Amazon Web Services announced general availability of its first two “frontier agents” on April 6: AWS DevOps Agent for autonomous incident resolution and AWS Security Agent for on-demand penetration testing. Both agents operate across AWS, multicloud, and on-premises environments without continuous human oversight, according to the AWS Machine Learning Blog.

The agents were first introduced as a concept at re:Invent 2025. GA status marks AWS’s bet that autonomous operational agents are production-ready for enterprises.

DevOps Agent: 75% Lower MTTR in Preview

AWS DevOps Agent autonomously investigates incidents by correlating telemetry, code, and deployment data across an organization’s entire stack. It integrates with CloudWatch, Datadog, Dynatrace, New Relic, Splunk, and Grafana for observability, and with GitHub, GitLab, and Azure DevOps for code and CI/CD pipelines, according to the AWS announcement.

Preview customers reported up to 75% lower mean time to resolution (MTTR), 80% faster investigations, and 94% root cause accuracy, supporting 3 to 5x faster incident resolution overall, per AWS.

Western Governors University was among the first organizations to deploy DevOps Agent into production, doing so ahead of the preview launch at re:Invent. During a recent production investigation, WGU’s SRE team used the agent to analyze a service disruption, reducing total resolution time from an estimated two hours to 28 minutes, a 77% improvement. The agent pinpointed the root cause within an AWS Lambda function configuration, surfacing operational knowledge that had previously existed only in undiscovered internal documentation, according to AWS.

United Airlines and T-Mobile are also using DevOps Agent to accelerate incident response at scale, per the AWS News Blog.

Security Agent: Weeks of Pen Testing in Hours

AWS Security Agent performs autonomous penetration testing by ingesting source code, architecture diagrams, and documentation, then identifying vulnerabilities and attempting to exploit them with targeted payloads and attack chains. The approach mirrors human penetration testers but operates 24/7 at a fraction of the cost, according to AWS.

HENNGE K.K. reported that Security Agent “allows us to rapidly accelerate our security lifecycle, reducing the typical testing duration by more than 90%.” Bamboo Health said the agent “surfaced findings that no other tool has uncovered,” per AWS.

“I’m excited by how a frontier agent like AWS Security Agent is transforming critical workflows for our customers,” said Amy Herzog, Vice President and CISO at AWS. “We’re using Security Agent ourselves at AWS,” according to the AWS announcement.

The Frontier Agent Framing

AWS defines frontier agents as systems that work independently across multiple steps, scale to handle concurrent tasks across an entire portfolio, and run persistently for hours or days to complete workflows. That framing positions these agents not as copilots or assistants but as autonomous team members that own outcomes end to end, according to the AWS blog.

The pricing implications are significant. Organizations that currently limit manual penetration testing to a few critical applications per quarter due to cost can now run continuous testing across their entire portfolio. DevOps teams that staff on-call rotations for incident response face a new calculus when an agent can resolve incidents in 28 minutes with 94% accuracy.

AWS confirmed that DevOps Agent and Security Agent are “just the beginning” of its frontier agent strategy, with more agents and tools for building custom frontier agents under development, per AWS.