Securing Applications at Machine Speed with AWS Continuum
10:45 - 11:15
Frontier AI models have collapsed the attacker's timeline. A newly disclosed vulnerability becomes a working exploit in minutes, and AI-assisted coding tools are shipping new application code faster than any security team can review it. The result is a widening gap: attackers now operate at machine speed while defenders are still finding and fixing issues by hand. The queue grows faster than anyone can clear it. This session makes the case that defending modern applications is no longer a problem you can staff your way out of — it requires agentic capabilities that reason about your application the way an attacker does, at the same speed. We'll look at why traditional tools fall short: SAST sees code but not context, DAST sees runtime but not root cause, SCA sees dependencies but not your code, and manual penetration testing is thorough but doesn't scale. None of them chain vulnerabilities across layers the way a real adversary — or an AI agent — can. We'll then walk through how AWS Security Agent, now part of AWS Continuum, closes that gap by bringing proactive, AI-powered security across the full development lifecycle: evaluating designs against your security requirements before code is written, reviewing pull requests as they're opened, and running on-demand penetration tests that discover and chain validated, reproducible vulnerabilities in hours instead of weeks. You'll see how the agent learns your application's context, plans attacks specific to it, and adapts in real time — and how Continuum extends that same reasoning into prioritization and remediation, all within guardrails you define.
Cloud Security & Compliance
Where
Akvárium
Workshops
11:45
AWS Security Agent: Get started with AI-powered proactive AppSec
11:45 - 13:15
Security reviews and penetration testing are critical but often create bottlenecks that slow down development teams. AWS Security Agent changes this dynamic by bringing AI-powered, proactive application security directly into the development lifecycle — from design through deployment. In this hands-on workshop, participants will set up and use AWS Security Agent to enforce organizational security requirements across design documents, code reviews, and live applications. You'll define security standards once — approved libraries, logging policies, data access controls — and see how the agent continuously validates your work against those standards, providing actionable guidance when it detects violations. You'll also experience how AWS Security Agent transforms penetration testing from a periodic, resource-intensive exercise into an on-demand capability. By providing target URLs, authentication details, and application context, the agent develops deep understanding of your application and executes sophisticated attack chains to discover real vulnerabilities. What you'll do: Set up an instance of AWS Security Agent
Run AI-powered penetration testing against a provided endpoint and validate the results
Define custom organizational Security Requirements and apply them to the agent
Use the agent to review architectural design documents for security compliance
Integrate the agent into a GitHub pull request workflow for automated code security review
Who should attend: Software developers, DevSecOps engineers, and security engineers looking to shift security left and reduce friction between development velocity and security rigor. What you'll take away: Practical experience using AWS Security Agent to automate security enforcement across your SDLC — enabling your teams to ship faster without compromising security posture.