Stephen Finn - stock.adobe.com
AWS targets vulnerable code with security agent
At AWS re:Invent 2025, the cloud giant unveiled a security agent designed to bridge the gap between development speed and security validation, along with the general availability of Security Hub analytics
Amazon Web Services (AWS) has announced a major expansion of its automated security capabilities, including a new tool capable of performing context-aware penetration testing without human intervention.
Unveiled at the AWS re:Invent 2025 conference in Las Vegas today, the updates are aimed at addressing the widening gap between the frequency of software releases and the ability of security teams to validate them. Leading the announcements is the current preview of AWS Security Agent, a tool designed to secure applications continuously from design to deployment.
Melinda Marks, practice director for cyber security at Omdia, noted that with traditional testing methods, such as static application security testing (SAST) and dynamic application security testing, developers may get alerts of security issues but not understand how to prioritise remediation in time to release the application or prevent an incident.
To address such challenges, AWS’s security agent has been touted to understand the design, code and security requirements of a workload. It can continuously scan for security violations, conduct on-demand penetration tests and create a customised attack plan to expose vulnerabilities before an application reaches production.
“Organisations will need a solution addressing the full lifecycle, with runtime context contributing to early-stage development to mitigate risks,” Marks said. “The security agent can tie security together for the entire software development lifecycle to help developers efficiently build secure applications, driving needed remediation throughout.”
One of the first organisations to deploy the AWS Security Agent was the photography platform SmugMug. The company’s senior director of product engineering, Erik Giberti, said the agent has enabled it to conduct penetration tests that complete in hours rather than days, at a fraction of manual testing costs.
“We can now assess our services more frequently, dramatically decreasing the time to identify and address issues earlier in the software development lifecycle,” he added.
Besides the new agent, AWS announced the general availability of enhanced capabilities for AWS Security Hub, originally previewed at the AWS re:Inforce security conference earlier this year.
The update provides security operations centres (SOCs) with near-real-time analytics and risk prioritisation. The service now aggregates and correlates signals from various AWS tools, such as Amazon GuardDuty, Amazon Inspector and Amazon Macie, to reduce the “swivel chair” effect of managing multiple consoles.
Another key addition to Security Hub is a historical trend feature that lets security teams access up to a year of data regarding findings and resources. This will enable them to track whether their security posture is improving or degrading over time via a summary dashboard.
Rounding out the security updates is the Amazon GuardDuty Extended Threat Detection service, which now includes support for Amazon Elastic Compute Cloud (EC2) instances and Amazon Elastic Container Service (ECS) tasks, using machine learning to detect complex, multistage attack sequences.
While previous iterations of GuardDuty covered Identity and Access Management (IAM), Simple Storage Service (S3), and Elastic Kubernetes Service (EKS), the expansion to EC2 and ECS correlates signals across virtual machines and container environments to provide high-fidelity findings that would be difficult for analysts to infer from individual alerts manually.
According to Marks’ latest research, The state of cloud security, 73% of organisations prefer to tap security features from cloud service providers (CSPs), with 67% citing optimisation with the platform as the primary reason. However, she noted that while tools like the Security Hub are powerful for organisations standardised on AWS, the reality of modern infrastructure is often more complex.
“Our study showed only 8% use only one CSP,” said Marks. “If an organisation is standardised on AWS, they can use Security Hub to manage their security posture, but for organisations using other cloud services who need to manage the security posture of workloads across cloud and on-premises environments, they should look to AWS partner solutions that are integrated with AWS features and capabilities.”
Omdia is a division of Informa TechTarget.
Read more about cyber security in APAC
- Nikkei has confirmed a major data breach that potentially exposed the personal information of more than 17,000 employees and business partners after hackers infiltrated its internal Slack messaging platform.
- Australian privacy commissioner warns that the human factor is a growing threat as notifications caused by staff mistakes rose significantly even as total breaches declined 10% from a record high.
- Philippine bank BDO is shoring up its cyber security capabilities to protect its data and systems as it moves more services to the cloud and expands its physical presence into remote areas of the archipelago.
- AI agents require standardised guidelines, clear human responsibility and a shared language between developers and policymakers to be secure and trusted, experts say.
