AWS frontier agents that work on their own-Kiro, Security Agent, and DevOps Agent for development, security, and ops

AWS frontier agents work like autonomous teammates for dev, security, and ops. Give them a goal; they plan and ship PRs and fixes to reduce toil and speed recovery.

Frontier agents: autonomous AI that works like a teammate

Development teams are shifting from task-by-task automation to outcome-driven autonomy. Frontier agents mark that shift. They're autonomous, scalable, and operate for hours or days without constant oversight-so your team can move faster with fewer bottlenecks.

AWS is introducing three frontier agents-Kiro autonomous agent, AWS Security Agent, and AWS DevOps Agent-to cover the full software development lifecycle. Instead of nudging tools at every step, you point agents at a goal and they figure out the path.

What we learned building at scale

Stop micromanaging tasks. Direct agents at goals and let them execute.
Speed correlates with parallelism. Run more agentic tasks at once to increase throughput.
Longer autonomous runs produce better results. Extend runtime to reduce handoffs and rework.

One more takeaway: you need these capabilities across dev, security, and operations-otherwise, you just create new bottlenecks somewhere else.

Kiro autonomous agent: your virtual developer

Most coding tools help with snippets, then hand you the glue work-rebuilding context, syncing changes across repos, and stitching tickets and PRs. Kiro handles the glue.

It maintains persistent context across sessions, learns from your PRs and feedback, and keeps work moving while you focus on priorities. From triaging bugs to improving test coverage-including single changes that span multiple repositories-Kiro reduces the busywork that slows teams down.

Work from GitHub: ask questions, describe tasks, and assign backlog items.
Kiro independently plans, executes, and shares changes as proposed edits and PRs.
Team-wide context: connects to Jira, GitHub, Slack, pipelines, and repos to learn your standards and adapt to changes.

AWS Security Agent: security built in, not bolted on

Security teams need specific guidance and faster testing. Generic findings and slow pen tests don't match engineering velocity. AWS Security Agent embeds security expertise from design to deployment-across AWS, multicloud, and hybrid.

Review design docs and scan PRs against your organization's security requirements and common vulnerabilities.
Define standards once; the agent automatically validates them across applications.
On-demand penetration testing with validated findings and remediation code, at a scale that matches your release pace.

SmugMug added AWS Security Agent to accelerate security testing. "AWS Security Agent helped catch a business logic bug that no existing tools would have caught, exposing information improperly," said Andres Ruiz, staff software engineer at SmugMug. "To any other tool, this would have been invisible. But the ability for Security Agent to contextualize the information, parse the API response, and find the unexpected information there represents a leap forward in automated security testing."

If multiple apps deploy at once, scale up agents to meet demand-no trade-off between speed and security.

AWS DevOps Agent: fewer alerts, faster recovery

Incidents drain time and trust. AWS DevOps Agent is always on: it triages alerts, guides resolution, and learns your systems to pinpoint root cause quickly across AWS, multicloud, and hybrid environments.

Understands relationships between services, deployments, and telemetry.
Correlates data from tools like Amazon CloudWatch, Datadog, Dynatrace, New Relic, and Splunk, plus runbooks, repos, and CI/CD pipelines.
Inside Amazon, it has handled thousands of escalations with an estimated root cause identification rate over 86%.

It also shifts teams from reactive firefighting to proactive improvement. By analyzing incident history, the agent recommends upgrades across four areas: observability, infrastructure optimization, deployment pipelines, and application resilience.

Commonwealth Bank of Australia tested the agent on a complex network and identity management issue that typically takes hours for a seasoned engineer. The agent found the root cause in under 15 minutes. "AWS DevOps Agent thinks and acts like a seasoned DevOps engineer," said Jason Sandery, head of cloud services at the bank. "This isn't just about faster resolution times-it's about maintaining the trust our customers put in us."

Why this matters

These agents move teams from assisting with tasks to completing complex projects autonomously-like a real teammate would. They reflect years of software, security, and operations experience, now packaged to help you build faster, ship safer, and run with confidence.

Clariant, Commonwealth Bank of Australia, SmugMug, Western Governors University, and Presidio are already using one or more of these agents to accelerate delivery. All three agents are available today in preview.

How to get value fast

Pick 2-3 goal-driven pilots (e.g., cross-repo refactor, security standards rollout, noisy-service stabilization).
Connect the context graph: repos, CI/CD, observability, tickets, and chat. Give agents the data to reason.
Define security controls once and codify them. Validate every PR against those standards.
Set clear SLOs and incident playbooks; let the DevOps agent own first response.
Extend autonomy windows over time: start with daytime supervision, then let agents run overnight.
Measure outcomes: PR throughput, test coverage, mean time to resolution, vulnerability age, and change failure rate.
Establish guardrails: code review, audit logs, approval policies, and a break-glass path.