Penetration testing that once consumed three weeks now finishes before lunch. That is the core promise AWS made this week with the general availability of its Security Agent and DevOps Agent—and for enterprise security teams drowning in backlogs, it sounds like salvation.
It is. But it comes with fine print.
AWS Security Agent compresses penetration testing timelines from weeks to hours by operating as a persistent, autonomous tester that ingests your source code, architecture diagrams, and documentation. It identifies vulnerabilities, chains them into attack sequences, and validates which ones represent genuine risk. Bamboo Health reported finding vulnerabilities that no other tool surfaced. HENNGE K.K. said testing duration dropped more than 90%. These are real results from preview customers.
The DevOps Agent delivers 3–5x faster incident resolution through continuous autonomous operation—running for hours or days without the human hand-holding traditional automation requires. When your production system degrades at 2 AM, this agent does not wait for an on-call engineer to walk through runbooks. It acts.
Together with Amazon Nova Act and Bedrock AgentCore Evaluations, AWS is assembling a suite of AI agents that handle tasks previously requiring specialized human expertise or brittle scripted automation. Nova Act lets QA teams write test cases in plain English rather than wrestling with DOM selectors that break on every UI refactor. AgentCore Evaluations helps developers systematically measure whether their AI agents actually improve—or just look better in demos.
Here is what AWS is not saying in its announcement: these agents learn your infrastructure. Security Agent builds its understanding from your AWS-native documentation and code. DevOps Agent operates on your AWS environment. FinOps agents—AWS published a tutorial for one this week—consolidate Cost Explorer, Budgets, and Compute Optimizer into conversational interfaces. The more you use these tools, the more your workflows, institutional knowledge, and optimization logic live inside AWS systems.
This is the trade-off at the heart of every major cloud vendor's AI strategy. AWS offers dramatic speedups because it can—its models have deep visibility into how you built and operate on AWS. That same visibility makes it harder to extract those workflows to a competitor. The agent remembers your infrastructure. It optimizes for your AWS environment. Every hour saved today is an hour of lock-in accrued.
None of this means the speedups are illusory. Weeks-to-hours penetration testing is genuinely valuable. Faster incident resolution is genuinely valuable. But AWS is not altruistically accelerating your workflows out of the kindness of its cloud. It is accelerating workflows that run on AWS infrastructure, for customers whose data already lives in S3 buckets and whose services already run on EC2.
The frontier agent era has arrived. Whether you call it powerful tooling or sophisticated lock-in depends entirely on your negotiating position when your contract comes up for renewal.