Amazon sends AI agents into pen testing and DevOps

Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent.

“These agents are changing the way we secure and operate software. AWS Security Agent compresses penetration testing timelines from 2-6 weeks to 1-2 days. AWS DevOps agent gives teams 3–5x faster incident resolution so they can spend less time on incident resolution and more time innovating”, said Swami Sivasubramanian, VP, AI Amazon Web Services.

AWS Security Agent

AWS Security Agent enables on-demand penetration testing for applications, addressing gaps created by periodic testing limited by time and cost.

The tool identifies vulnerabilities, attempts exploitation using targeted payloads and attack chains, and verifies whether they pose security risks. By analysing source code, architecture diagrams and documentation, it maps how weaknesses connect and form higher-severity attack paths that may be missed by traditional scanners.

“Unlike traditional AI assistants that help with individual tasks, frontier agents act as extensions of your team, delivering complete outcomes. They don’t just respond to prompts—they work autonomously to solve complex problems, make decisions across multiple steps, and operate continuously until they achieve their objectives,” noted Sivasubramanian.

AWS DevOps Agent

AWS DevOps Agent handles operational tasks by resolving and preventing incidents, improving application reliability and performance, and supporting SRE functions in AWS, multicloud and on-premises environments.

The agent investigates incidents by correlating telemetry, code and deployment data, and integrates with observability tools, runbooks, code repositories and CI/CD pipelines.

“For operations teams, this means faster incident resolution and improved productivity,” added Sivasubramanian.

The agent also provides mitigation plans with structured specifications, uses historical data to generate recommendations for observability and system resilience, and builds an application view through automatic discovery and dynamic topology mapping in different environments.

“These frontier agents represent a new way of operating—one where AI systems act as true extensions of your team, fully owning certain tasks while you focus on what matters most strategically,” concluded Sivasubramanian.