Amazon Web Services (AWS) highlighted 3 security strategy keywords as high-performance AI sharply reduces the time needed to find vulnerabilities and create attack code.
They are shift left, continuous verification and AI agent security.
Eun-su Shin (신은수), a senior specialist solutions architect for security at AWS Korea, said at a press briefing hosted by AWS Korea on Tuesday morning that in the past only expert groups could find high-risk vulnerabilities. With high-performance AI, anyone can easily find vulnerabilities, so the number of vulnerabilities companies must respond to rises sharply. He said AI can also find vulnerabilities and create attack code much faster than people.
Shift-left security focuses on finding and fixing vulnerabilities in the development and build stages rather than patching vulnerabilities in the operations stage, he said. This is why AWS provides AI agents specialised in security. "A security agent becomes more valuable when the development team uses it directly rather than the security team," he said.
Continuous verification is key to shifting from periodic audits to an always-on verification system, he said. AI agent security is based on the premise that a structure in which only the security team is responsible has limits in responding to threats from the spread of high-performance AI. "It is important that all members accept security as a culture," Shin said.
AWS is speeding up efforts to strengthen multi-layered defence systems, automated reasoning and security AI agent technology to support stronger security capabilities in the AI era.
First, AWS runs 3 internal systems that protect infrastructure without customer involvement. MadPot is a global honeypot system that leads attackers to mistake it for a real operating system, identifies malicious actors and shares related information with intelligence agencies and ordinary companies.
Mithra is a large graph neural network model that analyses billions of data points to find malicious domains and C&C communication domains, with detection information linked to services such as GuardDuty. The last is Sonaris. It automatically detects and blocks threats flowing into key assets such as S3, a cloud storage service.
Automated reasoning was also emphasised by Shin. He said large language models can generate answers on a probability basis, which can cause hallucinations, and that a probabilistic approach alone is insufficient for security. He said IAM Access Analyzer uses automated reasoning to verify whether policies allow unintended access, and that Amazon Bedrock Guardrails uses the same method to track whether model answers are hallucinations.
AWS expects AI agents to play a bigger role in corporate security strategies and is expanding its related product line-up. The briefing highlighted the Security Agent and the recently introduced AWS Continuum.
AWS Security Agent provides 4 functions: threat modelling, design review, code review and pentesting. Pentesting is a function in which generative AI automatically performs penetration testing in place of people, and an official service is currently available. The other 3 functions are in preview. Shin said of pentesting, "Even if it is not an AWS environment, checks are possible if it is a system accessible via the internet or VPN."
Continuum is currently in beta and focuses on analysing code vulnerabilities based on multiple agents. A priority agent evaluates vulnerabilities using SSVC, which considers business impact together, instead of the existing CVSS.
A verification agent runs code directly in a sandbox environment to check for false positives, and a remediation agent suggests how to fix issues. Training and application modes can be operated in stages. "In the future, Security Agent and Continuum will be integrated and evolve into an integrated service," Shin said.
At the event, Jin-su Lee (이진수), head of the RED team at LG CNS, also attended and shared experiences and results from adopting AWS Security Agent. He said the LG CNS red team is made up of white-hat hackers and provides penetration testing services for its own solutions and customers' business systems.
LG CNS goes through a process to assess whether performance, compliance and security requirements are all met before providing solutions to customers, but from the perspective of the development organisation, the time and cost needed to pass the process was a burden.
As an alternative, it reviewed AI-based penetration testing and, after looking at various solutions since 2025, chose AWS Security Agent and applied it by adding it to the existing process.
Team leader Jin-wook Lee (이진욱) said, "Once you set up the target system and start the inspection, the agent automatically performs penetration testing. After receiving the results, white-hat hackers additionally verify what is needed, and complex business logic is checked separately before delivering a comprehensive results report to developers and customers."
The results were tangible, he said. "A penetration test that took 4 to 5 days when done by a person finished within 5 hours. We confirmed the true positive rate was as high as over 90 percent. For regular inspections, the security agent alone is sufficient. Costs can also be reduced by more than 80 percent compared with before," he said. He added that when using AI agents for security, results differ depending on how well context is set, and that injecting sufficient context allows more attack surfaces to be checked and reduces false positives.
LG CNS is expanding the use of security agents across the company. Jin-wook Lee said that as AI advances lower the barrier to hacking and the attack surface increases with wider AI adoption, continuing to increase specialist personnel and operate them is a heavy burden for an organisation. He said AWS Security Agent could be a solution.