AWS hypes continuous agentic DevOps, puts Kiro in your pocket

AWS today introduced new and enhanced agents aimed at DevOps and code security at its New York Summit, including previews of Continuum for identifying and fixing application vulnerabilities, and an iOS mobile app for its Kiro coding tool.

Matt Wood, chief AI and technology officer, said in a press briefing that the company sees AI tools operating continuously in the background, rather than being used on demand. AWS Continuum, now in closed preview, is a set of agents that "continually provide security continuity using artificial intelligence, building on penetration testing and code review," he said.

Sounds expensive? According to Wood, the cost of using AI tools is falling despite the rising price of tokens. "While the cost of a token at the frontier continues to go up, if you normalize for a particular point of intelligence, the cost continues to decrease year by year," he claimed.

AWS Continuum currently includes two products. Continuum for code vulnerabilities performs vulnerability scans of an AWS environment and is claimed to prioritize findings that are actually reachable in a production path, with exploits demonstrated in a sandbox. The tool will also generate suggested fixes such as network changes or patches for the code.

The existing AWS Security Agent will be renamed "Continuum pen testing" and "Continuum code scanning".

The AWS DevOps agent, first previewed at the company's re:Invent conference in late 2025, is billed as an AI tool that can resolve and prevent application outages and optimize application reliability and performance. It was made generally available in March.

DevOps Agent is gaining release management capabilities, now in preview, which assess code readiness and run software in an AWS-managed isolated environment to verify the builds.

The new feature follows other enhancements to DevOps Agent introduced earlier this month. DevOps Agent has always had support for calling tools via Model Context Protocol (MCP) but now exposes its own MCP endpoint, enabling other tools to call the Agent API. There is also support for the Agent2Agent (A2A) protocol, introduced by Google last year to assist agent collaboration. These new endpoints are in addition to the standard AWS REST API.

DevOps Agent is designed to use other observability tools as input, including AWS CloudWatch, Datadog, Dynatrace, New Relic, and Splunk, as well as code from repositories such as GitHub and GitLab. It can also connect to Microsoft Azure and Azure DevOps.

AWS Transform, an AI service for migrating and modernizing workloads and application code, gets a new preview feature called continuous modernization. AWS suggests it as a tool to cover both the day-to-day work of upgrading and patching libraries, and larger projects such as moving to a more recent framework or runtime for Java or .NET applications.

Kiro is an IDE and service for specification-driven AI coding. Kiro can be extended with "powers," wrappers for one or more MCP servers available from GitHub. Powers exist for AWS services such as DevOps Agent and Lambda, as well as for third-party services such as Datadog and Dynatrace.

Now in closed preview, the Kiro mobile app for iOS can launch and manage remote sessions. There are three modes of interaction: chat, spec for continuing a specification workflow, and autonomy for delegating tasks. The app shows the live state from cloud sessions, and renders code diffs as cards that the company says are legible on a small screen. According to AWS, it is a true native app, not a wrapper for a web application. 

In addition to DevOps tools, the company also previewed AWS Context, a service for mapping company data into a knowledge graph for agentic search. It is similar to search in the existing Amazon Quick service, except that Context is designed to be organizational rather than personal. Context publishes its metadata into Amazon S3 tables in Apache Iceberg format. According to AWS, all queries are identity-aware to prevent users from accessing data they are not authorized to see.

Amazon Quick will use the same underlying technology as Context. Quick is also getting the ability to create autonomous agents via voice prompts, or to choose from a library of pre-configured agents. Hundreds of connectors add integration with third-party services such as Gmail, Slack, and Microsoft Teams and SharePoint. 

Finally, Amazon Bedrock AgentCore, a platform for custom agents, adds a managed knowledge base, web search, and the ability for agents to spend money on paid content such as financial market feeds.

Companies going all-in on agentic AI will find it costly. Services like Quick are subscription-based, and others like DevOps Agent are based on per-second usage, currently the same for incident response, evaluations (incident prevention), and on-demand tasks such as chat. Pricing is somewhat opaque because the time an agent will take for a task is unknown. There are also additional charges for AWS services an agent consumes, such as CloudWatch queries.

Another issue is reliability. In its post on AgentCore, AWS acknowledges that "the most dangerous agent failures aren't the ones that throw errors. They're the ones that look fine on dashboards: an agent that confirms an order modification it never executed, one that fabricates product availability when an API times out, another that skips an approval step while dashboards show a 99 percent success rate."

AWS claims new AgentCore features address this with "failure, intent, and trajectory insights across hundreds of sessions." AgentCore also has policy capabilities that define what an agent can and cannot do, and Bedrock Guardrails, which run at a gateway layer outside the agent and evaluate actions for prompt injection, harmful content, and data exposure. 

"Trust is the single biggest barrier to adoption for artificial intelligence systems inside most organizations," said Wood. He said that AWS is trying to build agents that "exhibit and communicate trusted outcomes to their users," using Bedrock AgentCore policy and guardrails to make AI agents safer and more reliable. ®