Security highlights from AWS re:Invent 2025
AWS made a handful of announcements about how it is prepping to secure increased productivity with AI.
- Melinda Marks,
-
Omdia
Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Las Vegas this week welcomed more than 60,000 attendees for AWS re:Invent, and the message was clear: AWS wants to be the platform of choice for the agentic era. In fact, CEO Matt Garman opened the keynote describing AWS as secure, available and resilient planet-scale infrastructure that is unmatched anywhere. "Security is priority one for us," he said. "Everything is built on that foundation."
While AWS made dozens of announcements in areas including analytics, AI, storage, compute, migration and modernization, there were just a handful of announcements for security and compliance. However, many of the announcements have important security implications. Here is a rundown of key takeaways for security teams supporting cloud workloads.
Using platform features to improve security
Organizations use offerings from cloud service providers (CSPs) to host their workloads on state-of-the-art infrastructure so they can focus on building applications and, in the AWS re:Invent spirit, invent and innovate. For enterprises, this has meant efforts to lift and shift workloads to the cloud to reap their benefits, and efforts to use cloud platforms for new workloads, saving organizations from needing to provision hardware and computing infrastructure.
Cloud services have also given rise to new generations of born-in-the-cloud companies, providing the advantages of being able to scale and innovate faster than larger companies with legacy systems and hardware. My latest research at Omdia, a division of Informa TechTarget, "The State of Cloud Security: Navigating Security Offerings from Cloud Service Providers and Security Vendors," showed how organizations are increasingly putting their production workloads in the cloud for these benefits.
While organizations understand that under the shared responsibility model, where the CSP is responsible for securing the cloud and the organization must secure what is put in the cloud:
- 95% believe security in the cloud is a collaborative effort between CSPs and their customers.
- 93% believe that the shared responsibility model and the CSP's security features affect how well they can respond to cybersecurity incidents.
- 92% believe CSPs should assist them in securing cloud workloads, although the shared responsibility model does not require them to do so.
In fact, the research showed that 73% of organizations prefer to use security features and capabilities from CSPs. When asked what makes them prefer the tools from CSPs, 67% said the CSP solution is optimized to work with the features of the CSP.
The security announcements at re:Invent this week address this need, using AWS features to deliver better security of workloads. New enhancements to Amazon GuardDuty Extended Threat Detection added two attack sequence findings for Amazon EC2 instances and Amazon Elastic Container Service tasks. AWS also announced updates to its cloud security posture management (CSPM) tool, Security Hub, which will help organizations mitigate risk by providing more context to prioritize needed actions to protect their cloud workloads.
The Security Hub updates aggregate and correlate signals from GuardDuty, Amazon Inspector, Security Hub CSPM and Amazon Macie, organizing them by threats, exposures, resources and security coverage. This reduces manual correlation work and helps customers quickly identify critical issues, understand coverage gaps and prioritize remediation based on severity and impact.
Security Hub only supports workloads across AWS environments, however, and most organizations use multiple CSPs. Our study found that only 8% of organizations use only one CSP. The study showed 63% of those that use multiple CSPs have a primary CSP with other CSPs for small, discrete use cases, so those primarily using AWS can use Security Hub and/or its integrations with third-party vendor solutions. But other CSPs offer CSPM tools with more multi-cloud support, including Microsoft Defender and Google Cloud Security Command Center.
Security advantages with the focus on developers using agentic AI
In the industry analyst Q&A session, Garman said that the company has embraced the reality that most customers are multi-cloud and the need to support them, but of course, he wants customers to run the majority of their workloads on AWS. A key strategy for the company is its renewed focus on developers.
"AWS needs to be front of mind for developers…today with agents, AI tools, capabilities and smarts going into this generation of development, for operations and security, can turbocharge what developers can do," he said.
AWS announced many exciting updates that benefit developers, especially by helping them use agentic AI. AWS has the advantage of having the scale of data needed to successfully train models, and it can offer this to customers to enable them to deploy agents effectively. For example, the Amazon Bedrock AgentCore has been downloaded 2 million times since its preview five months ago.
While it is exciting to be able to deploy agents to autonomously perform tasks, risk mitigation requires setting controls to set clear boundaries for their actions. AWS added Policy in AgentCore in preview mode to set policies for what agents can access and do to better protect systems and data. AWS also added AgentCore Evaluations to continuously inspect agent quality as they work, analyzing behavior, correctness, safety and to catch issues before they cause any problems.
AWS also showcased Kiro, an agentic AI-driven integrated development environment. Inspired by vibe coding, it is used internally at AWS, enabling developers to describe what they want to build, with Kiro actively assisting in the development process and taking needed actions along the way. Amazon CMO Julia White described productivity gains that can be unlocked using Kiro, from increasing productivity by 20-30% to supercharging developer productivity by five or 10 times.
While that increase in scale sounds daunting for security, AWS is using its advantages to supercharge security as well. It also introduced Security Agent in preview mode, which works with Kiro to continuously identify security issues and accelerate remediation across the full software development lifecycle. Features include scanning pull requests across security requirements and conducting pen testing, instead of needing separate, siloed security tools that are not well-integrated with development processes or the application lifecycle.
AWS also announced IAM Policy Autopilot, a new open source MCP server that analyzes application code and helps AI coding assistants generate AWS Identity and Access Management identity-based policies. It works with Kiro and other coding assistants, such as Claude Code, Cursor and Cline. This and many of the AWS agentic AI efforts are achievable only due to the scale of data and training capabilities of AWS.
Making the case to best support AI workloads
The complete Omdia survey results of the study showed that nearly all (99%) of organizations are currently (86%) or planning (13%) to use cloud services to host AI workloads. So, AWS is competing with hyperscalers to prove that it can best host AI workloads. Security will continue to play a key role as a differentiator. The study revealed that the top three elements of concern for the cloud-native stack are AI technology, software supply chain security and CSP infrastructure. It will be interesting to see how CSPs contribute to addressing customer challenges.
I look forward to digging more into this in my upcoming studies. If you are evaluating solutions to address these challenges or you are a vendor in this space, I'd love to hear your thoughts on these topics.
Melinda Marks is a practice director at Omdia, where she covers cloud and application security.
Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.
