Security at re:Invent 2025: AWS leverages its strengths for agentic AI

Two years ago, major AWS competitors seemed to have an edge in either building their own generative AI models or launching exclusive partnerships with foundation model builders. In 2025, AWS asserted its own claim to dominance, playing to its strengths in a sweeping set of largely agent-centric announcements that capitalize on the appeal of its platform for builders. At its annual re:Invent user conference, AWS offered a broad spectrum of initiatives and capabilities to enable its many customers to execute on their agentic strategies.

While re:Inforce may be the primary AWS venue for its security initiatives, re:Invent content is a must-know for security teams, and not just because of the many security announcements made at the event. AWS' broader strategic moves showcased at re:Invent often have a direct impact on security. In this report, we take a look at security highlights from re:Invent 2025, as well as the security implications of a pair of (in our view) more strategic announcements made at the event — including one that acknowledges that multicloud is no longer "verbum non gratum" among cloud service providers (CSPs).

Security highlights

At re:Invent 2025, AWS security, identity and compliance teams put forward a set of updates that reflect AWS' continuing push toward proactive application security, broader workload threat visibility, tighter identity policy automation, and unified, prioritized risk insights for enterprise defenders. These announcements signal both incremental maturity in core cloud protection and a renewed emphasis on operational simplification through automation and tooling.

AWS introduced the AWS Security Agent in preview, positioning it as a proactive security companion spanning the application development life cycle. This agent leverages contextual understanding of an application's architecture and security requirements to offer automated design reviews, code analysis and contextual penetration testing tailored to unique organizational environments. The alignment of AI strategy with security automation is a primary venue for proving agentic value, and application security testing has become a focus of implementation. By embedding security earlier in the software delivery pipeline, the company is also aligning its agentic strategy with the industry trend toward "shift left" security and continuous assurance, capitalizing on the many developers and operations teams deploying on AWS and offering application-aware feedback. A complement to this initiative is the AWS DevOps Agent, which was also introduced in preview for similar functionality, targeting performance and reliability priorities for developers and IT operations teams. As with many AI-assisted tools, however, teams will need to validate that an agent's findings are sufficiently accurate and actionable for production-critical applications.

The scope of threat detection for Amazon GuardDuty with Extended Threat Detection was expanded to virtual machines (EC2) and containers (ECS). Previously, GuardDuty's advanced detection features were more focused on managed and container-oriented workloads. The extension now enables unified visibility across virtual machine and container environments, offering security teams correlated insights into complex, multi-stage attacks that might traverse different compute boundaries. For security operations teams, this enhancement addresses a common blind spot where threats pivot between compute layers, making it easier to detect attack sequences rather than isolated indicators. This extended detection capability improves enterprise readiness against sophisticated adversaries targeting hybrid cloud workloads.

The general availability of near-real-time analytics and risk prioritization in AWS Security Hub was also introduced. While Security Hub previously aggregated findings from various AWS security services into a central dashboard, this iteration advances the product into a risk prioritization engine that correlates signals from GuardDuty, Amazon Inspector (vulnerabilities), Security Hub CSPM (misconfigurations) and Macie (data risks). Key capabilities include near-real-time exposure calculations, enabling faster operational response; automated correlation of threats, vulnerabilities and misconfigurations; a unified view of risk across accounts and AWS Organizations; and streamlined, resource-based pricing with a cost estimator for forecasting. For enterprise defenders, this means fewer disconnected alerts and more contextual risk insights tied to affected resources and threat trends — an important step toward actionable cloud risk intelligence rather than raw event noise.

In identity and access management, AWS unveiled IAM Policy Autopilot, an open-source MCP (Model Context Protocol)-based tool designed to simplify the creation of AWS identity and access management policies. By analyzing application code, this tool generates initial identity policies that reflect actual AWS API usage patterns detected in codebases. When combined with AI coding assistants, Policy Autopilot can reduce the time developers spend manually authoring and debugging permissions and help accelerate a shift to least-privilege access models. From a governance standpoint, this announcement underscores AWS' recognition that identity misconfigurations remain a leading source of cloud security risk — especially in large, dynamic environments with frequent code changes.

Broader announcements with security impact

Among the more strategic announcements relevant to security at re:Invent were new policy and evaluation capabilities in Amazon Bedrock AgentCore. Made generally available in October 2025, AgentCore provides a foundational runtime and governance layer for building, operating and securing agentic AI systems in AWS at enterprise scale. Its core value lies in abstracting many of the most challenging aspects of agent deployment and administration — such as state management, orchestration, tool execution, identity, observability and policy enforcement — into managed services tightly integrated with the AWS ecosystem. For security, AgentCore embeds identity, authorization, auditability and policy controls aligned with AWS' security model, making agents more viable in regulated and production environments. Now available in preview are added policy capabilities for simplifying policy creation and management in lateral language for automated implementation in Cedar, the policy language and authorization engine first introduced by AWS in 2023 for implementing fine-grain permissions and readily understood policies that decouple priorities such as access control from application logic. The addition of these policy features helps to keep agent workflows responsive with near-real-time policy checks, helping to ensure that agents stay within expected actions with policies deployed outside an agent's code base.

AgentCore Evaluations was also introduced in preview, enabling the analysis of a range of agent behavior, from correctness and helpfulness to safety and more, including unexpected or unauthorized behaviors that could expose security risks. The intent is to catch issues before they result in significant impact, reducing manual effort while enabling the creation of custom evaluators with a customer's preferred models and prompts.

The introduction of AWS Interconnect - multicloud included some provocative security prospects. As the name suggests, Interconnect - multicloud simplifies connectivity between AWS and other CSPs, with Google Cloud the introductory provider (Cross-Cloud Network) and Microsoft Corp. (Azure) expected to follow. The new capability offers managed private, resilient high-speed connections with dedicated bandwidth between Amazon VPCs (Virtual Private Clouds) and other cloud environments, leveraging open specifications and links between CSP routers that are MACsec-encrypted by default.

Those surprised by the appearance of "the M word" in AWS branding should recognize that AWS has long understood that the competitive strength of CSP services depends on meeting a comprehensive range of customer needs. At the dawn of an era in which high-performance, low-latency integrations across cloud services have become critical — particularly when so many applications increasingly rely on AI deployments, often hosted by third parties — such capability could hardly be more important.

As such, Interconnect - multicloud represents yet another manifestation of a pattern we have called an "exosystem," where third-party providers offer high-performance connectivity complemented by value-added capabilities enterprises increasingly regard as critical to integrate and secure their own assets, but which may be better provided via networks external to the customer's own. In the case of Interconnect - multicloud, those value-added capabilities include AWS networking services that complement Amazon VPCs, such as AWS Transit Gateway and AWS Cloud WAN.

Given the scope, scale and wide distribution of AI deployments on which organizations have increasing dependence, this third-party capability becomes increasingly valuable. The pattern offers high potential for security capabilities as well, which means we can expect to see more such offerings among a variety of providers, from CSPs to telcos, systems integrators and other interconnect providers — and for this reason, we have called it out as one of our expected 2026 Trends in Information Security.

Competitive distinctions

AWS' major CSP competitors have their own distinctions in AI strategy. But in security, compared with Microsoft and Google LLC, AWS typically does not sell directly into the security market except by enabling initiatives such as AWS Marketplace or Amazon Security Lake. Its offerings almost universally have the distinction of focusing primarily on securing its customers' AWS assets.

This, however, makes for an interesting complement in security for AWS' AI enablement strategy for builders. If those builders deploy a significant share of their AI investments on AWS, AWS' security initiatives have the opportunity to become a key enabler for Amazon.com Inc.'s AI success. At a time when many are under the gun to show return on investment for lavish AI expenditures, this may be more valuable to AWS than taking on competitors' challenging security pure plays on their own turf.