Source-led article
AWS Bolsters AI Agent Security and Business Context with New Services
Amazon Web Services (AWS) has introduced two new services, AWS Continuum and AWS Context, designed to enhance the security and business relevance of AI agents in enterprise environments. Announced at the AWS Summit in New York, these offerings directly confront the challenges of deploying AI agents that can generate code rapidly but often lack critical business understanding and present security risks.
Key facts
| Feature | Description |
|---|---|
| AWS Continuum | Detects, prioritizes, and fixes code vulnerabilities using specialized AI models. |
| AWS Context | Builds a knowledge graph from corporate data to provide AI agents with specific business context. |
| Target Problem | AI agents generating code quickly but lacking accuracy and often introducing security flaws. |
| Availability | Continuum initially for select pilot customers; Context for general use. |
Addressing Security Vulnerabilities with Continuum
AWS Continuum focuses on the full lifecycle of code vulnerability management. This service is engineered to detect, prioritize, validate, and recommend fixes for security flaws in code. It is initially available to a select group of pilot customers. AWS highlights that specialized security models, such as Anthropic’s Claude Mythos, are key to Continuum’s capabilities, allowing it to identify vulnerabilities and potential attack paths much faster than traditional security methods.
Continuum operates by scanning for new vulnerabilities while also processing existing lists of open issues. It then ranks these findings based on business context, assessing factors like whether an affected component is actively used in production or even reachable. For validation, the service attempts to replicate successful attacks in isolated test environments to distinguish true risks from false positives. Following validation, it suggests specific countermeasures, which can range from network configuration adjustments to code patches. The service utilizes different frontier models depending on the task and can automate vulnerability handling, beginning in a learning mode that requires human oversight before transitioning to an enforcement mode for automated fixes. A companion threat modeling tool also generates overviews of possible attack scenarios from design documents or source code.
Enhancing Business Context with AWS Context
AWS Context aims to bridge the gap in business understanding for AI agents by automatically building a knowledge graph from existing enterprise data. This knowledge graph connects individual data points, allowing AI agents to understand relationships, such as which data tables belong to specific customers or which sources are authoritative for particular pieces of information. The service derives these relationships from various enterprise data sources, including databases, documents, emails, and chat messages, then integrates business rules and domain knowledge.
AWS argues that without this contextual layer, AI agents are prone to making confident but incorrect recommendations. Context is built on the same knowledge graph foundation as Amazon’s AI assistant Quick. Metadata from connected sources is stored in AWS storage using an open table format, enabling customers to continue using their existing tools without needing to set up separate data pipelines. Built-in access controls ensure agents only access authorized information. Furthermore, the service learns from each query, identifying reliable sources, which benefits subsequent agent interactions.
Implications for AI-Generated Code and DevOps
These new services come as the volume of AI-generated code continues to grow, presenting both opportunities and challenges for software development and operations. The AWS DevOps Agent is also gaining new features to address this. A Release Readiness Review feature allows the agent to check code changes against production requirements and identify dependencies across repositories. Teams can define underlying standards in plain language, with findings appearing as comments in GitHub or GitLab, accessible via plugins for Kiro or Claude Code.
A second feature derives a test plan directly from specific code changes and executes it in a production-like environment, moving beyond static test suites. This addresses concerns following reported incidents where autonomous code changes at AWS itself led to outages, including a 13-hour outage attributed to Kiro. These incidents prompted an internal AWS policy requiring experienced engineers to approve all AI-generated code.
AWS is also extending its coding agent, Kiro, to smartphones as a native iOS app, allowing users to control tasks, review code changes, and approve them from a mobile device, with sessions running in the cloud. Identity, model settings, and connected repositories synchronize across IDE, web, and mobile platforms for paying customers.
Furthermore, Bedrock AgentCore, AWS’s platform for production-ready agent operations, is receiving a managed knowledge base with connectors to popular platforms like S3, SharePoint, Confluence, and Google Drive, along with built-in web search. Integration with in-house security filters will monitor agent actions for manipulative prompts, malicious content, and data leaks, with future plans to incorporate signals from third-party security providers.
These developments from AWS are crucial for businesses in India and globally that are increasingly adopting AI agents for various tasks, particularly in software development and data analysis. Ensuring the security and contextual accuracy of these agents is paramount for their reliable and effective deployment in production environments.
Source: The Decoder, https://the-decoder.com/aws-says-ai-agents-lack-business-context-and-security-launches-two-services-to-patch-the-gaps/