AWS just launched two autonomous AI agents — Security Agent and DevOps Agent — and they're both generally available now. These aren't chatbots with polished wrappers. They're persistent, autonomous systems that run for hours or days without human oversight, doing work that previously required dedicated teams.
Here's what caught my attention, and why platform engineers should be paying close attention.
Two Agents, Two Big Problems
AWS Security Agent handles penetration testing. Not the "run a scanner and hand you a PDF" kind — it ingests your source code, architecture diagrams, and documentation, then operates like a human pen tester. It identifies vulnerabilities, builds attack chains, and validates that findings are real exploitable risks. Bamboo Health reported it "surfaced findings that no other tool has uncovered." HENNGE K.K. cut their testing duration by over 90%.
AWS DevOps Agent handles incident response and operational tasks. It correlates telemetry, code, and deployment data across your stack — AWS, Azure, hybrid, on-prem — and integrates with the observability tools you already use: CloudWatch, Datadog, Dynatrace, New Relic, Splunk, Grafana. Western Governor's University cut mean time to resolution from two hours to 28 minutes during a production incident by pinpointing a Lambda configuration issue that had been buried in undiscovered internal docs.
The preview numbers are worth noting: up to 75% lower MTTR, 80% faster investigations, and 94% root cause accuracy.
The Pricing Makes the Strategy Obvious
This is where it gets interesting.
DevOps Agent costs $0.0083 per agent-second — roughly $29.88 per hour. AWS's own pricing examples show a small team running 10 investigations per month pays about $40. An enterprise running 500 incidents per month pays around $2,300. For context, a single on-call SRE costs you $150k-$200k/year fully loaded.
Security Agent runs at $50 per task-hour. A small API test costs about $173. A full application pen test runs around $1,200. Compare that to external pen testing firms charging $15k-$50k per engagement, with weeks of lead time and limited scope.
Both agents include a 2-month free trial. AWS is clearly betting on adoption velocity — get teams hooked on the speed and economics, then make it sticky through integration depth.
The DevOps Agent pricing also ties into existing AWS Support plans. Enterprise Support customers get 75% of their support charges back as DevOps Agent credits. Unified Operations customers get 100%. AWS is effectively saying: your support spend now buys you autonomous operations capacity.
What This Actually Means for Platform Teams
AWS calls these "frontier agents" — autonomous systems that work independently, scale massively across concurrent tasks, and run persistently. The framing matters because it signals a product category, not a one-off feature.
Three implications stand out:
Security becomes continuous, not periodic. Most organizations pen test their top 5-10 applications once or twice a year because of cost and staffing constraints. At $50/task-hour, you can afford to test everything, continuously. The security posture shift from "we tested our critical apps last quarter" to "every app gets tested every sprint" is significant.
Incident response gets a tireless first responder. The DevOps Agent doesn't replace your SRE team — it augments the 3am on-call rotation. It can start investigating before a human even picks up the page, correlating signals across your entire stack. By the time your engineer opens their laptop, the agent has already identified probable root cause with 94% accuracy.
The multicloud angle is deliberate. AWS built the DevOps Agent to work with Azure DevOps, GitHub, GitLab, and non-AWS observability tools. This isn't altruism — it's a land-and-expand play. Once your operational intelligence lives in AWS, migrating workloads away gets harder. But for teams running hybrid environments today, having a single agent that understands your entire topology is genuinely useful.
The Bigger Picture
Google and Microsoft have their own agentic plays, but AWS shipping two production-ready autonomous agents with per-second billing and free trials is a concrete move. The fact that both agents work with tools like Claude Code and Kiro for generating validated fixes signals that AWS sees these agents as part of a broader autonomous development loop — not isolated point solutions.
For platform engineering teams, the takeaway is practical: evaluate these agents against your current pen testing costs and incident response metrics. The economics alone justify a proof of concept. The free trial removes any excuse not to try.
The real question isn't whether AI agents will handle DevOps and security tasks. It's how fast your organization adapts its processes, roles, and trust models to work alongside them.
Top comments (0)