AWS Security Agent Is Evolving Fast — Here's Everything New
When AWS previewed the AWS Security Agent at re:Invent 2025, the cloud community took notice. Positioned as a frontier AI agent capable of proactively securing applications throughout the entire development lifecycle, it promised something developers and security teams had long wanted: automated, intelligent security coverage from design all the way through to deployment. Now, AWS is doubling down on that promise with a wave of new features that significantly expand the agent's capabilities — including threat modeling, integrations with Kiro IDE, a Claude Code plugin, and much more.
If you're working in cloud security, DevSecOps, or application development on AWS, these updates are worth paying close attention to.
A Quick Recap: What Is AWS Security Agent?
AWS Security Agent is part of AWS Continuum, Amazon's broader platform for continuous application security. At its core, the agent performs on-demand penetration testing tailored to your specific application — not generic scans, but deep, contextual testing that verifies actual exploitability. Since its preview launch, AWS has already rolled out general availability for on-demand penetration testing and introduced a preview of full repository code review, which conducts context-aware security analysis across your entire codebase.
The latest round of updates builds significantly on that foundation, introducing features that address real pain points in the software development lifecycle.
Code Review Gets a Major Upgrade
The code review capabilities in AWS Security Agent, currently in preview, have been substantially enhanced. Three major additions make the feature far more practical for engineering teams at scale.
- Pull request scanning with remediation: Developers can now trigger automated security scans directly on pull requests, with the agent not only identifying vulnerabilities but also suggesting remediation steps — keeping security embedded right in the development workflow rather than bolted on afterward.
- Security requirements packs: Teams can apply predefined or custom security requirements to their code review process, ensuring that compliance and security standards are consistently enforced across every review cycle.
- Simulated validation: The agent can simulate attack scenarios against identified vulnerabilities to validate whether they represent real exploitable risks, reducing false positives and helping developers prioritize what actually needs fixing.
New platform integrations round out the code review updates, with support now extending to GitHub, GitLab, Bitbucket, and Confluence. This means teams don't need to change their existing workflows — AWS Security Agent slots directly into the tools they already use every day.
Threat Modeling Is Now Built In
Perhaps the most strategically significant addition is the introduction of threat modeling, also currently in preview. This capability addresses security at its earliest and most impactful stage: the design phase.
AWS Security Agent can now analyze design documents or application source code to build a comprehensive understanding of what the application does, how data flows through it, and what trust boundaries exist. From there, it generates a structured threat model that identifies potential attack vectors, weak points in the architecture, and security concerns that should be addressed before a single line of production code is written.
This is a game-changer for organizations practicing secure-by-design principles. Rather than discovering architectural vulnerabilities during penetration testing or — worse — after a breach, teams can surface and address fundamental security issues while changes are still cheap and easy to make. Threat modeling has historically been a time-consuming, expert-driven process; AWS Security Agent makes it accessible and repeatable at scale.
Kiro IDE Integration Brings Security Into the Developer's Environment
AWS has also announced integration with Kiro, AWS's AI-powered integrated development environment. This integration means developers working inside Kiro can access AWS Security Agent capabilities directly from their coding environment, without needing to context-switch to a separate security tool or console.
By embedding security intelligence into the IDE, AWS is reinforcing the shift-left security philosophy: catch problems earlier, fix them faster, and make security a natural part of how developers work rather than an external checkpoint. The Kiro integration is particularly relevant for teams already investing in AWS's developer tooling ecosystem, as it creates a seamless experience from code writing through security validation.
A Claude Code Plugin for AI-Assisted Secure Development
In another forward-looking addition, AWS Security Agent now supports a Claude Code plugin. Claude Code, Anthropic's agentic coding tool, is increasingly popular among developers who use AI to write, refactor, and review code. With this plugin, Claude Code users can bring AWS Security Agent's analysis capabilities directly into their AI-assisted coding workflows.
This means that as developers leverage Claude Code to generate or modify code, they can also invoke security analysis on that output — creating a tighter feedback loop between AI-generated code and security validation. It's a practical acknowledgment that as AI-written code becomes more prevalent, the tools that secure that code need to keep pace.
Why These Updates Matter for Cloud Security Strategy
Taken together, these additions represent a coherent and ambitious vision: security that follows the application everywhere, from a whiteboard architecture sketch all the way through pull requests, code merges, and live deployments. The combination of threat modeling, PR-level scanning, IDE integration, and AI coding tool support means AWS Security Agent is no longer just a penetration testing service — it's becoming a continuous security partner embedded across the entire software development lifecycle.
For organizations that struggle with the traditional separation between development speed and security rigor, AWS Security Agent's expanding feature set offers a compelling path forward. The integrations with widely used platforms like GitHub, GitLab, and Bitbucket also lower the barrier to adoption, since teams don't need to overhaul existing processes to benefit.
Getting Started with the Latest Features
The new threat modeling capability, updated code review features, Kiro integration, and Claude Code plugin are currently available in preview. Organizations already using AWS Security Agent can begin exploring these features through the AWS Management Console, while those new to the service can learn more through the AWS Security Agent product page and AWS Continuum documentation.
As AWS continues to iterate rapidly on this platform, teams that adopt and integrate these capabilities early will be better positioned to build applications that are secure by default — not just secure by luck. In an environment where the cost and frequency of security incidents continue to rise, that's an advantage worth pursuing.