AWS opens access to frontier agents for pentesting and DevOps operations in the cloud

AWS has released two autonomous AI-tools of a new class to general availability: Security Agent for on-demand penetration testing and DevOps Agent for cloud operations. The company calls them frontier agents and is betting on scenarios where the system can be entrusted with long, parallel, and partially autonomous tasks.

What AWS launched

This is not just about chat assistants for hints in the console. AWS describes frontier agents as autonomous systems that can move toward a goal without constant human involvement, scale to multiple parallel tasks, and work continuously for hours or even days. The first set includes two products: AWS Security Agent for on-demand penetration testing and AWS DevOps Agent for cloud infrastructure operations.

Both tools have already reached general availability status, meaning they are available as full-fledged services, not an experiment or limited preview. The logic behind the launch is clear: security and operations remain two of the most expensive areas of manual work in the cloud. Pentests are often tied to external team schedules and stretch over weeks, while incident investigation requires quickly gathering logs, testing hypotheses, and coordinating specialists.

AWS is trying to address both pain points with agents that don't just answer questions but execute chains of actions on their own: check systems, search for problems, gather data, and help bring the task to completion.

How agents work

According to AWS's description, the key difference of frontier agents lies in their degree of autonomy. They are created not for a single short request, but for a long working cycle with intermediate steps, switching between subtasks, and resilience to large volumes of operations. This is important for the cloud environment, where a team might simultaneously be running incident investigations, checking configurations, analyzing logs, and searching for vulnerabilities. Instead of manually triggering dozens of routine actions, an engineer sets a goal, and the agent sequentially executes the necessary steps and continues working without constant micromanagement.

• Autonomously execute multi-step tasks
• Scale to parallel checks and incidents
• Can work for hours or days without constant oversight
• Focused on security and operations, not general chat interface

This also changes expectations from AI in an enterprise environment. If previously an assistant was useful in the role of an advisor, AWS is now promoting a model of an "executing" agent that is connected to real operational processes. This approach requires trust in results, clear access boundaries, and control mechanisms, but it's precisely this that delivers significant time savings where a regular copilot hits the limits of manual work in practice.

Practical effect for teams

AWS cites the strongest figures from the preview results. According to the company, clients and partners reported that AWS Security Agent reduces penetration test timelines from weeks to hours. AWS DevOps Agent, in turn, helps resolve incidents 3–5 times faster. Even if these figures will depend on infrastructure maturity and configuration quality, the direction looks important: the agent takes on the primary volume of heavy operations, while the engineer gets involved where expertise and the right to make final decisions are truly needed.

"AWS

Security Agent reduces penetration test timelines from weeks to hours"

For teams, this means not only time savings but also a different work rhythm. Security checks can be run more frequently and closer to release, rather than being postponed to a separate window. During incidents, the time spent gathering context and taking the first diagnostic steps—which usually consume the most expensive minutes—is reduced. If the tool truly withstands extended autonomous operation, it can be embedded in permanent operational processes, not used as a one-time demonstration of generative AI capabilities.

What this means

AWS shows that the market for AI in business is moving away from the "ask the model" format to the "delegate the task and verify the result" format. If frontier agents confirm the stated speed and reliability on real production environments, security and DevOps will become one of the first areas where autonomous systems start to pay for themselves not in theory but in daily work.