AI agents are already being put to good use by cybersecurity teams at Amazon, according to AWS CISO Amy Herzog, with the tech giant ramping up in-house adoption of its own agentic solutions.
Speaking during a panel session at the company’s re:Invent conference last week, Herzog told attendees she’s “optimistic about what a boon this will be for defenders”, later telling ITPro that agents are helping to reduce workloads and streamline processes.
Responding to critical vulnerability exploits (CVEs), for example, is a prime area in which agents are helping reduce manual toil, Herzog noted. This has traditionally been a laborious process, especially given the volume of CVEs on an annual basis and Amazon’s need to shore up a myriad of networks, platforms, and solutions.
“Analyzing CVE changes or updates is a thing my team has to do at scale,” she told ITPro. “In particular, we have to combine the kind of massive scale, the number of CVEs in a year, with the scale of the AWS network that we need to evaluate.”
“There's tiers of analysis of these, starting with fully automated and then we get into deeper human interaction. We sort of funnel them right,” Herzog explained. “And [with] the deeper human interaction we can cover so much more.
So far, Herzog noted there has been a “500% increase” in the company’s ability to “piece together information” for security teams on this front.
This marks a step change in efficiency for security practitioners, and with agents, teams are able to lower manual activities and focus on the aforementioned “deeper human interactions”.
It’s the cybersecurity equivalent of the “focusing on more rewarding aspects of your role” talking point frequently touted by providers. In this instance, however, the company has tangible examples of the technology actually delivering on promises.
“Outside of response scenarios, we’re seeing a similar pattern of benefit to our workers, where they've got a task to do, it involves some amount of piecing together information and stitching it together and understanding of richer context that used to be quite manual and somewhat painful in many cases, especially for our responder teams,” she said.
“Now the agents can help prepare the information that they need to take that high judgment human action with a lot less toil. They're making the humans more effective and having to do less of the kind of toil stitching together work that it's the bread and butter of a security job.”
AWS is all-in on agentic AI
Herzog’s comments came off the back of a week filled with agentic AI announcements by AWS, with the company doubling down on this latest iteration of the technology.
The launch of powerful new “frontier AI agents” were among the big talking points of the week, with agents aimed specifically at security operations and software development announced by CEO Matt Garman.
As ITPro reported, the AWS Security Agent looks to bolster security capabilities for developer teams, working in-tandem alongside dedicated DevOps and Kiro coding agents to streamline the software development lifecycle.
From initial production projects to launches, AWS wants customers to embed agents across workflows to drive efficiency.
An agentic AI paradox
Herzog wasn’t alone in highlighting the gains security teams are unlocking with agentic AI. Hart Rossman, VP for Office of the CISO at AWS, also told ITPro the company has had a “security responder agent” in production for some time now.
In the case of a responder receiving a signal, evidence, or a ticket, Rossman said cyber practitioners could ask the agent “a question or two to develop some context” and speed up response times.
While the agent has proved effective on this front, it did highlight somewhat of a paradox. The responder agent has streamlined processes for security teams, but Rossman revealed testing showed these gains were offset by the sheer interest in the tool’s capabilities.
Simply put, users found themselves asking more questions than needed, thereby slowing down processes – albeit marginally.
“What we found was that they actually spend time to ask, on average, 11 questions of the bot because it was so compelling. One question led to another question, and then [after] around 10 or 11 questions they would kind of go back to their workflow,” Rossman told ITPro.
“So on one hand, we were excited that they were seeing the value in the agentic solutions, but on the other hand we said, well now that’s created a little bit of an inefficiency itself,” he added.
Fine-tuning of the tool, and how cybersecurity professionals use it in daily operations, has resulted in significant improvements, Rossman revealed.
“We really don't want them asking 11 questions of the bot. We now want to take that feedback and say, can we get them the same result in two questions,” he said.
“So we’ve been on that journey and it’s dramatically reduced the time to get from initial signal to plausible courses of action, to remediate, and then correction or root cause analysis.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
What is Microsoft Maia?
If Satya Nadella wants us to take AI seriously, let’s forget about mass adoption and start with a return on investment for those already using it
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move on
LastPass issues alert as customers targeted in new phishing campaign
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public services
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struck
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radar
Supply chain and AI security in the spotlight for cyber leaders in 2026
Veeam patches Backup & Replication vulnerabilities, urges users to update
Amazon says Russian-backed threat groups were responsible for five-year-long attacks on edge devices – and it shows a ‘clear evolution in tactics’
