AWS CEO Matt Garman says the future of enterprise security depends on autonomous agents. And he says the shift is already underway. Speaking Tuesday at AWS re:Invent 2025 in Las Vegas, Garman described a world where “there’s going to be billions of agents inside of every company,” with AI performing tasks, automating workflows, and enforcing security policy at scale.
AWS used the keynote to launch a set of long-running, autonomous agents built for software development, security reviews, and incident response. “This takes what used to be months of work into hours,” Garman said. He emphasized that the agents maintain context, run independently, and accelerate work across large engineering organizations.
During this year’s re:Invent keynote kickoff, Garman also reveal how AWS plans to defend its position as Microsoft and Google push deeper into enterprise AI. Garman’s pitch is AWS offers cheaper and more reliable AI at hyperscale, delivered through its own chips, its own networking stack, and a broader infrastructure footprint than rivals.
Garman highlighted the company’s 38 service regions, 120 availability zones, and its 3.8-gigawatt expansion in the past year, along with more than 6 million miles of private fiber. The message is that AWS can run AI workloads at lower cost and with fewer failures than anyone else—and that its new agents are designed to turn that scale into practical, secure automation for customers.
Garman said AWS has grown to a $132 billion business, accelerating 20% year over year, with $22 billion in absolute growth in the last 12 months. S3 now stores over 500 trillion objects and handles “over 200 million requests per second.” Amazon Bedrock powers AI inference for more than 100,000 companies, and more than 50 customers have each processed over 1 trillion tokens on the platform.
AWS Security Agent Moves Security Upstream
One of the biggest launches is the AWS Security Agent, a long-running system that reviews design documents, scans code, integrates with GitHub pull requests, and performs on-demand penetration testing. According to Garman, the agent “can catch issues early, even from your design documents,” and provides remediation steps when it finds a violation. It can also run multiple security tests in parallel to prevent bottlenecks.
The agent is designed to help teams that release software faster than traditional security review cycles can support. Garman noted that many customers cannot “afford to do this continually,” and rely on infrequent security assessments. The Security Agent is intended to change that by making validation continuous.
DevOps Agent Targets Incidents Before Humans Log On
AWS also introduced the AWS DevOps Agent, which automatically investigates incidents and identifies root causes. Garman said the agent learns from existing resources, observability systems, code repositories, and CI/CD pipelines. It can work back from an alert to identify the underlying issue and propose a fix. In the example given onstage, the agent discovered a broken authentication chain between a Lambda function and a database, traced the cause to an IAM policy change, and surfaced the deployment that introduced it.
The DevOps Agent also suggests guardrails to prevent the same incident in the future. Garman described it as “always on call, fast and accurate.”
Kiro Autonomous Agent Changes How Code Gets Written
AWS’s third major launch is the Kiro Autonomous Agent, built on top of Kiro’s structured coding environment. Kiro manages multi-step development tasks, runs in parallel across repositories, and learns how teams write and structure their software.
Garman highlighted an internal Amazon engineering project where a re-architecture originally scoped for 30 developers over 18 months was completed by six people in 76 days after the team leaned fully into agentic development. “This is orders of magnitude more efficiency,” he said.
Developers in a prerecorded segment said Kiro lets them “ship more code,” operate “the way my brain operates,” and treat the agent as a partner that writes code, tests, and supporting files.
AI Factories Bring AWS AI Inside Customer Data Centers
AWS is also rolling out AI Factories, a way for enterprises to host AWS’s AI stack inside their own data centers. Garman described the setup as “a private AWS region,” one that slots into a customer’s existing space and power while delivering AWS training hardware, Nvidia GPUs, and services like SageMaker and Bedrock. The design aims to satisfy sovereignty, separation and compliance requirements that have slowed AI adoption in regulated sectors.
Another major upgrade comes from AWS’s silicon team. The company unveiled Trainium 3 Ultra, a new generation of custom AI hardware with 4.4× the compute of Trainium 2, nearly four times the memory bandwidth, and a fivefold increase in tokens per megawatt. A full rack of 144 chips reaches 362 FP8 petaflops and more than 700 terabytes per second of bandwidth. AWS says it has already deployed “over 1 million Trainium chips” and has work underway on Trainium 4.
AWS is also opening the model-training pipeline to customers with Nova Forge. Instead of fine-tuning after the fact, enterprises can insert their own proprietary data during pre-training, alongside Amazon’s curated data. The result is a customized “Novella” model that keeps Nova’s reasoning abilities while gaining the customer’s domain knowledge. Garman said early users, including Reddit, saw accuracy and cost improvements they couldn’t achieve through tuning alone.
Garman said this approach solves a major problem: fine-tuning alone cannot teach a model new domains without degrading its underlying capabilities. Reddit used Nova Forge to achieve accuracy and cost results it could not reach through standard tuning.
Large Customers Show How They Use AWS AI
Major customers also used the keynote to show how AWS’s infrastructure underpins their own AI strategies. Sony’s Chief Digital Officer John Kodera described how the company relies on AWS to support what it calls Kando—the emotional impact behind its games, music, films, and anime. Sony’s data platform, he said, now processes “up to 760 terabytes of data from more than 500 data sources,” and its homegrown enterprise LLM serves roughly 150,000 inference requests per day on Amazon Bedrock. Sony is moving next to Nova Forge, aiming to speed internal review and compliance workflows by “100×.”
Adobe CEO Shantanu Narayen offered a different view of scale. Adobe’s creative and document tools depend on EC2 p5 and p6 instances, with data stored across S3 and FSx for Lustre. Its new Acrobat Studio uses both SageMaker and Bedrock. Narayen said Adobe Experience Platform now performs “over 35 trillion segment evaluations” and “more than 70 billion profile activations per day,” underscoring how deeply integrated AWS infrastructure has become in the company’s marketing and content operations.
The startup perspective came from Writer CEO May Habib, who said the company trains its Palmyra models on SageMaker HyperPod with p5 instances, FSx for Lustre, and AWS’s high-speed Elastic Fabric Adapter. That setup cut training cycles from “six weeks down to two,” she said, and made training runs 90 percent more reliable. Writer now uses Bedrock Guardrails so customers can apply one set of safety and compliance rules across their entire AI workflow.
Security Services Also See Major Upgrades
AWS expanded several security offerings:
- OpenSearch gains GPU-accelerated vector indexing for 10× faster index creation.
- GuardDuty now extends its “extended threat detection” to ECS, after adding EKS support earlier in the year.
- Security Hub is now generally available with new near–real-time risk analytics and a trends dashboard.
- CloudWatch Unified Data Store automates collection of logs across AWS and third-party sources, storing them in S3 or S3 Tables.
- S3 Vectors is now GA, letting customers store trillions of vector embeddings.
A Shift Toward Embedded Automation
At the close of the two-hour keynote, Garman said AWS wants enterprises to “move fast” without compromising security. The company’s strategy is to make AI agents part of everyday development and operations. The new systems are designed to run continuously, enforce policies, and integrate with the tools customers already use.
The message was direct: the next phase of cloud security is autonomous.
