AWS is trying to solve two practical problems that keep AI agents from moving smoothly into production: weak business context and unresolved security risk. At the AWS Summit in New York, Amazon's cloud division introduced new services and updates designed to make agents better informed, better controlled, and less likely to push risky code into live systems.
The central additions are AWS Continuum and AWS Context. One focuses on the security lifecycle around code vulnerabilities. The other gives agents a shared knowledge layer built from enterprise data.
Why AWS is focusing on production readiness
AI agents can move quickly, but that speed creates pressure on the systems around them. AWS describes two major bottlenecks: agents often do not understand the business setting they are operating in, and security teams can struggle to keep pace with AI-generated code.
That combination matters because an agent may be technically capable of taking action while still missing the context needed to choose the right action. It may not know which data source is authoritative, which customer a table belongs to, or whether a system component is actually used in production.
Security creates a parallel problem. If AI tools produce more code changes, organizations also need faster ways to detect, prioritize, validate, and fix vulnerabilities. AWS Continuum is aimed at that workflow, while other updates to the AWS DevOps Agent add review and testing steps before code reaches production.
AWS Continuum targets the vulnerability backlog
AWS Continuum is a new service for managing code vulnerabilities from discovery through recommended fixes. It is initially available only to select pilot customers.
The service begins with known open vulnerabilities and can also scan for new ones. It then prioritizes issues using business context. That includes whether the affected component can be reached and whether it is actively used in production.
Continuum also tries to validate the risk before recommending action. In an isolated test environment, the service attempts to reproduce a successful attack. That step is meant to help separate false positives from issues that can actually be exploited.
Once a vulnerability is validated, Continuum can recommend specific responses. The source article lists examples such as a modified network config, an adjusted permission setting, or a code patch.
The service can use different frontier models depending on the task. It starts in a learning mode that requires human sign-off. As teams gain confidence, they can move to an enforcement mode where defined fixes are applied automatically.
A companion threat modeling tool is also part of the security push. It can generate overviews of possible attack scenarios from design documents or source code.
AWS Context gives agents a shared knowledge graph
AWS Context is designed to give agents a shared business memory. It automatically builds a knowledge graph from existing enterprise data and makes that graph available across an organization.
A knowledge graph connects individual pieces of information through relationships. For AI agents, that can help answer practical questions that are easy to mishandle without context: which table belongs to which customer, which system is the right source for a fact, and how business rules should shape a recommendation.
AWS Context derives these relationships from databases, documents, emails, and chat messages. It then layers in business rules and domain knowledge.
AWS argues that, without this layer, agents can too easily produce confident but incorrect recommendations. The point is not only to give agents more data, but to help them understand how that data fits together.
Context uses the same knowledge graph foundation as Amazon's AI assistant Quick. Metadata from connected sources is stored in AWS storage in an open table format, allowing customers to continue using existing tools. The service does not require a separate data pipeline.
Access control is built in. Agents can only reach information they are cleared to use. The service also learns from each query which sources produce reliable results, so later agents can benefit from earlier activity.
AI-generated code gets more checks before release
The AWS DevOps Agent is also gaining verification features during a test phase. These features are aimed at the growing amount of AI-generated code.
One feature, Release Readiness Review, checks every code change against production requirements. It also looks for dependencies that could create problems across repository boundaries. Teams can define the standards in plain language.
Findings appear as comments in GitHub or GitLab. They can also be accessed inside the development environment through a plugin for Kiro or Claude Code.
A second feature creates a test plan based on the specific code change and runs it in a production-like environment. That approach differs from relying only on a static test suite. The preview is initially available for free in the US East region.
The added testing layer follows reported incidents involving autonomous code changes at AWS itself. In February, reports said Amazon's AI coding tools were allegedly involved in at least two AWS outages. One was a 13-hour outage after Kiro decided to delete and rebuild an environment. After that, Amazon put an internal policy in place requiring experienced engineers to approve all AI-generated code.
Kiro and Bedrock AgentCore expand the agent stack
AWS is also bringing Kiro, its coding agent, to smartphones as a native iOS app. The sessions still run in a cloud environment, while the phone acts as a control surface.
From the mobile app, paying customers can start tasks, review code changes, and approve them. Identity, model settings, and connected repositories sync across the IDE, web, and mobile device.
Bedrock AgentCore is expanding as well. AWS's platform for production-ready agent operations is getting a managed knowledge base with connectors to S3, SharePoint, Confluence, and Google Drive, along with built-in web search.
Security filters are also being added through in-house integrations. Agent actions can be checked for manipulative prompts, malicious content, and data leaks. AWS also plans to fold in signals from third-party security providers including Check Point, Zscaler, Rubrik, Netskope, and SentinelOne.
Taken together, the announcements show AWS moving beyond agent demos and toward the controls that enterprises need for production use: context, access limits, vulnerability handling, release review, testing, and approval workflows.