AWS introduces border agents to assess cloud security and performance

I'm excited to announce that AWS on-demand penetration testing and the AWS DevOps Agent are now generally available, representing a new class of AI capabilities that we announced at re:Invent called frontier agents. These autonomous systems work autonomously to achieve goals, scale up to perform concurrent tasks, and work persistently for hours or days without constant human supervision. Together, these agents are changing the way we protect and use software. In previews, customers and partners report that AWS Security Agent compresses penetration testing times from weeks to hours and AWS DevOps Agent supports 3–5x faster incident remediation.

What makes border agents different?

Unlike traditional AI assistants that help with individual tasks, border agents act as extensions of your team, delivering holistic results. They don't just respond to information—they work independently to solve complex problems, make multi-step decisions, and work continuously to achieve their goals. These are not tools that need regular maintenance. Intelligent systems understand context, think about problems, and take action—transforming the way organizations approach application security and operational excellence.

AWS Security Agent: Reduce penetration testing from weeks to hours

AWS Security Agent transforms penetration testing from occasional blocking to on-demand capability. Many organizations limit manual penetration testing to their most critical systems due to time and cost issues, which can leave much of their portfolio exposed between tests. AWS Security Agent changes this by delivering automated penetration testing that works 24/7 at a fraction of the cost, allowing you to test all your applications whenever you need to.

AWS Security Agent acts as a human penetration tester—it identifies potential vulnerabilities, attempts exploits with targeted payloads and attack chains, and verifies that they are legitimate security risks. By entering your source code, architecture, and documentation, it understands how your application was designed and built to identify how individual vulnerabilities connect to more complex attack chains that traditional scanners miss. Bamboo Health said, “AWS Security Agent revealed findings that no other tool could detect.” HENNGE KK shared that “this allows us to accelerate our security lifecycle rapidly, reducing the duration of testing by 90%.” Customers detect security risks while dramatically reducing test times.

“I'm excited about how a frontier agent like AWS Security Agent is transforming critical workflows for our customers. They're able to reduce penetration testing time from weeks to hours, while uncovering critical vulnerabilities that traditional scanners miss” said Amy Herzog, Vice President and CISO, AWS. “We use Security Agent ourselves at AWS. This is a great example of AI becoming an independent partner to deliver comprehensive, continuous security.”

Read more in our announcement today.

AWS DevOps Agent: Automated efficiency across multiple cloud environments

AWS DevOps Agent is your always-available operations team that proactively resolves and prevents incidents, improves application reliability and performance, and handles on-demand SRE tasks across AWS, multicloud, and on-premises environments. When incidents occur, it independently investigates root causes by correlating telemetry, code, and application data across your entire stack—whether your applications are in AWS, Azure, hybrid, or on-prem. Works with your visualization tools (including CloudWatch, Datadog, Dynatrace, New Relic, Splunk, Grafana), runbooks, code repositories (GitHub, GitLab, Azure DevOps), and CI/CD pipelines just like an experienced DevOps developer would.

For work teams, this means faster incident resolution and improved productivity. Customers and partners using AWS DevOps Agent in previews report up to 75% lower MTTR, 80% faster investigations, and 94% root cause accuracy, supporting 3–5x faster incident resolution. The agent provides detailed mitigation plans tailored to the agent, learns from historical patterns to deliver targeted recommendations that strengthen visibility and system resilience, and builds a comprehensive understanding through automated application discovery and dynamic topology mapping across diverse operating environments. A DevOps agent independently captures a live incident and traces it back to a direct code or deployment change. Working together, with tools like Kiro and Claude Code, the DevOps Agent can generate proven fixes that can be applied back into the system.

Western Governor's University (WGU), a leading online university serving more than 191,000 students, was among the first organizations to put Amazon DevOps Agent into production, doing so even before the preview launch at re:Invent. During a recent production investigation, WGU's SRE team used DevOps Agent to analyze a service disruption scenario, reducing total resolution time from an average of two hours to just 28 minutes—a 77% improvement in MTTR. The agent quickly identified the root cause in the configuration of an AWS Lambda function, revealing critical performance information that was only available in undiscovered internal scripts.

Read more in our announcement today.

Why border agents are important

These agents exhibit three characteristics that define frontier agents: they work independently to achieve multi-step goals, they are highly scalable to handle similar tasks across your portfolio, and they work persistently for hours or days to complete complex workflows from start to finish.

This means helping security teams move from periodic testing of critical applications to continuous, comprehensive testing of everything. This means helping operational teams move from firefighting to functional system development. Both agents increase what your team can accomplish, managing complex tasks that used to require significant human time and expertise.

AWS Security Agent and AWS DevOps Agent are just the beginning. As we continue to develop frontier agents and tools to build your own frontier agents, we focus on making these systems more powerful, efficient, and reliable. These border agents represent a new way of working—where AI systems act as true extensions of your team, fully managing specific tasks while you focus on what's most strategically important.

To get started, visit AWS Security Agent and AWS DevOps Agent to learn more.

The frontier of AI agents is here. Let's build the future together.

About the author

Swami Sivasubramanian is the Vice President of Agent AI at Amazon Web Services (AWS). At AWS, Swami has led the development and growth of leading AI services such as Amazon DynamoDB, Amazon SageMaker, Amazon Bedrock, and Amazon Q. His team's mission is to provide the scale, flexibility, and value that customers and partners need to confidently innovate using agent AI and build agents that are not only powerful and efficient, but also trustworthy and responsible. Swami also served from May 2022 to May 2025 as a member of the National Intelligence Advisory Committee, which was tasked with advising the President of the United States and the Office of the National AI Initiative on topics related to the National AI Initiative.