AWS Unveils New AI Agents for Software Development and Security

Re:Invent Amazon is all-in on agentic AI when it comes to software development, and it sincerely hopes you are too, based on Tuesday's AWS re:Invent keynote.

AWS chief Matt Garman announced a trio of new "frontier agents" with a software development focus on stage in Las Vegas on Tuesday morning: One that makes its Kiro agentic AI IDE more autonomous, another it says will make DevOps a less daunting process, and a third that focuses on securing code across the development lifecycle.

AWS claims the vibe coding IDE Kiro is designed to avoid all the pitfalls of letting AI do your development, like surprise drive deletions and database wipeouts . Users will have to put a lot of trust in those claims.

Aside from those worst-case scenarios, AWS is fully aware that AI coding tools have "introduced new friction" into developers' workloads.

"You can find yourself acting as the human 'thread' that holds work together," AWS said, describing scenarios like contextualizing tasks, manually coordinating cross-repository changes, and collating information across tickets and pull requests. Kiro supposedly eliminates those scenarios.

AWS described it as maintaining awareness across sessions with the ability to "continuously learn your pull requests and feedback." It can also handle various tasks like bug triage and improving code coverage, with an included ability to make changes "spanning multiple repositories."

"All of this is in the background while you work on something else," Garman explained on stage.

Surely nothing bad could come of that.

Amazon is incredibly confident in Kiro's ability to streamline development, confirming today during the keynote an earlier report that it had made Kiro its standard AI development environment across the company.

"I've frankly been amazed at the impact this development velocity has seen inside Amazon," Garman said on stage today.

In one example of an Amazon project, Garman said that the tool trimmed a 30-developer project slated to take 18 months down to a mere 76 days, with only six developers assigned to the project.

"This is not just the 10 to 20 percent efficiency gains that people were seeing with the first generation of AI coding tools," Garman explained. "This is orders of magnitude more efficient."

Garman admitted that it took time for developers using Kiro to adjust, and that efficiency gains were "more incremental than transformative" for the first few weeks. That's where the frontier agents announced today come in, Garman said - those were the final key to unlocking the efficiency puzzle.

When asked what it would do to prevent disasters that have happened with other AI coding tools, an AWS spokesperson told The Register that the Kiro agent pulls requests for users to review and doesn't merge changes without developer oversight. The agent also logs all its work so that humans can review what it has done, though AWS still told us it recommends protecting all code branches and not allowing the Kiro agent to push directly to sensitive branches while it's executing tasks.

AWS also emphasized that each Kiro agent task is going to run in a sandbox with permissions set by the user. Orgs can also choose among three levels of network access: Integration only (GitHub proxy), Common dependencies (common package registries like npm), or Open internet. You can also decide what environment variables and secrets are shared with the agent.

The DevOps agent, likewise, requires a high degree of confidence in an AWS AI agent's capabilities to get things right.

Designed to provide "always-on incident triage, guided resolution, and recommendations for how to continuously improve the reliability and performance of your applications across AWS, multicloud, and hybrid environments," the DevOps is meant to relieve stress from the lives of on-call software engineers.

This, of course, requires giving the agent extensive access to one's environment. AWS said that the DevOps agent will have knowledge of applications and the relationships between components by having insight into everything from code bases and observability tools to repositories and CI/CD pipelines. The company claims that its own internal use of the tool has been able to identify root causes in 86 percent of instances - as to what it did in the other 14 percent of scenarios, AWS didn't say.

We also asked AWS how the DevOps agent was designed to prevent accidents, but it didn't answer that question.

The AWS security agent is also designed to be a largely autonomous process that can be used for things like penetration testing and code validation. (We covered it extensively in a standalone piece published earlier on Tuesday.)

All of those promises of agentic autonomy and free time for developers supposes AWS's new agents are actually getting things right, and that's far from a sure thing in the world of AI coding. One recent study showed that AI agents fail to complete simple office tasks at least 70% of the time – hardly a ringing endorsement of the idea of letting new agents with even more autonomy loose in one's systems with the ability to push code changes across multiple repositories or manage late-night software failures.

At the same time, around two-thirds of companies have rolled out AI tools to help their developers, most of whom say they haven't experienced much of a productivity boost from such tools. Instead of spending all that time freed up by AI to develop new and exciting features, developers required to use AI tools sometimes have to spend cycles checking to see what errors their AI coworkers made .

AWS would have its customers believe it's solved these issues with its latest round of AI agentry, but there's still a leap of faith required. ®