Application security teams face an impossible challenge: scale security expertise across growing application portfolios while maintaining development velocity. Traditional approaches force organizations to choose between speed and security. In this session, discover how AWS Security Agent transforms application security from reactive to proactive through AI-powered automation. Learn how this frontier agent conducts automated security reviews customized to your organizational requirements and delivers on-demand penetration testing tailored to your applications. Join us to see how you can scale security coverage and prevent vulnerabilities early in the development lifecycle while maintaining the speed of modern development.
What this session is about
Playbook
Editorial commentary · what to actually do about this on Monday
The concept
Automated security review + on-demand penetration testing, customised to your organisation's policies and threat model.
Why it matters
AppSec teams are perpetually under-resourced. Automating the "tier 1" review work gives you real leverage without compromising rigor.
The hard parts
Customisation matters — generic checks miss your specific threat model and create alert fatigue. Out-of-the-box config is rarely good enough.
Playbook moves
(1) Encode your threat model as agent prompts/configurations. Treat them as code. (2) Re-run on every PR, not just every release. (3) Tune the false-positive rate aggressively — alert fatigue kills adoption.
The surprise
AI pentest finds *different* bugs than human pentest. Don't replace; complement. AI is great at exhaustive coverage (every endpoint, every parameter combination); humans are great at creative chaining (using bug A to enable bug B to escalate to bug C). Run both, expect different findings, don't be surprised when they don't overlap much.
---
Independent editorial perspective — not an official AWS or speaker statement. Designed for executives evaluating what to brief their teams on next.
Live updates related to this session LIVE
Sourced via Parallel AI Monitor — continuous web watch on 21 topical streams. Updated .
- securew2.com high confidence Agent identity & delegation
A2A Protocol Security: Authenticating Agent-to- ...
Google and Microsoft have jointly proposed a new W3C standard called WebMCP (Web Model Context Protocol). This standard aims to allow websites to expose structured, callable tools directly to AI agents through a native browser API, fundamentally changing how agents discover and i
- coalitionforsecureai.org high confidence Agent identity & delegation
Agentic Identity and Access Management
New implementation patterns for AI agent identity (updated May 6, 2026) highlight the convergence of the Model Context Protocol (MCP) for agent-server handshakes and OAuth 2.1 with Dynamic Client Registration (DCR) for runtime credential issuance. A key pattern is the use of 'dis
- 3.org high confidence Agent identity & delegation
AI Agent Protocol Community Group - World Wide Web Consortium ...
Google and Microsoft have jointly proposed a new W3C standard called WebMCP (Web Model Context Protocol). This standard aims to allow websites to expose structured, callable tools directly to AI agents through a native browser API, fundamentally changing how agents discover and i
- proofpoint.com Agent governance & policy gating
proofpoint.com
Proofpoint provides an MCP Security Platform to secure AI connectivity at scale by routing MCP traffic through a central gateway. The platform enables centralized discovery and risk classification of 'shadow' MCP servers, enforces authentication via OAuth 2.0, controls user and a
- ndss-symposium.org high confidence Agent safety & prompt injection
Prompt Injection Attack to Tool Selection in LLM Agents
Security Disclosure: Microsoft disclosed two critical vulnerabilities in the Semantic Kernel framework that enable Remote Code Execution (RCE) and sandbox escapes via prompt injection. 1) CVE-2026-26030: A vulnerability in the In-Memory Vector Store's filter function (using unsaf
External links matched to this session via topic relevance. The KB does not endorse third-party content; verify before citing.