AWS Security Agent Enhances DevSecOps with Threat Modeling and IDE Integrations
AWS Security Agent has introduced several new features, including threat modeling, expanded code review capabilities with pull request scanning and remediation, and new IDE integrations like Kiro power and a Claude Code plugin. These updates aim to proactively secure applications throughout the development lifecycle by identifying and mitigating risks earlier. The new features are available in AWS commercial regions and are geared towards engineers and architects involved in application security and development.
- →Threat Modeling Integration
- →IDE and AI Integrations (Kiro, Claude Code)
- →Expanded Code Review Capabilities
- →Broader Repository and Documentation Support
- →Compliance and Security Requirements Integration
Features (2) ›
- Threat Modeling Integration
AWS Security Agent now offers threat modeling capabilities, analyzing design documents or source code to identify threats and suggest mitigations using the STRIDE framework.
- IDE and AI Integrations (Kiro, Claude Code)
Users can now leverage Kiro power and a Claude Code plugin to perform code reviews, generate threat models, and remediate findings directly within their IDE or CLI via an open MCP integration.
Enhancements (3) ›
- Expanded Code Review Capabilities
Code review functionality is enhanced with pull request scanning, remediation, security requirements packs, and simulated validation. New integrations support GitHub, GitLab, Bitbucket, and Confluence.
- Broader Repository and Documentation Support
Code review scans now support GitLab and Bitbucket (SaaS and self-hosted), alongside GitHub, and can integrate with Confluence to use existing documentation as context.
- Compliance and Security Requirements Integration
The agent validates security requirements against managed compliance packs (e.g., AWS Well Architected, NIST CSF, PCI DSS) or custom organizational requirements, mapping findings to compliance posture.
https://aws.amazon.com/blogs/aws/aws-security-agent-adds-threat-modeling-kiro-power-and-claude-code-plugin-and-more/
Related releases
- Build Stateful IT Service Desk Agent with LangGraph on EKS AWS Open Source Blog ·
- AWS introduces Loom for secure AI agent development and deployment AWS Open Source Blog ·
- AWS Open Data Registry Adds AI-Powered Dataset Discovery AWS Open Source Blog ·
- AWS WAF adds AI traffic monetization to charge bots for content access AWS News Blog ·
- Amazon EC2 G7 instances with NVIDIA RTX PRO 4500 GPUs now available AWS News Blog ·
- AWS Supports New Open Governance Model for MySQL AWS Open Source Blog ·