AWS Launches New Services to Solve AI Agent Security and Context Gaps

As enterprises race to deploy autonomous AI agents, they are hitting two massive walls: a lack of business intelligence and escalating security vulnerabilities. Amazon Web Services (AWS) has unveiled a strategic suite of tools designed to transform experimental AI into production-ready assets by bridging these critical gaps.

AWS Continuum: Automating the Security Lifecycle

The rapid pace of AI-generated code has outstripped traditional security defenses, creating a backlog of vulnerabilities that humans cannot manually triage fast enough. To combat this, AWS introduced AWS Continuum, a service designed to manage the full lifecycle of code vulnerabilities—from detection and prioritization to validation and remediation.

Unlike static scanners, Continuum leverages specialized frontier models, such as Anthropic’s Claude Mythos, to identify attack paths at machine speed. The service goes beyond simple alerts by ranking risks based on business impact: it asks whether a component is actively used in production or if the vulnerability is even reachable. During the validation phase, Continuum replicates potential attacks in isolated environments to eliminate false positives before suggesting specific countermeasures, such as code patches or modified network configurations. Currently in a pilot phase, the service allows teams to transition from a "learning mode" requiring human sign-off to an "enforcement mode" where fixes are applied autonomously.

AWS Context: Building the Enterprise Knowledge Graph

The second major hurdle for AI agents is "hallucination" caused by a lack of organizational awareness. Without a map of how data relates to business logic, agents often provide confident but incorrect answers. AWS Context solves this by automatically constructing a knowledge graph from an enterprise's existing data silos.

By indexing documents, images, audio, and videos from S3 data lakes, databases, and SaaS applications via the AWS Glue Data Catalog, AWS Context creates a network of relationships. This allows an agent to understand, for example, which specific database table belongs to a particular customer. Because it uses an open table format, businesses can integrate this context without building expensive new data pipelines. Furthermore, built-in access controls ensure that agents strictly adhere to existing permission frameworks, accessing only the data they are authorized to see.

Strengthening the DevOps Pipeline and Agent Operations

AWS is also addressing the risks of autonomous code changes, following reports of AI-driven outages within its own infrastructure. The AWS DevOps Agent is receiving new "Release Readiness Review" capabilities, allowing it to check code against production requirements and dependencies. These findings are pushed directly into GitHub or GitLab, providing a seamless workflow for developers.

On the orchestration side, Bedrock AgentCore is expanding its capabilities with managed knowledge bases and connectors for SharePoint, Confluence, and Google Drive. To ensure safety, AWS is integrating security filters to detect manipulative prompts and data leaks, with plans to incorporate signals from third-party providers like Zscaler, Check Point, and SentinelOne.

Key Takeaways

• Automated Remediation: AWS Continuum uses frontier models to prioritize and validate code vulnerabilities, moving from manual detection to autonomous enforcement.
• Relational Intelligence: AWS Context provides agents with a business-aware knowledge graph, reducing hallucinations by linking disparate data sources.
• Enterprise-Grade Safety: New integrations within Bedrock AgentCore and DevOps Agent aim to prevent AI-driven outages through rigorous readiness reviews and third-party security signals.