AWS Security Agent Levels Up: Threat Modeling, Kiro Power, and a Claude Code Plugin
Cloud security has always been a cat-and-mouse game — developers ship code fast, and security teams scramble to keep pace. AWS is changing that dynamic with a wave of new capabilities for AWS Security Agent, now part of the broader AWS Continuum platform. Since its debut at re:Invent 2025, the agent has evolved from a promising preview into a full-featured, AI-driven security companion that covers every phase of the software development lifecycle. From threat modeling during the design stage to real-time pull request scanning at the code review stage, these additions represent a serious step forward for teams looking to bake security into their workflows rather than bolt it on afterward.
A Quick Recap: What Is AWS Security Agent?
AWS Security Agent is a frontier AI agent designed to proactively secure your applications throughout the entire development lifecycle, spanning all of your environments. Unlike traditional security scanners that catch issues only after code has been deployed, AWS Security Agent operates continuously — identifying vulnerabilities, verifying exploitability through penetration testing, and surfacing remediation guidance before problems reach production.
Since the initial preview, AWS has already delivered general availability for on-demand penetration testing and launched a preview of full repository code review, which performs deep, context-aware security analysis across an entire codebase. The latest round of updates builds on that foundation with features driven directly by customer feedback.
What's New: A Feature-by-Feature Breakdown
Code Review Updates (Preview)
The code review capabilities in AWS Security Agent have received a meaningful upgrade. Teams can now take advantage of pull request scanning with remediation, which automatically reviews PRs as they are opened and flags security issues before they are merged into the main branch. This keeps the feedback loop tight and prevents vulnerabilities from compounding over time.
Also new are security requirements packs, which allow organizations to define and enforce their own security standards across codebases. Combined with simulated validation, teams can test whether remediation steps actually resolve an issue rather than simply trusting that they will.
On the integration front, AWS Security Agent now supports GitHub, GitLab, Bitbucket, and Confluence, making it far more accessible to development teams regardless of which source control or documentation platform they rely on. For most engineering organizations, at least one of these platforms is already at the center of their workflow, meaning adoption becomes a matter of configuration rather than migration.
Threat Modeling (Preview)
Perhaps the most strategically significant addition is threat modeling. This capability allows AWS Security Agent to analyze design documents or application source code and understand the full context of an application — its architecture, data flows, trust boundaries, and potential attack surfaces — before a single line of code goes to production.
Threat modeling has long been considered best practice in secure software development, but it has historically been manual, time-intensive, and dependent on specialized expertise. By automating this process with an AI agent that can interpret both technical diagrams and natural-language documentation, AWS is making threat modeling accessible to teams that previously lacked the bandwidth or know-how to perform it consistently.
The agent generates structured threat reports that map identified risks to mitigation strategies, giving architects and engineers a concrete starting point for hardening their designs. When threat modeling is embedded in the design phase rather than discovered during a post-deployment audit, the cost of fixing issues drops dramatically.
Kiro IDE Integration
AWS Security Agent now integrates with Kiro, AWS's AI-powered integrated development environment. This integration brings security intelligence directly into the developer's primary workspace, making it possible to surface security feedback without ever leaving the editor. Developers can trigger security scans, review findings, and apply suggested fixes all from within Kiro, reducing context-switching and making secure coding a natural part of the development rhythm rather than an interruption to it.
The Kiro integration reflects a broader industry trend toward shifting security left — not just earlier in the pipeline, but deeper into the tools that developers already use every day. When security is visible at the point of code creation, it becomes a first-class concern rather than an afterthought.
Claude Code Plugin
For teams working with Claude Code, Anthropic's AI coding assistant, AWS Security Agent now offers a dedicated plugin. This integration enables Claude Code users to invoke AWS Security Agent capabilities directly from their agentic coding sessions, creating a tightly coupled loop between code generation and security analysis. As AI-assisted coding becomes more common, having a security layer that operates at the same speed and in the same context as the AI generating the code is increasingly important.
Why This Matters for DevSecOps Teams
The cumulative effect of these updates is a security agent that now spans the full software development lifecycle more comprehensively than before. Threat modeling addresses the design phase. Pull request scanning and full repository code review cover the development and review phases. On-demand penetration testing handles runtime validation. And integrations with GitHub, GitLab, Bitbucket, Confluence, Kiro, and Claude Code ensure that these capabilities meet developers where they already work.
For organizations pursuing a DevSecOps approach, this kind of continuous, automated, context-aware security coverage is exactly the infrastructure needed to keep pace with modern release cadences without sacrificing security posture. Manual security reviews simply cannot scale alongside agile development; AI-driven agents like AWS Security Agent can.
Getting Started
AWS Security Agent is available now as part of AWS Continuum. On-demand penetration testing is generally available, while threat modeling, pull request scanning, and the new IDE integrations are currently in preview. Teams interested in exploring these capabilities can visit the AWS Security Agent product page to learn more, request access to preview features, and review the documentation for integrating with their existing development tools and platforms.
As AI continues to reshape how software is built, AWS is making a clear bet that it also needs to reshape how software is secured — proactively, continuously, and from the very first line of design.