AI agents are moving from experimental tools to everyday enterprise workflows.
Reporting live from AWS re:Invent 2025 in Las Vegas for Irish Tech News, I attended a press-only briefing titled Security and the Rise of AI Agents, where senior AWS leaders Amy Herzog, Chief Information Security Officer, Hart Rossman, Vice President in the Office of the CISO, Gea Rinehouse, Vice President of Security Services and Neha Rungta, Director of Applied Science outlined how the company intends to manage this transition.
AWS is pushing ahead with autonomous agents, but only within a security model built on long-standing principles: identity, governance, compliance and clear oversight.
What is an AI Agent?
An AI agent is a software system that uses artificial intelligence to carry out tasks autonomously in pursuit of a specific goal. Unlike chatbots that only respond to prompts, an agent can reason, plan and take action across different steps of a workflow. It can use tools such as web services or APIs, monitor its progress and adjust its approach as conditions change. Over time, it can improve its performance based on the data and experience it gathers.
This distinction matters, because the rise of agents raises new questions about accountability, access, oversight and safety.
Security First
AWS chief executive Matt Garman shaped much of the week’s discussion. Speaking about the reality facing engineering teams, he noted:
“Every customer wants their products to be secure, but you have trade-offs. Where do you spend your time? Do you improve the security of existing features, or do you ship new ones?”
The briefing returned to this point several times. AWS’s position is that strong design-stage security reduces the tension between improvement and innovation. Agents are seen as an opportunity to reinforce security, not dilute it.
AWS Security Agent
One of the major announcements at re:Invent was the preview of AWS Security Agent. The tool brings several security checks forward in the development process. It reviews designs, analyses code, gathers richer signals for incident response and performs penetration testing that reflects real system behaviour rather than generic patterns.
AWS Security Agent is one of the new Frontier Agents introduced at re:Invent, a family of autonomous tools designed to handle multi-step tasks across development, security and operations.
Neha Rungta described the significance of this shift. She called the Security Agent “one of these frontier AI agents, a sophisticated class of AI agents that are autonomous and scalable and can work for long periods without human intervention. Security doesn’t have to be an afterthought.” She added that AWS is expanding its proof-based assurance tools so teams can understand correctness without being specialists in system logic.
The broader point is that verification needs to be continuous, not episodic.
Guardrails for Autonomy
The panel stressed that agents must operate within strict boundaries. Updated policy controls in Amazon Bedrock AgentCore allow organisations to specify what an agent can do, which systems it can reach and how its actions are logged and reviewed.
Hart Rossman remarked that each major technology shift has increased the demands placed on security teams. With agents running for extended periods and across more systems, the real pressure points now are scale and speed. Guardrails are essential.
The Sandbox Approach
A theme repeated throughout the session was the use of sandbox environments. AWS encouraged organisations to test new agents in isolation before considering production use. This allows teams to observe long-running behaviour, confirm access paths, check escalation rules and understand how an agent reacts under different conditions.
The sandbox was presented as a practical way to build confidence gradually rather than relying on assumptions.
Inside the Press Briefing
Questions focused on monitoring autonomy, preventing agents from widening their scope unintentionally and ensuring that any mistakes are traceable. Others asked how agent activity is governed across jurisdictions with differing expectations.
AWS pointed to detailed logging, explicit guardrails and the discipline of sandbox testing. The message was that technical controls work best when paired with clear organisational processes.
Europe’s Regulatory Lens
For organisations in Ireland and across Europe, AWS’s emphasis on audit trails, traceability and identity aligns with regulatory expectations. The governance principles described in the briefing sit comfortably alongside GDPR, and the focus on transparency and explainability matches key elements of the European Union AI Act.
AWS did not discuss regulatory compliance, but the security principles outlined mirror several priorities in GDPR and the EU AI Act, particularly transparency and accountability.
Takeway for Business
The move toward agent-driven workflows offers real advantages, but it increases the importance of knowing how systems behave. The briefing showed AWS taking a deliberate and structured approach. Autonomy is paired with visibility. Efficiency is matched with governance.
Matt Garman’s comments about trade-offs captured the core of the discussion. If AWS can reduce the tension between security and progress, organisations may feel more confident adopting agents at scale.
Fundamentals Remain the Anchor
At re:Invent, AWS outlined a steady, security-led path into the agent era. With tools such as AWS Security Agent, expanded verification methods and a focus on sandbox testing, the company is offering a framework for adopting autonomous agents without losing visibility or control. The session reinforced that even as systems become more capable, the fundamentals of security continue to determine whether that capability is safe, workable and sustainable.
About Billy Linehan
This interview is part of my reporting from AWS re:Invent in Las Vegas for Irish Tech News, where I am covering how AI is changing our future. Read more articles by Billy Linehan HERE.
Billy writes for Irish Tech News on innovation, tech for good and entrepreneurship, covering events in Ireland and abroad. A business mentor with Celtar Advisers, he has worked with hundreds of SME and startup owners. He co-founded StartUp Ballymun, Dublin’s longest-running entrepreneurship series. A deep appreciation of heritage and sense of place runs through his writing and informs how he supports communities.
See more breaking stories here.
