Application security teams face an impossible challenge: scale security expertise across growing application portfolios while maintaining development velocity. Traditional approaches force organizations to choose between speed and security. In this session, discover how AWS Security Agent transforms application security from reactive to proactive through AI-powered automation. Learn how this frontier agent conducts automated security reviews customized to your organizational requirements and delivers on-demand penetration testing tailored to your applications. Join us to see how you can scale security coverage and prevent vulnerabilities early in the development lifecycle while maintaining the speed of modern development.
What this session is about
Playbook
Editorial commentary · what to actually do about this on Monday
The concept
Automated security review + on-demand penetration testing, customised to your organisation's policies and threat model.
Why it matters
AppSec teams are perpetually under-resourced. Automating the "tier 1" review work gives you real leverage without compromising rigor.
The hard parts
Customisation matters — generic checks miss your specific threat model and create alert fatigue. Out-of-the-box config is rarely good enough.
Playbook moves
(1) Encode your threat model as agent prompts/configurations. Treat them as code. (2) Re-run on every PR, not just every release. (3) Tune the false-positive rate aggressively — alert fatigue kills adoption.
The surprise
AI pentest finds *different* bugs than human pentest. Don't replace; complement. AI is great at exhaustive coverage (every endpoint, every parameter combination); humans are great at creative chaining (using bug A to enable bug B to escalate to bug C). Run both, expect different findings, don't be surprised when they don't overlap much.
---
Independent editorial perspective — not an official AWS or speaker statement. Designed for executives evaluating what to brief their teams on next.
Live updates related to this session LIVE
Sourced via Parallel AI Monitor — continuous web watch on 21 topical streams. Updated .
- agentplace.io high confidence AI agent regulation & policy
Agent Liability Frameworks: Legal and Compliance ...
OWASP released the 'Top 10 for Agentic Applications 2026', establishing the first dedicated security framework for autonomous AI agents to address vulnerabilities and risks associated with agentic AI systems.
- orkos.com high confidence Agent identity & delegation
The token bill is an identity problem
WorkOS has released an analysis concerning the relationship between AI agent token costs and the critical need for identity attribution.
- helpnetsecurity.com high confidence Agent identity & delegation
How to use NIST and ISO frameworks to govern AI agents - Help Net Security
Help Net Security published an article (authored by Token Security CTO Ido Shlomo) recommending application of NIST AI RMF and ISO/IEC controls to govern AI agents — treating agents as first-class identities with owners, lifecycle controls, observability, short-lived credentials,
- aithority.com high confidence Agent governance & policy gating
Operant AI Launches MCP Gateway: Enterprise-Grade Runtime ...
Merge.dev launched Merge Gateway and the Merge Agent Handler, acting as a control plane for production AI by replacing multiple MCP servers with a single secure layer for authentication and operation.
- xeris.ai high confidence Agent governance & policy gating
Xeris - Secured MCP Gateway for AI Agents
Linx Security launched Agentic Access Control, an MCP Gateway that sits inline between AI platforms and enterprise applications to enforce granular security policies on every tool call.
External links matched to this session via topic relevance. The KB does not endorse third-party content; verify before citing.