What happened
At AWS Summit New York on June 17, 2026, AWS launched Continuum — a family of AI security agents covering penetration testing (GA), code scanning (Preview), threat modeling (Preview), and a new code-vulnerability agent (Gated Preview) that autonomously discovers, validates, prioritizes, and remediates exploitable vulnerabilities in a sandboxed environment. The existing AWS Security Agent (announced at re:Invent 2025) is folded into Continuum. The system graduates customers from a supervised 'learn mode' to an autonomous 'enforce mode', is model-agnostic (uses multiple frontier models including Claude Mythos), and integrates with GitHub, GitLab, Bitbucket, IDEs via MCP, and CI/CD pipelines.
Why it matters
AWS is entering the agentic vulnerability-management market directly alongside Microsoft MDASH and Google CodeMender, bringing hyperscaler scale and deep AWS infrastructure context. The code-vulnerability agent's four-phase loop (discover → prioritize → validate in sandbox → remediate) is the most complete autonomous security pipeline announced at hyperscaler scale; automated threat modeling from source code is a notable addition not commonly offered at this tier.
Applicability
AWS customers with large vulnerability backlogs should register for the Gated Preview of Continuum for Code Vulnerabilities immediately; teams using Kiro or Claude Code can integrate via MCP. Security architects should evaluate the learn→enforce governance model before granting autonomous remediation rights.