AWS Security Agent for Autonomous Penetration Testing Now Generally Available Across Major Clouds

Amazon Web Services has announced the general availability of the AWS Security Agent, a new class of frontier agent designed to perform autonomous penetration testing. This service enables organizations to run comprehensive security tests across all applications, not just the most critical ones, by scaling testing across AWS, Azure, GCP, and on-premises environments. By transforming penetration testing from a periodic bottleneck into an on-demand capability, AWS aims to help developers maintain high velocity without sacrificing security.

The system operates 24/7 at a fraction of the cost of manual tests, typically reducing expenses by 70% to 90%. While traditional manual assessments can cost tens of thousands of dollars and take weeks to complete, a typical test using the AWS Security Agent costs around $1,200 and finishes in hours. This efficiency is achieved through a multi-agent architecture that independently discovers, validates, and reports vulnerabilities through sophisticated attack scenarios.

One of the agent's most advanced features is its ability to chain vulnerabilities by understanding the specific context of an application. It ingests source code, architecture diagrams, and API specifications to identify how seemingly minor flaws could be combined to create a critical security risk. For example, it can prove how a medium-severity script injection could lead to a session hijack and eventual database credential theft.

To ensure that results are actionable, the agent validates every potential vulnerability by attempting exploitation with targeted payloads. This process significantly reduces false positives, which are common in legacy scanners. According to AWS, the agent achieved a 92.5% success rate on the CVE Bench v2.0 dataset, demonstrating its ability to find and confirm real-world threats effectively.

The agent also integrates directly into the development workflow by generating pull requests with suggested code fixes for confirmed issues. This completes the security lifecycle from discovery to remediation in a single automated loop. Developers can review, merge, and retest applications within the same day, drastically shrinking the window of exposure for new code deployments.

Available now in six global regions, the service supports complex authentication flows including OAuth, SAML, and Multi-Factor Authentication. Organizations can get started by creating an agent space in the AWS Management Console and validating domain ownership. With transparent pricing at $50 per task-hour, the service provides a scalable way to consolidate security testing across diverse infrastructure.