Dive Brief:
- AWS unveiled an automated security operations platform on Wednesday at its annual New York City summit, now available in preview. The Continuum platform unifies continuous threat modeling, code vulnerability monitoring and automated security patches to fix problems before attackers can use them, according to the company.
- The hyperscaler also launched continuous modernization capabilities for AWS Transform, its legacy application modernization tool, and updated its Amazon Q AI assistant with an iOS app and autonomous agent capabilities. The moves are part of what the company calls a push for "continuity," where AI agents maintain context and work independently toward goals rather than completing isolated tasks.
- AWS wants agents that remember and automation that acts, Matt Wood, chief AI and technology officer at AWS, said during a Tuesday briefing. “An agent is at its most useful when it understands where it has been and what progress has been made towards a particular problem, task, or outcome. Whilst the agent intelligence can be tokenized, the continuity typically has to be engineered.”
Dive Insight:
AWS is betting that recent breakthroughs in AI capabilities will enable autonomous agents to prevent security breaches rather than just detect them.
Wood said several technical breakthroughs are driving the increased focus on continuity, including improvements in multimodal reasoning, longer-term AI planning, and deterministic controls that give users a better view of what AI agents can and cannot do.
“It is super clear that there's been a step function increase in cybersecurity capabilities of large language models in the past three or four months,” Wood said. “As a result, we are expanding materially the security capabilities available to customers."
Continuum expands on the AWS Security Agent the company unveiled last year, incorporating its penetration testing and code scanning capabilities under the Continuum brand.
“This is a new set of services, which provide end-to-end continual testing, and allow you to shift the majority of your security scanning, vulnerability management and patching as early into the software development process as possible,” Wood said. “That makes it much less likely for bugs to appear in the wild in a way that they can be exploited by others."
As cyberthreats grow in complexity and frequency, accelerated by generative AI, worldwide security spending is expected to reach $377 billion in 2028, according to an IDC report. AI coding assistants are opening vulnerabilities faster than companies can write rules to manage them, app security vendor Checkmarx found in a recent study.
The Continuum platform provides application architecture threat modeling via a coding assistant or AI-powered IDE. It also monitors coding in four phases: discovery, where it ingests existing vulnerability backlogs and scans environments; prioritization, where it evaluates business impact and whether a flaw can be reached; validation, where it constructs working exploits in sandboxed environments to confirm real vulnerabilities; and mitigation and remediation, where it recommends network changes, policy updates or code patches.
Existing AI security tools can generate thousands of potential vulnerabilities without clear prioritization. Wood said AWS Continuum addresses the “overwhelming deluge” of information standard agents can throw out.
To build trust, AWS Continuum starts in “learn mode” with human oversight of every recommendation. Organizations can graduate to “enforce mode” for more automated remediation, according to the company.
"We're moving out of the era of doing the same, but better, into an era where most organizations aren't just focused on efficiency, although that's where many stop,” Wood said. “They’re actually focused on using technology to completely reinvent the function, reinvent products, a new product category, or an entire organization.”
