Skip to main content

AI Agents & What It Means for Cloud Architects

Over the past decade, we’ve moved from virtual machines → containers → serverless → event-driven systems . Now, we’re entering the next architectural wave: AI Agents . AI Agents— autonomous systems capable of reasoning, planning, and executing multi-step actions—are rapidly becoming the backbone of modern enterprise automation . But this shift is not only about AI models. It’s about how cloud architecture must evolve to support intelligence that executes real actions across distributed systems. This edition of Architecture Briefings explores what Cloud Architects need to know right now.     🔍 What Are AI Agents? Traditional AI → predicts or answers questions. AI Agents → think, plan, decide, execute, and iterate. They can: Break a goal into smaller tasks Call APIs, databases, workflows, or tools Observe the output, re-plan, and take next steps Execute long-running operations autonomously Work across cloud services, apps, and environments This make...
1 comment

Advanced AWS Security in 2025: What’s New, and How to Use It

 


Expanded Threat Detection with GuardDuty Extended Threat Detection

AWS has significantly enhanced Amazon GuardDuty with Extended Threat Detection (XTD). This update brings new, powerful detection capabilities for highly sophisticated, multi-stage attacks — especially in containerized environments.

Container Protection for EKS: GuardDuty can now analyze EKS audit logs, runtime process data, and AWS API activity. This means it can flag complex attack patterns such as a privileged container being deployed, followed by persistence attempts, cryptomining, or reverse-shell activity.  

AI / ML-based Correlation: GuardDuty uses AI / machine learning to correlate disparate threat signals and present them as attack sequence findings. These findings come with MITRE ATT&CK mappings and remediation recommendations, making them more actionable.  

Protection Plans: There are advanced threat coverage plans for S3, EKS, Lambda, EC2, and more.  


How to Use It:

Enable GuardDuty (if not already) across your AWS accounts.Opt in for the Extended Threat Detection plan.Configure your EKS clusters and ensure audit logging is enabled.Use GuardDuty Findings → feed into AWS Security Hub or your incident response pipeline.Automate response using EventBridge + Lambda, for example: when a “crypto-mining” finding happens, trigger isolation or further investigation.


Agentic AI Identity — AgentCore Identity for Secure Agent Access

With the rise of agentic AI (AI agents deployed on AWS), identity management is a critical challenge. AWS has addressed this via Amazon Bedrock AgentCore Identity.

Agent Identity: Every AI agent gets its own unique identity. This means agents are treated as first-class identities in your security architecture — not just “bots” masquerading as users.  

Dual Authentication Model:

Inbound authentication: Agents validate requests from users using OAuth 2.0, SigV4, or JWT.  

Outbound authentication: When an agent needs to call external tools (e.g., GitHub, Slack), it retrieves tokens/keys from a secure token vault.  

Token Vault Security: Credentials (OAuth tokens, API keys) are stored encrypted (via KMS), scoped per agent and user, and are not shared broadly.  

Auditability: Every action by an agent can be logged via CloudWatch. This gives transparency into agent behavior and helps with compliance.


How to Use It:

Use AgentCore SDK to register and configure your agent identity.Define which tools your agent can call (via AgentCore Gateway) and set up authorization rules.Configure a secure token vault to store required credentials.Hook into your existing identity provider (Cognito, Okta, Entra ID) for consistent auth flows.Enable CloudWatch logging + dashboards to monitor agent activity and identity events.


Identity Security Posture with AI: Saviynt + Amazon Q

AWS has partnered with Saviynt, a leading identity-security provider, to bring AI-driven identity governance into deep integration with Amazon Q.

AI-Driven Identity Governance: With this integration, you get real-time identity insights in Amazon Q. That means anomalous access patterns, privilege creep, and shadow identities can be surfaced and remediated with intelligence.  

Unified View: Teams can see identity events, access tickets, and policy changes across systems (ServiceNow, GitHub, etc.) in one place.  

Dynamic Access Decisions: Because it’s AI-powered, decisions about access can be both more accurate and more context-aware — reducing over-permissioning and improving audit posture.  


How to Use It:

Integrate Saviynt Identity Cloud with your AWS environment.Enable its features in Amazon Q so that identity data flows in real time.Set alerting and policy automation — for example, flag users who haven’t used an identity for a long time, or auto-remediate over-privileged roles.Use the AI-driven insights to drive least-privilege and zero-trust policies.


Secure AI Workloads: CrowdStrike + Agentic AI on AWS

With more organizations using AI agents and LLMs in their workloads, securing these generative AI workflows is crucial. AWS is enabling this via CrowdStrike’s security stack.

Falcon-MCP: A plug-and-play server that connects AI agents to Falcon telemetry (detections, behavioral data, threat intelligence) using the Model Context Protocol (MCP).  

AI Red Team Services: CrowdStrike now offers red-teaming for AI systems — identifying model vulnerabilities, potential data leaks, and risks like unauthorized code execution.  

End-to-End AI Security Posture: With this integration, you can secure AI workloads (e.g., in SageMaker), during build, runtime, and deployment.  


How to Use It:

In AWS Marketplace, deploy falcon-mcp from CrowdStrike.Integrate your agentic AI workflows (via AgentCore) with the MCP server to stream telemetry.Run AI Red Team assessments before productionizing your agents or LLMs.Use threat intelligence + behavior data from Falcon to continuously monitor AI agents for anomalies.Automate incident response: e.g., if an AI agent behaves suspiciously, trigger isolation or sandboxing.


Zero-Trust Network Protection: Improvements to AWS Shield

At re:Inforce (recent AWS security event), AWS announced new enhancements to AWS Shield to proactively map and secure your network’s attack surface.

Resource Mapping: Shield now maps your security resources and identifies misconfigurations that could lead to DDoS or SQL injection vulnerabilities.  

AI-powered Guidance: You can now get AI-driven recommendations (via Amazon Q) to fix security misconfigurations.  

Enforced MFA for Root: AWS is enforcing 100% MFA for root users across accounts as a part of its stronger-than-ever default security posture.  


How to Use It:

Review your Shield dashboard and resource map to identify weak points.Use the Q-powered recommendations to prioritize remediation.Ensure that root access across all accounts has MFA enforced.Automate shielding of critical endpoints / frequently attacked resources.


🔍 Why These Matter

Agentic AI + Identity Security: As AI agents become integral to business processes, managing their identities securely is mission critical.

Sophisticated Threat Detection: Multi-stage threats in container workloads are no longer hypothetical—GuardDuty XTD brings real, actionable visibility.

AI Workload Risk: Generative AI systems bring novel attack vectors; integrating security tools like CrowdStrike from code to runtime is key.

Zero-Trust Everywhere: Proactive network mapping + enforced MFA sets a strong security foundation.



⚙️ What You Should Do Next (Action Items)

Audit your current AWS security posture: Do you have GuardDuty? Are all accounts covered?Prototype AgentCore Identity for any AI agents you’re building.Engage with a security partner like CrowdStrike if you’re running generative AI workloads.Enable Shield’s new protection and leverage AI-based guidance for hardening.Monitor using CloudWatch + Security Hub; build response playbooks for GuardDuty findings.


Comments

Post a Comment

Popular posts from this blog

JSON vs TOON: The Next Evolution of Data Interchange Formats

    Modern architectures rely heavily on structured data formats — and for over a decade, JSON has dominated APIs, logs, configuration, and event systems. But in 2025, a new format is gaining attention: TOON (Typed Object Oriented Notation) . TOON addresses some of JSON’s biggest limitations by introducing native types, schema predictability, compactness, and agent-friendly structure , making it highly suitable for AI-driven systems . Below is a simple visual explanation:   🆚 JSON vs TOON — Structure Comparison (Explained)     JSON Example { "name": "Ravi", "age": "30", "premiumUser": "false" } ❗ Data types are ambiguous → Everything is a string by default ❗ APIs must validate types manually ❗ Parsing is slow for AI agents that require precise types ❗ Less compact, not optimized for machine autonomy TOON Example { name: String("Ravi"), age: Int(30), premiumUser: Bool(false) } ✔ Explicit, strongly-type...
Post a Comment
Read more

Agentic AI meets AWS - The future is here

  Over the past year, AI has moved from simple prompts to fully autonomous agents capable of planning, reasoning, and executing multi-step tasks. This evolution— Agentic AI —is shaping the next generation of cloud architectures, and AWS is positioning itself right at the center of this shift. 🌐 What Is Agentic AI? Agentic AI refers to AI systems that: • Plan actions based on goals • Retrieve information and tools needed • Execute workflows independently • Monitor and refine results • Collaborate with other agents or humans It’s no longer just “Give me an answer.” It’s “Here’s my goal. You figure out the steps.” Think of it as adding a brain + decision-making ability on top of LLMs. ⸻ 🔥 What’s New From AWS in Agentic AI? Amazon Agents for Bedrock AWS recently introduced Amazon Agents, a framework that allows developers to build agentic applications using Bedrock foundation models . These agents can: • Interpret user queries • Break down tasks ...
1 comment
Read more