What happened
AWS announced (July 14, 2026) that Security Hub now discovers and monitors Microsoft Azure resources alongside AWS, plus three new AI-workload security capabilities: Amazon GuardDuty AI Protection (GA) for Bedrock/SageMaker threat detection including cost-harvesting and prompt-injection detection, GuardDuty AI-powered investigations (preview), and a new Security Hub AI inventory that auto-discovers AI assets (Bedrock, AgentCore, SageMaker, self-hosted models via Inspector SBOM, and third-party API calls via GuardDuty DNS telemetry) at no added cost.
Why it matters
This is a GA launch from the largest cloud provider adding purpose-built detection for AI/agent workload abuse (credential-driven inference cost harvesting, prompt injection) plus organization-wide AI asset visibility — directly closing a blind spot enterprises have flagged as a top AI-security gap.
Applicability
AWS customers running Bedrock/SageMaker/AgentCore workloads and multicloud (AWS+Azure) security teams should evaluate immediately; GuardDuty AI Protection is available now with a 30-day trial, AI inventory ships at no cost.