AWS Security Agent FAQs

AWS Security Agent is a frontier agent that proactively secures your applications throughout the software development lifecycle. It conducts automated security reviews tailored to your organizational requirements and delivers context-aware penetration testing on demand. By continuously validating security from design to deployment, it helps prevent vulnerabilities early in development. 

With the pace of development accelerating through the integration of coding tools, customers need to prioritize proactive security. AWS Security Agent makes it possible for security teams to shift from reactive incident response to proactive risk prevention by providing always-available security guidance to every developer during development. While traditional "shift-left" approaches often burden developers with more security tasks, AWS Security Agent acts as an always-present AI-powered agent that proactively identifies risks, suggests secure patterns, and validates implementations. Security Agent conducts automated security reviews during design and coding phases that are tailored to your organization’s security requirements. When applications are ready for deployment, on-demand penetration testing helps prevent costly security issues before they reach production. Traditional penetration testing is time-consuming and expensive, limiting customers to test only their most critical applications periodically (annually or quarterly). AWS Security Agent provides on-demand testing that identifies legitimate vulnerabilities in the customer’s application by discovering and then verifying risks through exploits using the application context. This helps your team scale penetration testing across their application portfolio. It also suggests code fix to address findings and provides automated remediation, helping close the loop between identification and remediation of security risks faster. 

No. AWS Security Agent starts with the OWASP Top 10 but is customized by the context it learns about the customer’s application from their documents and code. AWS Security Agent adapts itself to the responses it gets back from building a custom attack plan for the customer’s application.

Yes. Customers do need an AWS account to use AWS Security Agent. 

Once Security Agent is enabled, it can point to any application that is in AWS (private and public endpoints), on premises, hybrid, or in other cloud environments.

No. AWS Security Agent doesn’t use customer data for model training, and it doesn’t share customer data with third parties. 

All customer data is encrypted at rest using AWS KMS. 

Test logs are stored in CloudWatch in the customer’s account.

AWS Security Agent has built-in, flexible authentication through static credentials, IAM roles, API keys, and dynamic via services like AWS Secrets Manager or dynamically accessed credentials (through Lambdas), giving customers fine-grained access control through granular access management with strict permissions.

AWS Security Agent penetration testing uses pay-as-you-go pricing billed at $50/task-hour. The service also offers a 2-month free trial. For more details, please refer to the pricing page. 

Yes. Customers who participated in the Public Preview are eligible for the 2-month free trial. The trial begins when you create your first penetration test run after general availability. Pricing details are available on the AWS Security Agent pricing page.

Yes, secure design and secure code review features are not billed. You continue to get up to 200 design reviews per account per month and 1,000 code reviews per account per month.