Skip to main content
graphwiz.aigraphwiz.ai
← Back to AI

AWS DevOps Agent and Security Agent: Autonomous Operations at Scale

AIDevOpsSecurity
awsdevops-agentsecurity-agentautonomousincident-responsepen-testing

On 31 March 2026, AWS announced general availability for two agents that represent a concrete bet on autonomous infrastructure operations. The DevOps Agent is an always-on site reliability engineer that correlates telemetry across observability platforms, CI/CD pipelines, and ticketing systems to diagnose and resolve incidents. The Security Agent is an autonomous penetration tester that ingests source code and architecture documentation to find vulnerabilities at a fraction of the cost of manual assessments. Both emerged from a five-month preview that started at re:Invent 2025.

The DevOps Agent

The DevOps Agent is not a chatbot that answers questions about your infrastructure. It is an autonomous operator that maintains a live model of your application topology and acts on incidents without human prompting.

Data integration

The agent connects to the tools teams already use:

<svg viewBox="0 0 460 240" xmlns="http://www.w3.org/2000/svg" style="width:100%;max-width:460px;margin:1.5rem auto;display:block;font-family:system-ui,sans-serif"> <rect x="0" y="0" width="460" height="240" rx="8" fill="var(--background-secondary)"/> <!-- Data Sources (left) --> <text x="80" y="20" text-anchor="middle" fill="var(--foreground-secondary)" font-size="9" font-weight="600">DATA SOURCES</text> <rect x="10" y="28" width="140" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="80" y="44" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">CloudWatch · Datadog · Grafana</text> <rect x="10" y="56" width="140" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="80" y="72" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Dynatrace · New Relic · Splunk</text> <rect x="10" y="84" width="140" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="80" y="100" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">GitHub · GitLab CI/CD</text> <rect x="10" y="112" width="140" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="80" y="128" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">ServiceNow · Slack</text> <!-- Arrows to center --> <line x1="155" y1="80" x2="185" y2="80" stroke="var(--accent)" stroke-width="1.5" marker-end="url(#arr2)"/> <!-- Central Agent --> <rect x="188" y="50" width="140" height="65" rx="8" fill="var(--accent)" opacity="0.12" stroke="var(--accent)" stroke-width="2"/> <text x="258" y="72" text-anchor="middle" fill="var(--accent)" font-size="11" font-weight="700">DevOps Agent</text> <text x="258" y="88" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Topology · Correlation</text> <text x="258" y="100" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Root Cause · Resolution</text> <!-- Arrow to output --> <line x1="332" y1="80" x2="362" y2="80" stroke="var(--accent)" stroke-width="1.5" marker-end="url(#arr2)"/> <!-- Output (right) --> <text x="405" y="20" text-anchor="middle" fill="var(--foreground-secondary)" font-size="9" font-weight="600">ACTIONS</text> <rect x="366" y="28" width="88" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="410" y="44" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Auto-remediation</text> <rect x="366" y="56" width="88" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="410" y="72" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Scale operations</text> <rect x="366" y="84" width="88" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="410" y="100" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Rollback deploy</text> <rect x="366" y="112" width="88" height="24" rx="4" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="0.5"/> <text x="410" y="128" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Ticket + notify</text> <!-- Metrics row --> <rect x="30" y="155" width="100" height="36" rx="4" fill="var(--accent)" opacity="0.08"/> <text x="80" y="172" text-anchor="middle" fill="var(--accent)" font-size="14" font-weight="700">75%</text> <text x="80" y="185" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">lower MTTR</text> <rect x="145" y="155" width="100" height="36" rx="4" fill="var(--accent)" opacity="0.08"/> <text x="195" y="172" text-anchor="middle" fill="var(--accent)" font-size="14" font-weight="700">94%</text> <text x="195" y="185" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">root cause accuracy</text> <rect x="260" y="155" width="100" height="36" rx="4" fill="var(--accent)" opacity="0.08"/> <text x="310" y="172" text-anchor="middle" fill="var(--accent)" font-size="14" font-weight="700">3-5x</text> <text x="310" y="185" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">faster resolution</text> <defs><marker id="arr2" viewBox="0 0 10 10" refX="10" refY="5" markerWidth="6" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" fill="var(--accent)"/></marker></defs> </svg>

The agent automatically builds an application topology map by correlating deployment events, service meshes, and observability data. When an incident occurs, it traces the blast radius across services, identifies the root cause, and executes remediation actions. Customers report 75% lower mean time to recovery, 80% faster investigations, and 94% root cause accuracy.

Pricing

The DevOps Agent bills at approximately $0.50 per minute, metered per second. A team responding to five incidents per week with an average 30-minute resolution time would spend roughly $300 per month. AWS offers support credits: 100% for Unified Ops support tier, 75% for Enterprise, and 30% for Business+.

The Security Agent

The Security Agent takes a different approach. Rather than monitoring for anomalies, it performs autonomous penetration testing by reading your source code, architecture documentation, and infrastructure configuration, then probing for vulnerabilities.

How it works

The agent ingests the full application context: source code repositories, API specifications, infrastructure-as-code templates, and architecture diagrams. It then tests against the OWASP Top 10 and, critically, against business logic flaws that automated scanners typically miss.

Pricing is structured around task-hours at $50 per hour. A 24-hour security evaluation costs approximately $1,200. For comparison, a manual penetration test of equivalent scope typically runs between $15,000 and $50,000.

Scope and deployment

The agent supports cross-account VPC configurations, making it suitable for organisations with complex multi-account AWS environments. It integrates into CI/CD pipelines for continuous security validation, and multicloud support extends coverage to Azure and on-premises infrastructure.

Multicloud reach

Both agents support AWS, Azure, and on-premises environments, available across six regions: us-east-1, us-west-2, eu-west-1, eu-central-1, ap-southeast-2, and ap-northeast-1. The multicloud positioning is deliberate. AWS recognises that most enterprises operate hybrid environments and has designed the agents to correlate data across provider boundaries rather than locking teams into a single platform.

The competitive landscape

Microsoft's Azure SRE Agent reached general availability on 10 March 2026, with 1,300 internal agents having mitigated 35,000 incidents. Google has not yet announced a direct competitor. The field of autonomous operations is still forming, and the AWS announcement establishes a clear pricing benchmark: $0.50 per minute for DevOps, $50 per task-hour for security.

Early adopters

United Airlines, T-Mobile, and WGU are among the public reference customers. SmugMug, LG CNS, HENNGE, and Wayspring round out the announced cohort. AWS is offering a two-month free trial for new customers.

The practical question for engineering teams is whether autonomous agents reduce enough toil to justify the cost, and whether the accuracy rates hold under the adversarial conditions of production. The five-month preview data is encouraging. The next six months of production deployments will determine whether autonomous operations agents become standard infrastructure, or remain a premium add-on for large enterprises.