AWS joins Microsoft, Google in the security AI agent race
(2025/12/02)
- Reference: 1764691372
- News link: https://www.theregister.co.uk/2025/12/02/aws_security_agent_ai/
- Source link:
Re:Invent AI agents are key to launching applications more quickly – and making them more secure from the start, Amazon says.
To that end, the cloud giant has rolled out AWS Security Agent in preview today at its annual re:Invent conference. It's free to use – with usage limits – during the public preview period, but there's no word yet from Amazon as to when it will be generally available.
But unlike Google and Microsoft, AWS's [1]approach to agentic AI for security-specific use cases seems a little more subdued with one agent – as opposed to tasking agents with [2]all the security things .
[3]
"AWS Security Agent is a single frontier agent that proactively secures your applications throughout the development lifecycle across all your environments," AWS Director of Applied Science Neha Rungta told The Register .
[4]
[5]
Security teams define corporate requirements and standards, then the agent conducts automated reviews to ensure these are being met. It also does on-demand penetration testing customized to organizations' applications and reports any security risks.
"The penetration testing agent creates a customized attack plan informed by the context it has learned from your security requirements, design documents, and source code, and dynamically adapts as it runs based on what it discovers, such as endpoints, status and error codes, and credentials," said Esra Kayabali, AWS senior solutions architect, in a blog shared with The Register ahead of publication.
[6]
This task alone can shave weeks or even months off applications' security validation processes, according to Rungta.
"Customers have told us that AWS Security Agent's on-demand penetration testing allows them to begin receiving results within hours compared to what would have taken weeks of scheduling and back-and-forth communication between teams," Rungta said.
"Others have told us that AWS Security Agent's design time findings helped them save significant development time and effort," she added. "Fixing design time issues before any code is written is painless, whereas it would have been extraordinarily painful had it been flagged by the application security team three months later."
[7]
AWS says that its Security Agent is more effective than static application security testing and dynamic application security testing tools because the agent is context-aware, meaning it understands the application's code and design, where it will run, and any company-specific security requirements.
Users can upload artifacts to provide context about their application being tested, Rungta explained. Plus, customers can give the agent access to their GitHub repositories for additional context in penetration testing, "to post comments on pull requests, and to submit pull requests with remediations for penetration test findings," she added.
Humans review these penetration test findings, along with all the design and code review, and can configure the security agent to either automatically submit pull requests with remediations based on these findings, or manually trigger pull requests after review.
[8]AWS goes full speed ahead on the AI agent train
[9]AI agents swarm Microsoft Security Copilot
[10]Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through
[11]Google DeepMind minds the patch with AI flaw-fixing scheme
While Amazon already [12]reportedly uses AI agents to proactively find security flaws and suggest fixes internally, it hasn't been as quick to roll out security-focused agents to customers as its cloud competitors.
Microsoft is arguably furthest along in this process of [13]task-specific agents and AI-infused security products with Redmond introducing 11 Security Copilot agents at a press event in March.
In August, it touted an autonomous AI agent prototype, called Project Ire, that Microsoft claims can [14]detect malware without human assistance . But in a real-world test of 4,000 "hard-target" files (these files weren't classified by automated systems and would otherwise be manually reviewed by human reverse engineers), the agent only detected 26 percent of all the malware.
Meanwhile, Google is also developing its own [15]security-minded AI agents including one that can triage security alerts by analyzing the context of each incident and give the humans in charge advice about which ones merit a response. Another one analyzes malware and determines the extent of the threat it poses.
Last month, the Chocolate Factory said yet another AI agent-powered security tool called CodeMender, which [16]automates patch creation , can identify the root cause of a vulnerability, then generate and review a working patch – but it still needs a human to sign off on the fix. ®
Get our [17]Tech Resources
[1] https://www.theregister.com/2025/07/17/aws_agentcore_ai/
[2] https://www.theregister.com/2025/04/23/agentic_ai_rsac/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/07/17/aws_agentcore_ai/
[9] https://www.theregister.com/2025/03/24/microsoft_security_copilot_agents/
[10] https://www.theregister.com/2025/08/06/microsofts_ai_agent_malware_detecting/
[11] https://www.theregister.com/2025/10/07/google_deepmind_patches_holes/
[12] https://www.wired.com/story/amazon-autonomous-threat-analysis
[13] https://www.theregister.com/2025/03/24/microsoft_security_copilot_agents/
[14] https://www.theregister.com/2025/08/06/microsofts_ai_agent_malware_detecting/
[15] https://www.theregister.com/2025/04/09/google_enterprise_security_ambitions/
[16] https://www.theregister.com/2025/10/07/google_deepmind_patches_holes/
[17] https://whitepapers.theregister.com/
To that end, the cloud giant has rolled out AWS Security Agent in preview today at its annual re:Invent conference. It's free to use – with usage limits – during the public preview period, but there's no word yet from Amazon as to when it will be generally available.
But unlike Google and Microsoft, AWS's [1]approach to agentic AI for security-specific use cases seems a little more subdued with one agent – as opposed to tasking agents with [2]all the security things .
[3]
"AWS Security Agent is a single frontier agent that proactively secures your applications throughout the development lifecycle across all your environments," AWS Director of Applied Science Neha Rungta told The Register .
[4]
[5]
Security teams define corporate requirements and standards, then the agent conducts automated reviews to ensure these are being met. It also does on-demand penetration testing customized to organizations' applications and reports any security risks.
"The penetration testing agent creates a customized attack plan informed by the context it has learned from your security requirements, design documents, and source code, and dynamically adapts as it runs based on what it discovers, such as endpoints, status and error codes, and credentials," said Esra Kayabali, AWS senior solutions architect, in a blog shared with The Register ahead of publication.
[6]
This task alone can shave weeks or even months off applications' security validation processes, according to Rungta.
"Customers have told us that AWS Security Agent's on-demand penetration testing allows them to begin receiving results within hours compared to what would have taken weeks of scheduling and back-and-forth communication between teams," Rungta said.
"Others have told us that AWS Security Agent's design time findings helped them save significant development time and effort," she added. "Fixing design time issues before any code is written is painless, whereas it would have been extraordinarily painful had it been flagged by the application security team three months later."
[7]
AWS says that its Security Agent is more effective than static application security testing and dynamic application security testing tools because the agent is context-aware, meaning it understands the application's code and design, where it will run, and any company-specific security requirements.
Users can upload artifacts to provide context about their application being tested, Rungta explained. Plus, customers can give the agent access to their GitHub repositories for additional context in penetration testing, "to post comments on pull requests, and to submit pull requests with remediations for penetration test findings," she added.
Humans review these penetration test findings, along with all the design and code review, and can configure the security agent to either automatically submit pull requests with remediations based on these findings, or manually trigger pull requests after review.
[8]AWS goes full speed ahead on the AI agent train
[9]AI agents swarm Microsoft Security Copilot
[10]Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through
[11]Google DeepMind minds the patch with AI flaw-fixing scheme
While Amazon already [12]reportedly uses AI agents to proactively find security flaws and suggest fixes internally, it hasn't been as quick to roll out security-focused agents to customers as its cloud competitors.
Microsoft is arguably furthest along in this process of [13]task-specific agents and AI-infused security products with Redmond introducing 11 Security Copilot agents at a press event in March.
In August, it touted an autonomous AI agent prototype, called Project Ire, that Microsoft claims can [14]detect malware without human assistance . But in a real-world test of 4,000 "hard-target" files (these files weren't classified by automated systems and would otherwise be manually reviewed by human reverse engineers), the agent only detected 26 percent of all the malware.
Meanwhile, Google is also developing its own [15]security-minded AI agents including one that can triage security alerts by analyzing the context of each incident and give the humans in charge advice about which ones merit a response. Another one analyzes malware and determines the extent of the threat it poses.
Last month, the Chocolate Factory said yet another AI agent-powered security tool called CodeMender, which [16]automates patch creation , can identify the root cause of a vulnerability, then generate and review a working patch – but it still needs a human to sign off on the fix. ®
Get our [17]Tech Resources
[1] https://www.theregister.com/2025/07/17/aws_agentcore_ai/
[2] https://www.theregister.com/2025/04/23/agentic_ai_rsac/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/awsreinvent&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aS8bK5TZ3YjArxlsX-3stAAAAIU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/07/17/aws_agentcore_ai/
[9] https://www.theregister.com/2025/03/24/microsoft_security_copilot_agents/
[10] https://www.theregister.com/2025/08/06/microsofts_ai_agent_malware_detecting/
[11] https://www.theregister.com/2025/10/07/google_deepmind_patches_holes/
[12] https://www.wired.com/story/amazon-autonomous-threat-analysis
[13] https://www.theregister.com/2025/03/24/microsoft_security_copilot_agents/
[14] https://www.theregister.com/2025/08/06/microsofts_ai_agent_malware_detecting/
[15] https://www.theregister.com/2025/04/09/google_enterprise_security_ambitions/
[16] https://www.theregister.com/2025/10/07/google_deepmind_patches_holes/
[17] https://whitepapers.theregister.com/