-a-box for enterprise datacenters AWS admits AI coding tools cause problems, reckons its three new agents fix 'em Amazon primed to fuse Nvidia's NVLink into 4th-gen Trainium accelerators AWS: How do you do, fellow kids? Please watch our keynotes in Fortnite AWS, Google roll out multi-cloud fix they said wasn't needed AWS under pressure as big three battle to eat the cloud market Countries use cyber targeting to plan strikes: Amazon CSO EU eyes AWS, Azure for gatekeeper tag in cloud clampdown Geopolitics push European CIOs to think local on cloud Atlassian moves Jira, Confluence instances to AWS Graviton
AWS joins Microsoft, Google in the security AI agent race
Jessica Lyons Jessica Lyons · 2025-12-03 · via The Register - Special Features: AWS Re:invent

AWS Re:invent

Preview tool promises quicker reviews and faster flaw-finding for cloud apps

RE:INVENT AI agents are key to launching applications more quickly – and making them more secure from the start, Amazon says.

To that end, the cloud giant has rolled out AWS Security Agent in preview today at its annual re:Invent conference. It's free to use – with usage limits – during the public preview period, but there's no word yet from Amazon as to when it will be generally available.

But unlike Google and Microsoft, AWS's approach to agentic AI for security-specific use cases seems a little more subdued with one agent – as opposed to tasking agents with all the security things.

"AWS Security Agent is a single frontier agent that proactively secures your applications throughout the development lifecycle across all your environments," AWS Director of Applied Science Neha Rungta told The Register

Security teams define corporate requirements and standards, then the agent conducts automated reviews to ensure these are being met. It also does on-demand penetration testing customized to organizations' applications and reports any security risks.

"The penetration testing agent creates a customized attack plan informed by the context it has learned from your security requirements, design documents, and source code, and dynamically adapts as it runs based on what it discovers, such as endpoints, status and error codes, and credentials," said Esra Kayabali, AWS senior solutions architect, in a blog shared with The Register ahead of publication.

This task alone can shave weeks or even months off applications' security validation processes, according to Rungta.

"Customers have told us that AWS Security Agent's on-demand penetration testing allows them to begin receiving results within hours compared to what would have taken weeks of scheduling and back-and-forth communication between teams," Rungta said. 

"Others have told us that AWS Security Agent's design time findings helped them save significant development time and effort," she added. "Fixing design time issues before any code is written is painless, whereas it would have been extraordinarily painful had it been flagged by the application security team three months later."

AWS says that its Security Agent is more effective than static application security testing and dynamic application security testing tools because the agent is context-aware, meaning it understands the application's code and design, where it will run, and any company-specific security requirements. 

Users can upload artifacts to provide context about their application being tested, Rungta explained. Plus, customers can give the agent access to their GitHub repositories for additional context in penetration testing, "to post comments on pull requests, and to submit pull requests with remediations for penetration test findings," she added.

Humans review these penetration test findings, along with all the design and code review, and can configure the security agent to either automatically submit pull requests with remediations based on these findings, or manually trigger pull requests after review.

While Amazon already reportedly uses AI agents to proactively find security flaws and suggest fixes internally, it hasn't been as quick to roll out security-focused agents to customers as its cloud competitors.

Microsoft is arguably furthest along in this process of task-specific agents and AI-infused security products with Redmond introducing 11 Security Copilot agents at a press event in March.

In August, it touted an autonomous AI agent prototype, called Project Ire, that Microsoft claims can detect malware without human assistance. But in a real-world test of 4,000 "hard-target" files (these files weren't classified by automated systems and would otherwise be manually reviewed by human reverse engineers), the agent only detected 26 percent of all the malware.

Meanwhile, Google is also developing its own security-minded AI agents including one that can triage security alerts by analyzing the context of each incident and give the humans in charge advice about which ones merit a response. Another one analyzes malware and determines the extent of the threat it poses. 

Last month, the Chocolate Factory said yet another AI agent-powered security tool called CodeMender, which automates patch creation, can identify the root cause of a vulnerability, then generate and review a working patch – but it still needs a human to sign off on the fix. ®