AWS Security Agent FAQs

AWS Security Agent is a frontier agent that proactively secures your applications throughout the software development lifecycle. It conducts automated security reviews tailored to your organizational requirements and delivers context-aware penetration testing on demand. By continuously validating security from design to deployment, it helps prevent vulnerabilities early in development. 

With the pace of development accelerating through the integration of coding tools, customers need to prioritize proactive security. AWS Security Agent makes it possible for security teams to shift from reactive incident response to proactive risk prevention by providing always-available security guidance to every developer during development. While traditional "shift-left" approaches often burden developers with more security tasks, AWS Security Agent acts as an always-present AI-powered agent that proactively identifies risks, suggests secure patterns, and validates implementations. Security Agent conducts automated security reviews during design and coding phases that are tailored to your organization’s security requirements. When applications are ready for deployment, on-demand penetration testing helps prevent costly security issues before they reach production. Traditional penetration testing is time-consuming and expensive, limiting customers to test only their most critical applications periodically (annually or quarterly). AWS Security Agent provides on-demand testing that identifies legitimate vulnerabilities in the customer’s application by discovering and then verifying risks through exploits using the application context. This helps your team scale penetration testing across their application portfolio. It also suggests code fix to address findings and provides automated remediation, helping close the loop between identification and remediation of security risks faster. 

No. AWS Security Agent starts with the OWASP Top 10 but is customized by the context it learns about the customer’s application from their documents and code. AWS Security Agent adapts itself to the responses it gets back from building a custom attack plan for the customer’s application.

AWS Security Agent is free to use during the public preview period. 

Yes. Customers do need an AWS account to use AWS Security Agent. 

Once Security Agent is enabled, it can point to any application that is in AWS (private and public endpoints), on premises, hybrid, or in other cloud environments.

No. AWS Security Agent doesn’t use customer data for model training, and it doesn’t share customer data with third parties. 

All customer data is encrypted at rest using AWS KMS. 

Test logs are stored in CloudWatch in the customer’s account.

AWS Security Agent has built-in, flexible authentication through static credentials, IAM roles, API keys, and dynamic via services like AWS Secrets Manager or dynamically accessed credentials (through Lambdas), giving customers fine-grained access control through granular access management with strict permissions.