AWS AI Agents hone DevSecOps chops amid GitHub troubles
The market's largest cloud infrastructure player added muscle to its agentic AI tools at an event in New York, while a coding-agent rival faced headwinds.
AWS reinforced its pitch to enterprise developers this week with a preview of updates to its AI agents, as autonomous DevSecOps tools rapidly advance across the industry and a key competitor appears vulnerable.
At AWS Summit New York on June 17, AWS showcased agentic AI updates, including:
AWS Continuum (preview): Adds threat modeling and a more extensive set of vulnerability management features to the penetration testing and code review launched as the AWS Security Agent at re:Invent 2025.
AWS DevOps Agent release management (preview): Expands the existing root cause analysis available with the DevOps Agent to automatically test and validate code and catch issues before they reach production.
AWS Transform continuous modernization (preview): Finds and fixes tech debt autonomously in existing codebases, including framework upgrades, dependency patches and version updates.
Amazon Bedrock AgentCore updates (preview):Include a new model-agnostic harness for agent deployment; governed AgentCore web search; managed knowledge base for unstructured data; gateway guardrail integrations and agent optimizations to enforce enterprise policies and improve the quality of agent outputs.
AWS Context (preview):A knowledge graph for agent context that's integrated with Glue Data Catalog, SageMaker Unified Studio and third-party data sources using APIs.
AWS Kiro app for iOS (preview): Features always-on cloud-based coding agent sessions, so developers don't have to interrupt work.
Amazon Quick autonomous agents: Amazon's entrant into the Claw craze for autonomous personal desktop agents now includes agents that can run without human intervention with automatically updated business context; a no-code agent builder and new MCP connectors to third-party apps.
In just a few months, AI agents have evolved industry-wide from assistants to autonomous actors, said Dr. Matt Wood, chief AI and technology officer at AWS, during a press briefing call this week.
"There's been a step function increase in the cybersecurity capabilities of large language models in the past three or four months, and, as a result, we are expanding materially the security capabilities available to customers today … under a singular umbrella, which we call AWS Continuum," Wood said.
Chet Kapoor, vice president of security services and observability at AWS, presents the new AWS Continuum service during AWS Summit New York.
AWS Continuum moves the focus of security agents from detection of security vulnerabilities to resolving them independently using what they know about the business context of application code, said Chet Kapoor, vice president of security services and observability at AWS, during a Summit keynote presentation.
"Continuum looks at every vulnerability the way your best engineer would, but not in isolation; it does it against everything it knows about your environment, your architecture and your business," Kapoor said. "Then it constructs working examples in a sandbox environment that provides concrete, reproducible evidence of the issue."
Continuum remediations and mitigations in production are validated using the same process, Kapoor said.
This type of feature is becoming table stakes among enterprise vendors, according to Katie Norton, an analyst at IDC, who noted that numerous competitors have introduced similar features, including Google Cloud, Microsoft's GitHub, GitLab, Harness and Datadog.
"The detect-to-resolve motion (scan, validate, fix, verify) is now the shared direction across the field," Norton wrote in an email to TechTarget this week. "In terms of delivering this as an agentic capability, we are probably in the early adopter/early majority stage across the vendor landscape."
However, another new AWS Continuum feature, automated design-stage threat modeling, "reads fresher" in Norton's view.
"AWS had some 'old school' threat modeling capabilities, but the market is moving more toward AI here with [specialists] like Apiiro, Prime Security, DevArmor, Clover and a few others doing continuous threat modeling," she wrote. "It's good validation to see a larger company offer a comparable capability."
AWS courts devs with GitHub on the ropes
These updates come as Microsoft GitHub, which had a commanding head start in AI coding assistants and agents with Copilot, has faced reliability issues and developer unrest about usage-based billing changes over the past six months. This makes GitHub ripe for disruption by competitors, according to Jason Andersen, an analyst at Moor Insights & Strategy.
The AWS product is better, and GitHub's pricing is a bit worse.
Jason Andersen, Analyst, Moor Insights & Strategy
"The AWS story for devs is getting a lot better … If you look at how Kiro is working with some of the new AgentCore services, like Harness and Policy, there is more of a lifecycle management perspective to it, which to me was GitHub's big advantage with its agents," Andersen said. "When you look at GitHub, the new cost model is a challenge since, frankly, GitHub Copilot was a great deal, and now it's more in line with the rest of the market. So, the AWS product is better, and GitHub's pricing is a bit worse."
For organizations already invested in GitHub and Microsoft Azure, switching would be a much tougher sell, requiring a broad comparison of the underlying cloud platforms and their agentic DevSecOps capabilities, said Torsten Volk, an analyst at Omdia, a division of Informa TechTarget.
"GitHub is part of the Microsoft stack as a whole, and if people no longer like the value prop, they are generally more likely to move to AWS or GCP," he said. "But also, leaving GitHub behind is a massive endeavor for brownfield enterprises."
Andersen said it can also be tricky to keep costs under control on the AWS platform.
"The key will be in the details, as the thing I worry about with AWS is that the pricing is very modular, which can be good if you really know what you are doing, or bad if you just use everything and don't watch it," he said.
It's unlikely companies will move away from GitHub repositories, Andersen said, but they might look to competitors for other features.
"It opens the door a crack," he said. "They may source their agents differently."
AWS can throw cloud weight into agentic fight
GitHub and AWS spokespeople neither confirmed nor denied a published report this week that GitHub will run services on AWS as it works to resolve its reliability issues and keep up with the demand for agentic infrastructure capacity.
But AWS's critical mass as the largest cloud hyperscaler by global data center footprint and infrastructure market share could also sway organizations that haven't yet set their AI agent orchestration strategies, analysts said.
"Everybody is having problems building new data centers, but if you already own hundreds of them, [you can more easily] add capacity," said Larry Carvalho, principal consultant at RobustCloud. "AWS may have a secret weapon [with] its Trainium silicon, [and] since it controls the entire stack, may be able to use a lower-cost model to drive enterprise adoption."
AWS Context and Amazon Quick could also get a leg up from the widespread enterprise use of S3 for storage, said Matthew Flug, an analyst at IDC.
"Many organizations are already tied to AWS in one way or another, and now they're expanding to cover that layer while conforming to the openness that the industry is demanding," with cross-cloud data integration in AWS Context, Flug said. "In that regard, I think it will make sense for a lot of organizations to stick with AWS for things like Quick."
Beth Pariseau, senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism. Have a tip? Email her or connect on LinkedIn.
