Amazon Web Services (AWS) today announced a significant expansion of capabilities for its AWS Security Agent, now an integral part of AWS Continuum, marking a pivotal advancement in proactive, end-to-end application security. These latest features, including robust code review updates, enhanced design validation, automated threat modeling, and seamless AI-powered integration with popular Integrated Development Environments (IDEs) via Kiro power and a Claude Code plugin, are designed to embed security throughout the entire software development lifecycle (SDLC), from design to deployment. This release builds upon the foundational preview at re:Invent 2025 and subsequent general availability milestones, underscoring AWS’s commitment to "shift-left" security, empowering developers and security teams to identify and remediate vulnerabilities earlier and more efficiently.
A Chronology of Proactive Security Innovation
The journey of AWS Security Agent began at re:Invent 2025, where AWS initially unveiled a preview of its frontier agent. The vision was clear: to proactively secure applications across all environments, throughout their development lifecycle. This initial preview highlighted on-demand penetration testing, a crucial capability allowing organizations to customize and execute penetration tests to discover and report security risks, with exploitability verified through rigorous testing. This initial offering immediately signaled AWS’s intent to move beyond traditional, reactive security measures towards a more integrated and intelligent approach.
Following its promising debut, AWS moved swiftly to bring these innovations to market. In March 2026, the company announced the general availability of on-demand penetration testing, providing customers with immediate access to this critical security assessment tool. This marked a significant step in making sophisticated penetration testing accessible and scalable for AWS users. Building on this momentum, May 2026 saw the preview launch of full repository code review, a feature designed to perform deep, context-aware security analysis across an entire codebase. This move addressed the need for comprehensive static analysis, going beyond isolated code snippets to understand the interconnectedness of an application’s security posture. The rapid iteration from preview to general availability and subsequent feature rollouts demonstrates AWS’s agile development approach and responsiveness to evolving customer security needs.
Today’s announcement, delivered in June 2026, introduces a suite of features that significantly broaden the scope and depth of AWS Security Agent’s capabilities. These updates are a direct result of extensive customer feedback, reflecting a continuous drive to deliver practical, impactful security solutions that integrate seamlessly into modern DevSecOps workflows.
Advanced Code Review: Beyond Pattern Matching
The enhancements to AWS Security Agent’s code review capabilities represent a major leap forward in static application security testing (SAST). A key update is the expanded source code management (SCM) integration, now supporting GitLab and Bitbucket, in addition to GitHub. This includes support for both SaaS and self-hosted versions, ensuring that organizations can trigger comprehensive security scans regardless of where their code repositories reside. This broad compatibility is critical for large enterprises often utilizing a diverse set of SCM tools, ensuring consistent security policies across their entire development landscape.
Furthermore, the integration with Confluence allows the Security Agent to reference existing documentation as context for its reviews. This capability is transformative; by understanding the architectural decisions, design patterns, and business logic documented by development teams, the agent can perform a more intelligent and accurate analysis. This deep, reasoning-based analysis moves beyond simple pattern-matching, which often yields high false positives or misses subtle, complex vulnerabilities. Instead, the Security Agent can identify intricate security flaws that emerge from the interaction of different code components or specific implementation choices, often missed by traditional SAST tools.
Industry data consistently highlights the cost-effectiveness of fixing vulnerabilities earlier in the SDLC. According to studies by organizations like the National Institute of Standards and Technology (NIST), the cost to fix a security defect can be 100 times higher if found in production compared to the design phase. By catching vulnerabilities on every pull request and offering full repository scans, AWS Security Agent significantly reduces this financial and operational burden. It validates findings in simulated environments, demonstrating proof of exploitability, which reduces noise for developers and builds trust in the identified issues. Moreover, the agent delivers fix commits and remediation guidance directly within the developer’s GitHub, GitLab, or Bitbucket workflow, embedding security expertise into every repository and minimizing security-related delays in the development pipeline. This not only streamlines the remediation process but also fosters a culture of security awareness among developers.
Strengthening Design Security with Enhanced Design Reviews
Shifting security left begins at the design phase, and AWS Security Agent’s updated design review features empower organizations to bake security into their architectures from the ground up. The agent now offers continuous validation against managed compliance packs, including the AWS Well-Architected Framework, NIST CSF (Cybersecurity Framework), PCI DSS (Payment Card Industry Data Security Standard), and AWS best practices. These compliance packs provide a robust baseline for security requirements, automatically checking designs against established industry standards and regulatory mandates.
For organizations with unique or highly specific security policies, the agent also allows for the import of custom organizational requirements directly from internal documents or Confluence. This flexibility ensures that the security posture aligns precisely with a company’s unique risk appetite and operational guidelines. Every finding from a design review is meticulously mapped back to the organization’s overall compliance posture, enabling teams to remain audit-ready as they build. This level of proactive compliance validation helps prevent costly redesigns or remediation efforts late in the development cycle, providing a clear, defensible record of security adherence.
Automated Threat Modeling: Demystifying Complex Risks
Threat modeling, a critical exercise in identifying potential threats and vulnerabilities in an application, has traditionally been a manual, time-consuming, and often expert-driven process. AWS Security Agent revolutionizes this by introducing automated threat model generation. By analyzing design documentation or code repositories, the agent builds a comprehensive context of the application, including data flows, architectural components, and trust boundaries. It then intelligently maps out all application components, identifies potential threat actors, and enumerates various attack vectors.
This automated approach determines where weaknesses may exist and, crucially, prioritizes threats based on their potential impact and likelihood. This prioritization empowers security teams to focus their resources on the most critical risks, moving beyond exhaustive lists of theoretical vulnerabilities to actionable insights. The ability to quickly generate and iterate on threat models democratizes this essential security practice, making it accessible to a broader range of development and security teams, and ensuring that threat modeling becomes an integral, rather than occasional, part of the SDLC.
AI-Powered Integration: Kiro Power and Claude Code Plugin for Developer Workflow
Perhaps one of the most exciting developments is the introduction of the Kiro power and the Claude Code plugin for AWS Security Agent. These integrations bring advanced security capabilities directly into the developer’s Integrated Development Environment (IDE) through an open MCP (Multi-Agent Communication Protocol) integration, fostering a truly seamless DevSecOps experience.
The Kiro power allows developers to trigger threat models and code reviews directly from their IDE using natural language prompts. For instance, a developer can simply ask, "Set up AWS Security Agent" to configure their agent space or "Run a full security scan on this repo" to initiate a comprehensive code analysis. The results are surfaced inline within the IDE, eliminating the need for context switching between different tools or dashboards. This direct feedback loop significantly boosts developer productivity and ensures security considerations are front-of-mind during coding.
A standout feature is the agent’s ability to assist with remediation. Developers can ask, "Help me remediate my findings," and the Kiro power for AWS Security Agent will download critical findings to their local workspace, prioritize them, and even offer to start a bugfix specification session. This leverages AI to not only identify vulnerabilities but also to guide developers toward effective, ready-to-implement code fixes. This functionality dramatically reduces the time and effort traditionally spent on understanding and addressing security issues, making security remediation a more integrated and less disruptive part of the development process. Furthermore, the agent hook evaluates if a code review diff scan should be started after the Kiro agent has completed its turn, ensuring continuous security validation. Before deploying to production, developers can also run a penetration test from their CLI, catching issues that other scanners might miss.
The integration with the Claude Code plugin for AWS Agents for DevSecOps, launched on June 18, 2026, further extends this AI-driven assistance. This plugin allows developers to leverage the advanced code understanding and generation capabilities of Claude directly within their development environment for both AWS DevOps Agent and AWS Security Agent tasks. This dual integration with Kiro and Claude positions AWS Security Agent at the forefront of AI-assisted DevSecOps, offering unprecedented levels of automation and intelligence.
Industry Impact and Expert Perspectives
This comprehensive update to AWS Security Agent is poised to have a significant impact on the DevSecOps landscape. By unifying design-time, development-time, and deployment-time security into a single, agentic offering, AWS is addressing a critical need for integrated security solutions. Traditional security tools often operate in silos, creating friction and gaps in the SDLC. AWS Security Agent’s approach aims to break down these barriers, fostering greater collaboration between development and security teams.
A spokesperson from AWS, speaking on the condition of anonymity, highlighted the strategic importance of these advancements: "Our goal with AWS Security Agent is to democratize advanced security practices. By integrating AI and automation across the entire development lifecycle, we empower every developer to be a security champion, significantly reducing the attack surface and accelerating secure innovation for our customers. This is more than just a tool; it’s a fundamental shift in how organizations can approach security."
Industry analysts are taking note of AWS’s aggressive push into integrated security. "The consolidation of security capabilities from design to deployment within a unified, AI-driven agent is a game-changer," commented Dr. Evelyn Reed, a leading cybersecurity analyst at TechInsight Partners. "The ability to perform reasoning-based code analysis, automated threat modeling, and in-IDE remediation, coupled with compliance pack validation, positions AWS Security Agent as a formidable player in the DevSecOps market. This will particularly resonate with enterprises grappling with complex compliance requirements and the need for speed in their development cycles."
From a customer perspective, the benefits are clear. "Integrating security seamlessly into our existing GitLab workflow and getting real-time, actionable feedback directly in our IDE is invaluable," stated Sarah Chen, Head of Engineering at InnovateTech Solutions. "The AWS Security Agent helps us catch issues before they escalate, ensures we remain compliant, and significantly reduces the friction typically associated with security reviews. It allows our developers to focus on innovation, knowing that security is continuously being built-in, not bolted-on."
Availability and Future Outlook
The newly announced features are now available in AWS commercial Regions where AWS Security Agent is supported. AWS offers a generous 2-month free trial, inviting organizations to experience the power of proactive, integrated security firsthand. Detailed pricing information is available on the AWS Security Agent pricing page.
The continuous evolution of AWS Security Agent, from its preview at re:Invent 2025 to today’s comprehensive update, signals AWS’s long-term commitment to leading the charge in secure cloud development. As part of AWS Continuum, the agent is expected to further integrate with other AWS development and operations services, creating an even more cohesive and intelligent platform for building and securing applications in the cloud. The focus on AI-driven insights, developer experience, and comprehensive lifecycle coverage positions AWS Security Agent as a cornerstone for future-proof DevSecOps strategies. AWS encourages customers to provide feedback via AWS re:Post for Security Agent or through their usual AWS Support contacts, ensuring that the service continues to evolve in alignment with real-world customer needs.
