What happened
At AWS Summit New York on June 17, 2026, AWS launched Continuum — a family of AI security agents covering the full vulnerability lifecycle: discovery, prioritization (via context graph), validation (sandbox-proven exploitability), and remediation. Penetration testing is GA; code scanning, threat modeling (auto-generates STRIDE models from code/docs), and code vulnerabilities are in preview/gated preview. The former AWS Security Agent is rebranded and absorbed into Continuum. Kiro IDE and MCP integrations are included. It operates in Learn Mode (human-in-loop) graduating to Enforce Mode.
Why it matters
AWS enters the autonomous vulnerability remediation market directly (alongside Microsoft MDASH and Google CodeMender), bringing hyperscaler-scale compute and model-agnostic architecture to a problem that is outpacing human responders. The gated preview for code vulnerabilities is the most significant new capability — it closes the full discover-to-patch loop without human handoffs.
Applicability
AWS customers with security backlogs and DevSecOps teams should request gated preview access now; pen-test GA is immediately usable; security architects evaluating agentic vulnerability management platforms should benchmark against CrowdStrike and Microsoft offerings.