Visualizing threat modeling within the AWS Security Agent, enhanced by Kiro power and Claude Code plugin. (Illustrative AI-generated image).
- The AWS Security Agent now includes STRIDE-based threat modeling to identify and mitigate potential security risks early in the design phase.
- Code reviews are enhanced with pull request scanning, providing immediate security feedback and specific remediation guidance directly within the workflow.
- New integrations with Kiro power, Claude Code plugin, and MCP allow developers to run security checks directly from their IDE or CLI.
- Security requirements packs enable enforcement of compliance standards like PCI DSS and HIPAA within the automated code review process.
- Simulated validation offers a safe way to test code against the current environment before deployment, catching potential issues with AWS service interactions.
- These features are part of AWS Continuum, aiming to provide proactive security across the entire software development lifecycle.
The AWS Security Agent has received a significant upgrade, now offering threat modeling, pull request scanning, and IDE/CLI integrations for inline security checks. These enhancements aim to embed security directly into the development workflow, from initial design to code deployment.
New Capabilities in AWS Security Agent
First introduced as a preview at re:Invent 2025, the AWS Security Agent has evolved. It became generally available for on-demand penetration testing in March 2026 and added a preview of full repository code review in May 2026. Now, three new features are entering preview:
- Threat modeling: Utilizes the STRIDE framework to identify potential threats and suggest fixes based on design documents or source code.
- Enhanced code review: Includes scanning pull requests for security issues, providing specific remediation guidance, using security requirements packs, and performing simulated validations.
- Expanded integrations: Connects with Kiro power, Claude Code plugin, and the Model Context Protocol (MCP) for seamless security analysis within development tools.
These code review features also integrate with GitHub, GitLab, Bitbucket, and Atlassian Confluence, displaying results directly within the developer’s workflow.
Threat Modeling with STRIDE
AWS Security Agent now offers threat modeling using the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). This process analyzes design documents, architecture diagrams, or source code to pinpoint potential threats and recommend mitigations.
For instance, it can identify risks like spoofing attacks on public APIs or denial-of-service vulnerabilities in serverless applications. This automation makes threat modeling more accessible to development teams, complementing human expertise by providing a strong starting point and catching overlooked issues.
Compared to traditional static analysis tools that focus on code bugs, STRIDE-based threat modeling offers a broader architectural view. The agent combines both approaches, scanning code for vulnerabilities and modeling threats against the overall architecture.
Smarter Code Reviews for Pull Requests
The agent’s code review capabilities have been enhanced to include scanning pull requests. When a pull request is opened on supported platforms like GitHub or GitLab, the agent automatically checks the modified code for security problems.
It provides explanations for identified issues and offers specific, context-aware remediation guidance. This allows developers to fix vulnerabilities directly within the pull request, streamlining the review process.
Additionally, the agent introduces “security requirements packs.” These are predefined rule sets, such as those for PCI DSS or HIPAA compliance, that can be applied to projects. The agent validates code against these requirements before merging, helping enforce organizational security policies.
Simulated validation is another new feature. Before deployment, the agent can run a safe, dry-run check against the current environment to identify potential security issues arising from the code’s interaction with AWS services and resources.
IDE Integrations: Kiro Power, Claude Code, and MCP
The agent now integrates with development tools through Kiro power, the Claude Code plugin, and the Model Context Protocol (MCP). These integrations bring security analysis directly into the developer’s IDE or CLI.
Kiro power, an AI-powered coding assistant from AWS, embeds the agent’s security features into its suggestions. It can detect risky code patterns, suggest safer alternatives, generate threat models, and perform code reviews within the editor, offering AWS-specific recommendations.
The Claude Code plugin allows users to invoke the agent’s features using natural language prompts within their IDE. This enables quick security scans and threat modeling without leaving the coding environment.
MCP is an open standard that allows AI models and IDEs to connect with external tools. By supporting MCP, the AWS Security Agent can be integrated into any compatible coding environment, offering flexibility to developers.
A key benefit of these integrations is the inline display of results, reducing context switching and providing immediate feedback to developers.
Role within AWS Continuum
AWS Security Agent is a component of AWS Continuum, a platform designed to provide proactive security across the entire software development lifecycle. Continuum also includes other agents, such as the AWS DevOps Agent, which handles release management and deployment assessments.
The Security Agent focuses on identifying and fixing vulnerabilities in code and design, while the DevOps Agent manages the release pipeline. Together, they aim to secure the development process from initial commit to final deployment.
Continuum represents a unified platform where AI agents collaborate to automate and secure development workflows. The Security Agent can feed findings to the DevOps Agent, potentially blocking releases with critical vulnerabilities or automatically applying recommended configurations.
Impact on Development Workflow
These updates streamline the developer’s daily routine by embedding security checks throughout the workflow. Developers can now perform threat modeling on designs, receive secure coding suggestions as they type, and get immediate feedback on pull requests.
The continuous feedback loop, with checks happening in minutes rather than days, saves time and reduces friction. Inline results minimize context switching, and contextual remediation guidance helps developers make accurate fixes quickly.
While these automated tools significantly raise the security bar, human oversight remains important. Regular security reviews and penetration tests by security professionals are still recommended to catch complex threats and validate automated findings.
Availability and Future Steps
The new features of the AWS Security Agent, including threat modeling, enhanced code reviews, and IDE integrations, are available in preview as of June 11, 2026. The on-demand penetration testing feature is generally available, and full repository code review is in preview.
Getting started requires an AWS account and access to AWS Continuum. Integrations are available with popular code hosting platforms and AI-powered IDEs. The preview is free to use, allowing teams to explore the new capabilities without additional cost.
AWS has not yet announced a general availability date for these preview features. Based on the product’s release history, GA could be expected later in 2026. Future developments are likely to include deeper integration with the AWS DevOps Agent and support for additional compliance frameworks, reinforcing AWS’s commitment to embedding proactive security into development.
Frequently Asked Questions
What is the main purpose of the AWS Security Agent's new threat modeling feature?
The new threat modeling feature uses the STRIDE framework to analyze design documents or source code. Its main purpose is to proactively identify potential security threats and suggest specific mitigation strategies before vulnerabilities are introduced into the code.
How does the AWS Security Agent improve code reviews?
The agent now scans pull requests for security issues, offering inline feedback and remediation guidance. It also supports security requirements packs for compliance checks and performs simulated validations against the environment.
What are the new IDE and CLI integrations for the AWS Security Agent?
The agent integrates with Kiro power (AWS's AI coding assistant), the Claude Code plugin, and supports the Model Context Protocol (MCP). These allow developers to run security analyses directly within their coding environment without switching tools.
How do security requirements packs work?
Security requirements packs are predefined sets of security rules, often based on compliance standards like PCI DSS or HIPAA. When applied to a project, the agent checks the code against these rules during reviews to ensure compliance.
What is simulated validation in the AWS Security Agent?
Simulated validation is a feature that performs a dry run of the code against the current AWS environment. It helps identify potential security issues that might arise from the code's interaction with live AWS services and resources, without affecting the actual systems.
Is the AWS Security Agent part of a larger AWS security platform?
Yes, the AWS Security Agent is a component of AWS Continuum, a broader platform designed to embed proactive security throughout the software development lifecycle, working alongside other agents like the AWS DevOps Agent.
Are these new features available now?
The new features, including threat modeling, enhanced code reviews, and IDE integrations, were released in preview on June 11, 2026. Some features like on-demand penetration testing are already generally available.
