AWS agent operating layer connecting context, security, cloud operations, software development, and business workflows

AWS Is Building an Operating Layer for Enterprise Agents

Quick take: AWS is assembling a governed operating layer for enterprise agents across context, runtime, workflows, operations, security, and continuous learning.

The biggest AWS Summit New York announcement was not one product. It was the architecture connecting context, action, operations, and security.

Enterprise leaders do not need another AI agent demo.

They need an agent that knows which data to trust.

They need it to understand how the business actually works.

They need it to take useful action without wandering outside its permissions.

They need it to keep software moving without quietly creating new risk.

And they need a security system that can operate at the same speed as the agents now writing code and finding vulnerabilities.

That was the real story at AWS Summit New York 2026.

AWS announced a wave of agentic capabilities across AWS Context, AWS Continuum, Amazon Bedrock AgentCore, Amazon Quick, Kiro, AWS DevOps Agent, and AWS Transform.

Taken one at a time, they look like a long list of product updates.

Taken together, they reveal something more important.

AWS is building an operating layer for enterprise agents.

The model is only one component.

AWS wants to provide the context agents reason over, the runtime where they operate, the tools they use, the policies that constrain them, the systems that keep their work in production, and the security loop that validates what they change.

That is a much bigger strategy than launching another chatbot.

As an AWS partner, Netsync is looking forward to helping customers turn these capabilities into governed enterprise workflows—not just another round of agent demos.

The Model Is Not the Enterprise System

The AI industry has spent years treating model intelligence as the center of gravity.

Which model reasons better?

Which model codes faster?

Which model has the largest context window?

Those questions still matter.

But the enterprise bottleneck has moved.

Most organizations already have access to capable models. What they do not have is a reliable way to connect those models to fragmented data, business rules, permissions, software pipelines, security processes, and operational feedback.

An agent without that architecture can sound intelligent while making the wrong decision.

It may find the correct table but use the wrong definition.

It may retrieve a policy but miss the exception documented in a team runbook.

It may identify a vulnerability but fail to understand whether the affected component is deployed, reachable, or business-critical.

It may write code quickly while the release pipeline, regression testing, and technical-debt process remain stuck at human speed.

AWS’s announcements address those gaps as one connected system.

The pattern is:

Context → Build → Work → Operate → Secure → Learn

That is the enterprise agent loop.

The AWS agent operating system from organizational knowledge through runtime, work, operations, security, and learning
A governed enterprise agent operating system connects knowledge, runtime, work, operations, security, and learning.

AWS Context: The Organizational Brain Agents Have Been Missing

AWS Context may be the most strategically important announcement.

Coming soon, the service is designed to automatically map relationships across an organization’s existing data into a knowledge graph. Agents can use that graph to navigate data assets, business rules, domain knowledge, and authoritative sources at runtime.

This is different from simply giving an agent access to more documents.

More data does not automatically create better context.

An enterprise agent needs to know:

  • Which source is authoritative
  • How tables and systems relate
  • Which definitions the business actually uses
  • Which filters and join paths are valid
  • What a particular user is authorized to see
  • Which exceptions or usage rules apply

AWS says Context will integrate with AWS Glue Data Catalog, Amazon SageMaker Unified Studio, and AWS Lake Formation. Key metadata is published in Apache Iceberg format in Amazon S3 Tables, allowing customers to query and use that context with compatible tools.

The governance model matters just as much as the graph.

AWS Context is designed to make queries identity-aware. Calls inherit the user’s IAM and Lake Formation permissions, so an agent should only traverse relationships that the calling identity can access. That also creates an audit trail showing what the agent accessed and under whose authority.

This is where enterprise AI starts becoming operational.

The goal is not merely to help an agent answer one question.

The goal is to make the tenth decision better than the first.

As agents use the graph, AWS says Context learns which sources produce correct results, which paths are useful, and which business rules matter. That learning can then benefit other agents across the organization.

In other words, AWS is trying to turn organizational context into a shared, governed asset.

And in the age of AI, context is everything.

That maps directly to what I have described as the learning loop: human knowledge, workflow traces, institutional memory, and AI execution compounding together.

AWS Continuum: Vulnerability Management Becomes a Continuous Agent Loop

AWS Continuum addresses the other side of the agent equation.

If AI can generate more code and discover vulnerabilities at machine speed, security cannot remain a dashboard watched by humans working through an endless queue.

AWS describes the required shift as moving from telemetry and dashboards to telemetry, context, reasoning, and action.

Continuum for code vulnerabilities, currently in gated preview, is designed to work across the full vulnerability lifecycle:

  • Discover: Ingest findings from existing tools and perform additional scanning.
  • Prioritize: Evaluate whether the affected component is deployed, reachable, on a production path, and material to the business.
  • Validate: Attempt to reproduce exploitability inside an isolated sandbox, filtering out false positives before they consume human attention.
  • Mitigate and remediate: Recommend compensating controls, policy changes, network changes, or code patches, then validate the proposed fix.

The important word is not faster. It is continuous.

Traditional vulnerability management is often a series of disconnected handoffs. One tool finds the issue. Another team investigates it. Someone opens a ticket. A developer tries to reproduce it. Security debates the severity. Operations looks for a maintenance window.

Continuum is AWS’s attempt to connect those steps into one evidence-backed loop.

It is also model-agnostic. AWS says the service can use different frontier models where each performs best and incorporate stronger models as they emerge.

That is a smart architectural decision.

Security teams should not be forced to rebuild their operating system every time the model leaderboard changes.

AWS is also introducing Continuum threat modeling in preview, which can generate STRIDE-based threat models from design documents or source code. Existing AWS Security Agent capabilities for penetration testing and code scanning are being brought under the Continuum umbrella, with integrations that include Kiro, Claude Code, MCP, and major source-control platforms.

AWS says trust is graduated. Continuum begins in a learn mode with a human approving recommendations. Organizations can later allow more automated enforcement for defined categories and risk profiles.

That is the right direction.

Autonomy should be earned by evidence, not enabled by enthusiasm.

AgentCore Is the Production Runtime

AWS Context and Continuum are the most distinctive announcements, but Amazon Bedrock AgentCore is the system connecting the broader strategy.

AWS positions AgentCore as the platform for moving agents from proof of concept to production. Its managed harness is now generally available.

Developers define the model, tools, skills, and instructions. AgentCore handles the orchestration loop, tool execution, memory, context handling, and error recovery.

The newly announced capabilities expand that production layer:

  • Managed Knowledge Base handles ingestion, parsing, retrieval, and connectors for sources such as S3, SharePoint, Confluence, and Google Drive.
  • Web Search provides current web information from inside the customer’s AWS environment.
  • Optimization capabilities turn production traces into insights about failures, intent, and agent trajectories, with recommendations and A/B testing.
  • Policy integrations use Amazon Bedrock Guardrails to evaluate actions for prompt injection, harmful content, and sensitive-data exposure.

AWS reported that tasks performed by agents on AgentCore grew 15 times over the previous six months. That is an AWS-reported adoption metric, but it supports the larger point: organizations are moving beyond isolated experiments and need an operating environment for agents that can be observed, evaluated, and improved.

This is something I like to call the AI Factory layer.

It is where the organization defines how agents are created, connected, governed, measured, and promoted into production.

Quick and Kiro Put Agents Into Everyday Work

The enterprise platform only matters if people can use it.

Amazon Quick’s new autonomous agents are designed for background business workflows. A finance agent might process incoming orders. A sales agent could monitor CRM activity, email, and Slack, then draft follow-ups, identify risks, or recommend next steps.

Quick is also adding an activity feed that combines email, messages, calendars, and tasks into a prioritized view, along with 16 new integrations.

The key signal is that these are not question-and-answer assistants.

They are persistent workers with specific expertise, tone, tool access, and recurring responsibilities.

Kiro is pushing the same pattern into software development.

Its new native iOS application allows developers to start, monitor, steer, review, and approve cloud coding sessions from a phone. The coding agent can continue operating in an always-on cloud environment even when the developer’s laptop is closed.

That changes the unit of work.

The developer no longer has to remain inside one chat session, watching every step. The agent can continue the project while the human checks progress and approves important decisions.

DevOps Agent and Transform Close the Software Loop

Generating code faster creates pressure everywhere else in the software lifecycle.

If pull-request reviews, integration tests, release validation, operations, and modernization remain slow, the organization simply moves the bottleneck.

AWS DevOps Agent is adding release-readiness reviews and autonomous release testing. It can analyze a change’s impact, generate change-specific test plans, and run those tests in a production-like environment before the code reaches production.

AWS Transform – continuous modernization addresses the debt that accumulates after software ships. It continuously analyzes portfolios against configurable baselines, identifies outdated or risky components, generates remediation pull requests, validates changes, and learns from previous transformations.

AWS says Transform has already eliminated more than 1.6 million hours of manual effort for customers. That is a vendor-reported number, but the strategic direction is clear.

AI-generated software needs AI-assisted maintenance.

The code agent cannot be the only process moving at machine speed.

The AWS Strategy: Own the Agent Control Plane

AWS does not need to win every model benchmark to win the enterprise agent market.

Its stronger position may be owning the control plane around the models.

  • AWS Context supplies the organizational knowledge.
  • AgentCore supplies the production runtime.
  • Quick and Kiro supply the worker experience.
  • DevOps Agent and Transform supply operational continuity.
  • Continuum supplies the security loop.
  • IAM, Lake Formation, Guardrails, and AWS’s cloud infrastructure supply the governance foundation.

This gives AWS a model-agnostic position while still making the surrounding workflow deeply connected to AWS.

That is the tradeoff enterprise leaders should evaluate.

Model flexibility can reduce dependence on one model provider. But consolidating context, orchestration, governance, operations, and security into one cloud platform can create a different kind of dependency.

That is not automatically bad.

Integrated platforms can reduce complexity, improve observability, and accelerate deployment.

But customers should understand where their institutional knowledge, evaluations, skills, workflow logic, and operational history live, and how portable those assets remain.

What This Means for You

For organizations exploring cloud-based AI agents, the Summit announcements provide a much clearer production blueprint.

Start with business context, not the agent interface.

Identify where authoritative data lives, how systems relate, which rules govern their use, and whose identity an agent should inherit.

Build agents inside a managed operating environment with traces, evaluations, policies, and error recovery.

Connect agents to real workflows, but graduate autonomy based on evidence.

Extend AI across the full software lifecycle, including release validation, maintenance, and security.

Treat cybersecurity as a continuous agent loop—not a backlog that humans will somehow work through faster.

If you want to turn this architecture into a governed enterprise workflow, connect with us at Netsync.

The AWS enterprise agent stack from context and build through work, operations, security, and continuous improvement
The AWS enterprise agent stack: Context, Build, Work, Operate, Secure, and improve the next cycle.

Your AI Action Plan

  1. Map Your Context Layer
    List the data, definitions, business rules, runbooks, permissions, and relationships an agent needs for one high-value workflow. Identify the authoritative source for each.
  2. Choose One Closed-Loop Workflow
    Pick a workflow where the agent can observe, reason, recommend or act, and learn from the outcome. Avoid starting with a broad assistant that tries to do everything.
  3. Separate Read, Recommend, and Act
    Define what the agent may read, what it may recommend, and what it may change. Create explicit approval points for sensitive data, external communication, production systems, financial actions, and security controls.
  4. Build Private Evaluations
    Use real company tasks to test accuracy, permissions, source selection, tool use, recovery from failure, and the quality of finished outcomes. Public benchmarks will not tell you whether an agent understands your business.
  5. Connect Security to the Agent Lifecycle
    Threat-model the agent, test for prompt injection, monitor tool calls, validate code changes, and maintain rollback paths. Security should exist from design through day-2 operations.
  6. Preserve Portability
    Know where your context graph, skills, traces, evaluations, and workflow definitions live. Favor open formats and interfaces where practical so the organization’s learning loop remains an asset the organization controls.

Frequently Asked Questions

What was the biggest AI announcement at AWS Summit New York 2026?

The most strategically important announcements were AWS Context and AWS Continuum. Context creates a governed organizational knowledge layer for agents, while Continuum connects vulnerability discovery, prioritization, validation, and remediation into a continuous security loop.

What is AWS Continuum?

AWS Continuum is an AI-native security platform. Its first gated-preview capability focuses on code vulnerabilities and is designed to discover findings, prioritize them using business context, validate exploitability in a sandbox, and recommend or execute remediation within customer-defined guardrails.

What is AWS Context?

AWS Context is a forthcoming service that maps relationships across enterprise data, business rules, and domain knowledge into a governed knowledge graph that agents can query at runtime.

Is AWS Context just another RAG service?

No. Managed retrieval is part of the broader stack, but AWS Context focuses on relationships, authority, business meaning, identity, usage rules, and shared learning across agents – not just retrieving similar documents.

What does Amazon Bedrock AgentCore do?

AgentCore provides infrastructure for building, deploying, governing, observing, and improving agents. Its harness manages orchestration, tools, memory, context, and error recovery, while additional capabilities provide knowledge, web search, policy enforcement, traces, recommendations, and A/B testing.

What should customers test first?

Start with one bounded workflow that has clear source systems, permissions, expected outcomes, approval points, and measurable business value. Test the entire operating loop rather than evaluating the model in isolation.

The Bottom Line

AWS Summit New York was not primarily about adding more agents.

It was about building the system agents need around them.

Context so they know where to look.

Identity so they know what they may access.

A runtime so they can work reliably.

Operational agents so software can move from idea to production.

Continuous modernization so the new speed does not create a new mountain of technical debt.

And Continuum so security can discover, prove, and remediate risk at machine speed.

The model is powerful.

But the model is only one layer.

The enterprise winners will be the organizations that build the complete loop around it.

About Jason Fleagle

Jason Fleagle is the Head of AI for Netsync and an AI and Growth Consultant working with global brands to help with their successful AI adoption and management. He helps humanize data – so every growth decision an organization makes is rooted in clarity, not confusion. He has overseen the development and delivery of over $50M in digital solutions, driving significant revenue growth and operational efficiency for his clients.

Connect with Jason on LinkedIn to stay updated on the latest in AI, growth strategies, and enterprise technology.

Related AI Pathfinder Resources

References

Originally published on LinkedIn.

About AI Pathfinder

AI Pathfinder is Jason Fleagle’s recurring field note on enterprise AI, agentic systems, AI governance, and the operating models leaders need as AI moves from experiments into real work.

Leave A Comment