Amazon Web Services (AWS) is enhancing its cybersecurity operations by deploying artificial intelligence (AI) agents, according to AWS Chief Information Security Officer Amy Herzog. Speaking at the company’s re:Invent conference last week, Herzog outlined the positive impact these AI solutions are having on security teams, allowing them to reduce workloads and streamline processes.
Herzog emphasized that AI agents are particularly effective in responding to critical vulnerability exploits (CVEs), a task that has historically been labor-intensive due to the sheer volume of CVEs each year and the complexity of Amazon’s extensive networks and platforms. “Analyzing CVE changes or updates is something my team has to do at scale,” she stated, noting the challenge of combining the vast number of CVEs with AWS’s expansive network evaluations.
The AI agents facilitate a tiered analysis approach, starting with full automation and progressing to deeper human interactions. “With the deeper human interaction, we can cover so much more,” Herzog explained. She reported that AWS has experienced a “500% increase” in its capacity to compile information for security teams, marking a significant shift in operational efficiency.
This transformation enables security practitioners to minimize manual tasks, allowing them to concentrate on high-level analytical work. Herzog compared this advancement to the common industry narrative of focusing on more rewarding aspects of a role, adding that AWS has concrete examples of its technology delivering measurable results.
Beyond response scenarios, Herzog highlighted additional benefits for workers engaged in information gathering and context analysis, which previously required considerable manual effort. “Now the agents can help prepare the information that they need to take that high judgment human action with a lot less toil,” she said, emphasizing that these tools enhance human effectiveness while reducing the tedious aspects of cybersecurity roles.
Herzog’s remarks come amid a series of announcements by AWS related to agentic AI, reinforcing the company’s commitment to this emerging technology. A notable development during the week was the introduction of “frontier AI agents,” designed specifically for security operations and software development. CEO Matt Garman revealed that the AWS Security Agent aims to bolster security measures for developer teams, working alongside dedicated DevOps and Kiro coding agents throughout the software development lifecycle.
These agents are intended to be integrated across various workflows, thereby enhancing operational efficiencies from initial project production to launch phases.
Herzog was not alone in recognizing the advantages of agentic AI for security teams. Hart Rossman, Vice President for the Office of the CISO at AWS, noted that the company has had a “security responder agent” in production for an extended period. When a responder receives a signal, evidence, or ticket, practitioners can query the agent to develop context, reportedly speeding up response times.
However, this utility has introduced a paradox. While the responder agent has streamlined processes, the increased interest in its capabilities has led to users asking more questions than necessary, which has slightly slowed down operations. “What we found was that they actually spend time to ask, on average, 11 questions of the bot because it was so compelling,” Hartmann stated, adding that after this exchange, users typically returned to their workflows.
The AWS team has recognized this inefficiency and is working to refine the tool to improve user experience. “We really don’t want them asking 11 questions of the bot. We now want to take that feedback and say, can we get them the same result in two questions?” Hartmann explained. This iterative improvement has significantly reduced the time required to transition from initial signal to actionable remediation and root cause analysis.
As AWS continues to innovate in the realm of agentic AI, these developments underline the broader potential for AI technologies to enhance cybersecurity operations. The growing integration of AI into everyday workflows demonstrates a shift toward more efficient and effective practices in the field, offering a glimpse into the future of cybersecurity management.
See also
Liberty Defense Joins NVIDIA Connect Program to Enhance AI Threat Detection Speed and Accuracy
Resemble AI Secures $13M to Launch 98% Accurate Deepfake Detection Model Amid Rising Threats
Check Point Launches Quantum Firewall R82.10 to Secure AI Adoption in Enterprises
Experts Warn Ignoring AI Threats Could Cost Companies Millions in Cybersecurity Failures
Naftali Bennett Calls for National ‘Data Dome’ to Combat AI-Driven Cyber Threats
