AWS used its New York Summit on June 17 to pitch AI agents that watch code, test releases, map enterprise data, and let developers manage Kiro sessions from an iPhone.
Amazon Web Services introduced agentic DevOps and security tools at its New York Summit on June 17, with Continuum in closed preview, new release controls for DevOps Agent, and an iOS app for Kiro.
Matt Wood, AWS chief AI and technology officer, said AWS wants customers to move from prompt-on-demand assistants to agents that run in the background across software delivery and operations. That pitch puts AWS deeper into release approval, vulnerability triage, incident response, and modernization work.
AWS named the new security bundle Continuum. Wood said Continuum builds on penetration testing and code review by giving security teams agents that check applications throughout development and production. AWS has two Continuum products at launch: Continuum for code vulnerabilities and Continuum pen testing. AWS will rename its existing Security Agent as Continuum pen testing and Continuum code scanning.
Continuum for code vulnerabilities scans AWS environments, ranks findings by production reachability, and demonstrates exploits in a sandbox, according to AWS. Security teams can use those results to separate exploitable paths from noisy backlog items. AWS says the agent can suggest fixes, including code patches and network changes.
That reachability claim matters for compliance teams because vulnerability management programs often drown in common vulnerability scoring system scores that miss runtime context. A high-scoring flaw in an unused path and a medium-scoring flaw in an internet-facing payment flow deserve different treatment. AWS wants Continuum to make that distinction inside the remediation queue.
AWS also expanded DevOps Agent, which the company previewed at re:Invent in late 2025 and opened for broad use in March. The agent already handles incident response, prevention checks, and on-demand tasks. AWS added release management features in preview that assess code readiness and run builds inside an AWS-managed isolated environment.
Release management gives AWS a stronger role between pull request and deployment. Engineering leaders can ask the agent to evaluate a build, run checks, and report whether the release meets the bar. Compliance teams should treat those reports as decision support and keep a human approver for production systems that affect regulated data, payments, safety, or customer access.
AWS also changed how other tools can call DevOps Agent. The service already used Model Context Protocol servers as inputs. AWS now exposes an MCP endpoint for the Agent API, so another MCP-capable tool can call DevOps Agent. AWS also added support for the Agent2Agent protocol, the open agent communication project Google introduced in 2025.
That protocol work gives AWS a path into mixed-tool environments. DevOps Agent can use observability data from CloudWatch, Datadog, Dynatrace, New Relic, and Splunk. It can read code from GitHub and GitLab. AWS says it can connect to Microsoft Azure and Azure DevOps, which gives enterprises a way to test AWS agents without moving every pipeline onto AWS.
AWS also previewed continuous modernization for AWS Transform, its agentic migration and code modernization workbench. AWS positions the feature for routine library upgrades, framework changes, runtime updates, and larger Java or .NET modernization projects.
Modernization agents can save time on repetitive upgrade work, but they create review duties. Teams should require dependency inventories, test evidence, rollback plans, and owner approval before they accept automated changes. An agent that upgrades a library can also alter licensing exposure, data handling, or support status.
Kiro received the most visible developer update. AWS put the coding tool on iOS in closed preview, with chat, spec, and autonomy modes for cloud sessions. Developers can start or manage remote sessions, review live state, and read code diffs as cards on a phone. AWS says the app uses native iOS code rather than a web wrapper.
Kiro follows a specification-driven approach to AI coding. Developers write requirements and task plans, then Kiro turns them into code, tests, and review material. Kiro supports MCP and uses “powers,” which wrap one or more MCP servers from GitHub. AWS offers powers for services such as DevOps Agent and Lambda, and third parties can connect services such as Datadog and Dynatrace.
The mobile app extends that workflow into off-desk approvals and session steering. That convenience raises governance questions. Teams should decide whether developers can approve diffs from mobile devices, whether mobile access requires device management, and whether Kiro cloud sessions can touch private repositories without extra review.
AWS also previewed AWS Context, a service that maps company data into a knowledge graph for agentic search. AWS compared Context with search in Amazon Quick, but drew a line between personal search and organization-wide search. Context publishes metadata into Amazon S3 tables in Apache Iceberg format, and AWS says identity-aware queries prevent users from reading data they lack permission to access.
Amazon Quick will use the same base technology. AWS says Quick users will be able to create autonomous agents with voice prompts or choose agents from a preconfigured library. AWS also described hundreds of connectors for services such as Gmail, Slack, Microsoft Teams, and SharePoint.
Amazon Bedrock AgentCore received new managed knowledge base, web search, and paid-content features. AWS says agents can spend money on paid sources such as financial market feeds. The Amazon Bedrock AgentCore product page positions the service as a production agent platform for multiple frameworks and models.
Paid-content access creates a control point that security and finance teams need to define before rollout. Teams should set spending caps, vendor allowlists, approval rules, and logs that show which agent bought which source for which user and task.
AWS addressed reliability concerns through AgentCore policy controls and Bedrock Guardrails. Wood said trust blocks adoption of artificial intelligence systems inside many organizations. AWS says AgentCore can provide failure, intent, and trajectory insights across sessions, while policy controls define permitted actions and gateway-layer guardrails check for prompt injection, harmful content, and data exposure.
AWS also acknowledged a hard agent failure class: agents that report success after skipping an approval, inventing inventory, or confirming an order change they did not execute. Compliance teams should use that warning as a test plan. Agents need transaction logs, external reconciliation, approval evidence, and exception handling that humans can audit.
Pricing may shape adoption as much as trust. AWS charges some agent services by subscription and others by per-second use. DevOps Agent pricing depends on task duration, and customers also pay for AWS services that an agent consumes, such as CloudWatch queries. Teams should run pilots with budget alarms, task caps, and chargeback labels before they let agents run across production accounts.
AWS framed the launch around continuous agent work across development, operations, security, and enterprise search. Buyers should start with one narrow process: vulnerability triage, incident review, release readiness, or library upgrades. Give the agent read access first, compare its recommendations with human decisions, then add write permissions after the team has evidence that logs, approvals, and rollback paths work.
Comments
Please log in or register to join the discussion