Amazon Web Services Inc. today announced a set of major security enhancements across application protection, cloud security operations and threat detection that are designed to accelerate threat detection, automate security operations and strengthen protection across the full software development lifecycle.

The announcements, made at the annual AWS re:Invent 2025 conference in Las Vegas, included a preview launch of AWS Security Agent, the general availability of an upgraded AWS Security Hub and an expansion of Amazon GuardDuty Extended Threat Detection.

The first announcement, AWS Security Agent, is a new context-aware tool designed to proactively secure applications from design through deployment.

It’s designed to address longstanding gaps in application security testing by moving beyond traditional one-dimensional tools such as static and dynamic application security testing. Differing from static and dynamic tools that analyze either code or running systems in isolation, AWS Security Agent understands an application’s full context, including architecture, runtime environment and organizational security requirements.

The agent performs automated application security reviews and delivers adaptive penetration testing without the delays typically associated with manual processes or third-party testing vendors. AWS says that allows teams to identify deeper, more sophisticated vulnerabilities earlier in the development lifecycle.

The agent dynamically builds customized attack plans based on application design documents, source code and internal security policies and adjusts its testing as it discovers new endpoints, credentials and behavioral signals.

The second announcement today makes AWS Security Hub, which was previewed earlier this year at AWS re:Inforce, generally available.

The updated Security Hub delivers near real-time risk analytics and unified security operations by automatically aggregating and correlating findings across Amazon GuardDuty, Amazon Inspector, Amazon Macie and AWS Security Hub Cloud Security Posture Management.

The platform organizes security signals by threats, exposures, resources and coverage to reduce the manual effort that is typically required to prioritize and respond to risks across complex AWS environments.

New features in the release include up to one year of historical trend data through a customizable Summary dashboard, period-over-period trend analysis, severity-based filtering and cross-region aggregation.

With AWS Security Hub, security teams can also view security service deployment coverage across AWS accounts and regions, helping identify blind spots in vulnerability management, threat detection, sensitive data discovery and posture monitoring.

Finally, Amazon GuardDuty Extended Threat Detection is eing expanded with new attack sequence findings for EC2 instances and ECS tasks. The update builds on existing sequence detection for identity and access management credential misuse, suspicious S3 activity and Amazon EKS cluster compromise.

Extended Threat Detection now provides unified multistage attack visibility across a broader range of AWS environments through extended coverage to virtual machine and container workloads. According to AWS, the system links related security signals using artificial intelligence and machine learning models trained at cloud scale to generate high-confidence findings that would be difficult to detect through isolated alerts.

Today’s announcements demonstrate a push by AWS toward more automated, context-aware and unified cloud security operations at a time when organizations are facing rising attack complexity, accelerating release cycles and increasing pressure to secure applications and infrastructure without slowing development.

Photo: AWS