Amazon Web Services (AWS) announced several new security products and enhancements at its re:Invent 2025 conference on Tuesday.
The cloud giant unveiled the preview version of AWS Security Agent, an agent designed to proactively secure applications throughout development.
AWS Security Agent conducts automated application security reviews and context-aware penetration testing. The agent continuously validates security from design to deployment, helping developers identify vulnerabilities early.
“The penetration testing agent creates a customized attack plan informed by the context it has learned from your security requirements, design documents, and source code, and dynamically adapts as it runs based on what it discovers, such as endpoints, status and error codes, and credentials,” AWS explained.
The company also announced the general availability of AWS Security Hub, a central panel where users can view, aggregate, and prioritize security risks.
Since the preview version was announced earlier this year, AWS has added several new features related to historical trends, exposure summaries, and widgets.
AWS also announced improvements to Amazon GuardDuty Extended Threat Detection, specifically the addition of two attack sequence findings for Elastic Compute Cloud (EC2) instances and Elastic Container Service (ECS) tasks.
“By adding coverage for EC2 instance groups and ECS clusters, this launch expands sequence-level visibility to virtual machine and container environments that support the same application,” the company said.
In addition, AWS introduced IAM Policy Autopilot, an open source MCP server that analyzes application code and helps AI coding assistants generate AWS IAM identity-based policies.
It also announced the public preview of AWS DevOps Agent, an agent designed to help organizations accelerate incident response.
AWS re:Invent 2025 announcements from security companies
SentinelOne announced the integration of its Singularity platform with AWS Security Hub and Amazon CloudWatch. The company also added its new Purple AI MCP Server and Observo AI data pipeline to the AWS Marketplace.
ZEST Security is introducing new AI-driven capabilities for AWS that should automatically reduce over 90% of vulnerabilities across accounts, services, and products. Powered by AI agents, these features leverage native AWS infrastructure, including Service Control Policies, to proactively resolve high-priority risks without manual remediation.
Salt Security has debuted Ask Pepper AI, a new API Protection Platform feature built on AWS Bedrock that enables security teams and developers to analyze API risks using natural language.
Sumo Logic announced the expansion of Dojo AI’s new agents, including SOC Analyst Agent, Knowledge Agent, and a Model Context Protocol (MCP) server. The new agents help security teams reduce alert fatigue, accelerate investigations, and streamline security workflows, allowing customers to focus on real threats and respond more effectively.
Skyhawk Security has added agentic AI red teaming capabilities to its Autonomous Purple Team platform. The new feature checks the entire security stack (SIEM, EDR, WAF) to determine whether a customer’s existing detection and enforcement controls would catch imminent threats to critical assets. The agentic AI system prescribes compensating security controls and drafts detection updates to accelerate remediation.
HiddenLayer announced expanded integrations with AWS gen-AI, offering native support for Amazon Bedrock and Amazon SageMaker. HiddenLayer also unveiled a complete platform redesign and launched a new AI Discovery module and an enhanced AI Attack Simulation module.
Securonix announced the integration of its Unified Defense SIEM with AWS Security Hub. The integration allows customers to combine Securonix’s detection capabilities with AWS’s centralized visibility and automation, strengthening cloud security posture and improving operational efficiency.
Varonis unveiled a new integration with AWS Security Hub to provide security teams with enhanced visibility, automated fixes, and proactive threat detection.
Related: AWS Launches Incident Response Service
Related: Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users
Related: AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure
