AWS launches frontier agents for security testing and cloud operations

I’m excited to announce that AWS Security Agent on-demand penetration testing and AWS DevOps Agent are now generally available, representing a new class of AI capabilities we announced at re:Invent called frontier agents. These autonomous systems work independently to achieve goals, scale massively to tackle concurrent tasks, and run persistently for hours or days without constant human oversight. Together, these agents are changing the way we secure and operate software. In preview, customers and partners report that AWS Security Agent compresses penetration testing timelines from weeks to hours and the AWS DevOps Agent supports 3–5x faster incident resolution.

What makes frontier agents different?

Unlike traditional AI assistants that help with individual tasks, frontier agents act as extensions of your team, delivering complete outcomes. They don’t just respond to prompts—they work autonomously to solve complex problems, make decisions across multiple steps, and operate continuously until they achieve their objectives. These aren’t tools that require constant direction. They’re intelligent systems that understand context, reason through problems, and take action—transforming how organizations approach application security and operational excellence.

AWS Security Agent: Reduce penetration testing from weeks to hours

AWS Security Agent transforms penetration testing from a periodic bottleneck into an on-demand capability. Most organizations limit manual penetration testing to their most critical applications due to time and cost constraints, which can leave the majority of their portfolio exposed between tests. AWS Security Agent changes this by delivering autonomous penetration testing that operates 24/7 at a fraction of the cost, enabling you to test all your applications whenever you need to.

AWS Security Agent operates like a human penetration tester—it identifies potential vulnerabilities, attempts to exploit them with targeted payloads and attack chains, and validates they are legitimate security risks. By ingesting your source code, architecture diagrams, and documentation, it understands how your application was designed and built to identify how individual vulnerabilities connect into higher-severity attack chains that traditional scanners miss. Bamboo Health said, “AWS Security Agent surfaced findings that no other tool has uncovered.” HENNGE K.K. shared that “this allows us to rapidly accelerate our security lifecycle, reducing the typical testing duration by more than 90%.“ Customers are uncovering security risks while dramatically reducing testing timelines.

“I’m excited by how a frontier agent like AWS Security Agent is transforming critical workflows for our customers. They’re able to cut penetration testing time from weeks to hours, while uncovering critical vulnerabilities that traditional scanners miss” said Amy Herzog, Vice President and CISO, AWS. “We’re using Security Agent ourselves at AWS. This is a great example of AI becoming an autonomous partner to deliver comprehensive, continuous protection.”

Learn more in our announcement today.

AWS DevOps Agent: Autonomous operational excellence across multicloud environments

AWS DevOps Agent is your always-available operations teammate that resolves and proactively prevents incidents, optimizes application reliability and performance, and handles on-demand SRE tasks across AWS, multicloud, and on-premises environments. When incidents occur, it autonomously investigates root causes by correlating telemetry, code, and deployment data across your entire stack—whether your applications are on AWS, Azure, hybrid, or on-prem. It works with your observability tools (including CloudWatch, Datadog, Dynatrace, New Relic, Splunk, Grafana), runbooks, code repositories (GitHub, GitLab, Azure DevOps), and CI/CD pipelines just as an experienced DevOps engineer would.

For operations teams, this means faster incident resolution and improved productivity. Customers and partners using AWS DevOps Agent in preview report up to 75% lower MTTR, 80% faster investigations, and 94% root cause accuracy, supporting 3–5x faster incident resolution. The agent provides detailed mitigation plans with agent-ready specifications, learns from historical patterns to deliver targeted recommendations that strengthen observability and system resilience, and builds comprehensive understanding through automatic application discovery and dynamic topology mapping across diverse operational environments. DevOps agent independently takes a live incident and traces it back to the exact code or deployment change. Working together, with tools such as Kiro and Claude Code, DevOps  Agent can generate validated fixes that can be applied back into the system.

Western Governor’s University (WGU), a leading online university serving over 191,000 students, was among the first organizations to deploy Amazon DevOps Agent into production, doing so even ahead of the preview launch at re:Invent. During a recent production investigation, WGU’s SRE team used the DevOps Agent to analyze a service disruption scenario, reducing total resolution time from an estimated two hours to just 28 minutes—a 77% improvement in MTTR. The Agent quickly pinpointed the root cause within an AWS Lambda function configuration, surfacing critical operational knowledge that had previously existed only in undiscovered internal documentation.

Learn more in our announcement today.

Why frontier agents matter

These agents demonstrate the three characteristics that define frontier agents: they work independently to achieve goals across multiple steps, they scale massively to handle concurrent tasks across your entire portfolio, and they run persistently for hours or days to complete complex workflows from start to finish.

This means helping security teams move from periodic testing of critical applications to continuous, comprehensive testing across everything. This means helping operations teams shift from reactive firefighting to proactive system improvement. Both agents extend what your team can accomplish, handling complex work that previously required significant human time and expertise.

AWS Security Agent and AWS DevOps Agent are just the beginning. As we continue developing frontier agents and the tools to build your own frontier agents, we’re focused on making these systems powerful, efficient, and trustworthy. These frontier agents represent a new way of operating—one where AI systems act as true extensions of your team, fully owning certain tasks while you focus on what matters most strategically.

To get started, visit AWS Security Agent and AWS DevOps Agent to learn more.

The frontier of AI agents is here. Let’s build the future together.

About the author

Swami Sivasubramanian is Vice President for Agentic AI at Amazon Web Services (AWS). At AWS, Swami has led the development and growth of leading AI services like Amazon DynamoDB, Amazon SageMaker, Amazon Bedrock, and Amazon Q. His team’s mission is to provide the scale, flexibility, and value that customers and partners require to innovate using agentic AI with confidence and build agents that are not only powerful and efficient, but also trustworthy and responsible. Swami also served from May 2022 through May 2025 as a member of the National Artificial Intelligence Advisory Committee, which was tasked with advising the President of the United States and the National AI Initiative Office on topics related to the National AI Initiative.