TL;DR:
This year’s AWS re:Invent was the most mature step forward in Agentic AI we’ve seen yet. AWS moved beyond concepts and delivered tangible, operational agent tooling, including Bedrock AgentCore, AWS Security Agent, and the new DevOps Agent. Security Hub finally went GA, multimodal capabilities took centre stage, and the community experience delivered as always.
Table of Contents
Before attending re:Invent this year, it was obvious that it was going to be a different flavour of themes surrounding AI. In 2023, the resounding them was Generative AI. New tooling was announced with a lot of focus around Bedrock, PartyRock and SageMaker enhancements. The trouble was that there was not a lot of structure around the use of the tooling and many were left puzzled by what the direction and strategy was for AWS. Last year, we saw some large announcements and a deep dive into tooling with a renewed focus on Security. It felt much more balanced and nuanced than the previous year. The resounding difference this year was the theme around Agentic AI, only this time we had real and tangible solutions revolving around the theme.
This was the year that AWS really operationalised AI revolving around the use and release of agents as well as how to orchestrate the agents and this represented a big shift from previous years.
A common theme of service releases has traditionally been built around the solving of a very specific problem. In the past we have needed to then cobble all these different services together into a cohesive solution. Bedrock has always faced this problem when creating and orchestrating agents to carry out a given task. Getting hands-on with Bedrock AgentCore as part of the security workshop delivered this year at reinvent was really cool.
Bedrock AgentCore
The point of AgentCore is to create all the integration points into a single cohesive solution that brings together all the core functions of the agent.
Some key capabilities included:
Gateways
Gateways replace the need to create separate API Gateways as an entry point. Prior to AgentCore, a RESTful API was often used to create an entry point for the integration to the agent. This is demonstrated in my own version of an agent-based solution for ingesting, analysing and resolving AWS Security Hub findings using Bedrock Agents instead of AgentCore:
https://github.com/greg-luxford/security-hub-ai-workshop
Gateways use open source protocols such as the Model Context Protocol (MCP) to call tools through OpenAPI schemas, REST API schemas or as pre-configured integrations without requiring you to write additional code or manage infrastructure. You can also configure identity settings for your gateways to securely manage access to downstream resources.
Memory
Memory allows for continuance and conversational context – allowing for true conversational interaction with agents. Memory enables agents to retain knowledge and learn continuously by leveraging built-in and/or custom strategies for automatically extracting and storing key types of memory from every interaction. This allows agents to be context-aware across sessions.
Short-term memory maintains context within the current session (something you may have previously experienced with Q CLI (sorry, ahem – Kiro CLI…). Once the session is closed, however, then any context is lost. Long-term memory is used to maintain context even between sessions. This is a really powerful feature of AgentCore!
Agent Runtime
Agent Runtime offers a secure, serverless and purpose-built way to deploy and scale AI agents and tools using any agent framework and any model. Runtime unlocks fast cold starts, industry-leading long-running execution, true session isolation, built-in identity and support for multi-modal payloads. Simply host your existing agent or tool code in Runtime to get started.
Speaking of this – multi-modal support was a standout feature of many services this year. Multimodal AI is a type of artificial intelligence that can process and integrate information from multiple data types, or “modalities,” such as text, images, audio, and video. This powerful supported feature allow you to correlate and build solutions for multiple capabilities in the one place – pretty awesome.
Identity
The identity capability is really cool as it allows to embed trusted identity into the agent without the need to cobble together other services like Cognito. Identity enables agents to securely manage access to resources by integrating with leading identity providers. You can add Inbound Identity to resources to enable caller authentication and authorisation, and you can enable Outbound Identity to provide downstream resource access.
Policy
Providing guardrails to your agent is really important. Being able to define these as a policy is a very smart feature that drastically improves the security posture of your agents.
Policy offers deterministic control to ensure agents operate within defined boundaries and business rules without slowing them down. Easily author fine-grained rules using natural language or Cedar (AWS’s open-source policy language). It integrates with Gateway, controlling who can perform what actions under what conditions.
Built-In Tools
There are built-in tools including a Browser for simulation and a Code Interpreter.
Browser
Augment your agent to securely interact with web applications, fill forms, navigate websites, and extract information in a fully managed environment. View live browser session or session replay. Monitor key metrics and traces for your browser session in AgentCore Observability. This enables you to test and validate your use cases without needing to publish publicly.
Code Interpreter
Enable your AI agent to write and execute code securely in a sandbox environment to solve complex end-to-end tasks. It supports Python, JavaScript, and TypeScript to run data analysis, calculations and code validations securely. You can also use it to monitor traces and metrics as well.
Combined, it is easy to see what the Bedrock team were going for – a one stop service that integrated several features and capabilities into the one tool. Further, we had some amazing announcements centralised around Security and DevOps capabilities.
Security Agent
It is clear to see that AWS is taking security very seriously and in a big way by releasing tools to significantly reduce the effort to secure code and containers. There is focus on the end-to-end development lifecycle from inception to release.
AWS Security Agent is a frontier agent that proactively secures your applications throughout the development lifecycle across all your environments. It conducts automated security reviews customized to your requirements, with security teams centrally defining standards that are automatically validated during reviews. The agent performs on-demand penetration testing customized to your application, discovering and reporting verified security risks. This approach scales security expertise across your applications to match development velocity while providing comprehensive security coverage. By integrating security from design to deployment, it helps prevents vulnerabilities early and at scale.
DevOps Agent
In public preview is the AWS DevOps Agent, a frontier agent that helps you respond to incidents, identify root causes, and prevent future issues through systematic analysis of past incidents and operational patterns. DevOps Agent is equivalent to an always-on, autonomous on-call engineer. When issues arise, it automatically correlates data across your operational toolchain, from metrics and logs to recent code deployments in GitHub or GitLab. It identifies probable root causes and recommends targeted mitigations, helping reduce mean time to resolution.
There is a great blog already released for it and the capabilities are impressive on first look. It seems things are getting serious now about leveraging AI to help reduce operational effort in more ways than one.
This added capability does not replace humans – they need to be part of the loop and it does require specific knowledge of findings and context to what the finding is. It does however empower teams to reduce the impact of outages and incidents and is great at defining the root cause analysis post incident.
Security Hub is Now Generally Available
I’ve been using the new Security Hub capabilities under the free preview for quite a while now and as features that were released to AWS Community Builders and AWS Heroes under NDA with AWS were released – it has been a true pleasure watching the capabilities grow on what seemed a week-by-week improvement leading up to reinvent. The push to go GA as an announcement at reinvent clearly put a lot of the development teams under significant pressure, however it has been awesome to see this go live. The legacy version of Security Hub is now relegated to Security Hub CSPM (Cloud Security Posture Management). While the CSPM version remains useful for high-level findings, the new Security Hub really allows you to peel behind the curtains and trace findings end-to-end and their associated resources.
Human Connections
The human connections made at reinvent cannot be underestimated. This year I met many old and new faces. The highlight for me was connecting with the worldwide community of AWS Ambassadors, AWS Community Builders, AWS Heroes and AWS User Group Leaders. Collaborating, sharing ideas and knowledge, demonstrating tooling and shared experiences was amazing. Getting to meet and discuss all things AWS and products, releases and a few things us partners need help with product teams, AWS business leaders and product heads was also a highlight. Helping other partners with growing competencies, service delivery programs and foundational technical reviews were also just icing on the cake. Human connections are what reinvent is about as much as it is a learning experience.
Another big announcement was from Werner Vogels, presenting his last keynote for reinvent after 14 years. Getting to see this in person and hear the insights and story of development from “back to the beginning” and the Renaissance Developer was a truly memorable highlight.
Finally, running the PEX315 – Intelligent Security Operations with AWS: AI-Powered Incident Response workshop with my fellow workshop team from AWS Security and ProServe teams was an amazing experience. A packed ballroom and an excited crowd said it all – people love getting hands-on and ideating on what comes next. There was a lot of enthusiasm from participants and several commented on the great user experience of the workshop. Our workshop team have agreed to continue collaboration on the workshop and make continual improvements to it for future running.
Conclusion
re:Invent 2025 showcased AWS’s significant shift toward operationalising Agentic AI, with Bedrock AgentCore, Security and DevOps Agents, and the new Security Hub GA leading the way. The conference reinforced the importance of hands-on experience, human connections, and continuous innovation. For builders, security practitioners, and partners, the announcements provide clear pathways to build more intelligent, secure, and integrated AI solutions for the future.
Greg has been in the IT industry for 17+ years across a range of roles and specialties starting his career in IT within the Australian Army in the Royal Australian Signals Corps. Since then, he has worked across several industry verticals including Local and State Government, Network Integrators, Gaming, Mining, Private Cloud Providers and AWS Consultancies covering Insurance, Energy, Banking and Airline industries in addition to Public Sector (Health, Transport, Justice, Communities and Child Safety). Greg is an AWS Ambassador and AWS Community Builder for Cloud Operations. Greg specialises in network engineering, cloud infrastructure, governance and compliance, security, cloud operations, AWS Well-Architected and DevOps.
