AWS eyes AI-powered code remediation in Amazon CodeWhisperer update

A photo of the AWS logo (the letters "AWS" with a curved arrow beneath moving from left to right) in white on a black wall, and lit by a spotlight. Closer to the camera and out of focus, a conference crowd is sat.
(Image credit: Getty Images)

Amazon CodeWhisperer users will now be able to leverage AI-powered code remediation tools as part of a raft of updates to the coding assistant. 

The updates, unveiled ahead of AWS re:Invent 2023, will enable generative AI-powered code suggestions to help users remediate security and code quality issues.

AWS said the feature roll-out is part of a concerted focus to weed out hard-to-find security vulnerabilities that typically evade built-in security scans.

Built-in security scanning is performed to detect common issues, such as log injection risks or exposed credentials.

“These new enhancements to Amazon CodeWhisperer help to enable faster and more efficient software development by offloading undifferentiated work and delivering more automation, security, efficiency, and accelerated code delivery for customers, and provides this support in more places where developers love to work,” the firm said in a statement.

Supercharging security with Amazon CodeWhisperer

As part of the feature update, CodeWhisperer code suggestions will automatically remediate identified vulnerabilities. 

During the scanning process, users will be presented with code suggestions that can be easily accepted to close vulnerabilities. The feature will be specifically tailored to users’ application code, AWS said, enabling users to "quickly accept fixes with confidence”.

Amazon CodeWhisperer code remediation suggestions example image

(Image credit: AWS)

In a blog post, AWS’ Irshad Buchh said the tool will improve developer productivity by reducing the burden of manual code reviews, allowing them to focus on alternative tasks in their daily workflow.


A whitepaper from AWS on how to put machine learning in to production, with image of man with glasses at a workstation

(Image credit: AWS)

Read how organizations are accelerating the training and deployment of machine learning models at scale.


Generative AI-powered code suggestions speed up the process of addressing security issues, so you can focus on higher-value work instead of manually reviewing code line by line to find the correct solution,” he said.

Security scanning in CodeWhisperer is already available for Java, Python, and JavaScript. Code suggestions to remediate vulnerabilities will be available for all three languages.

Infrastructure as Code announcements

In addition to AI-powered security scanning capabilities, CodeWhisperer will also offer support for Infrastructure as Code (IaC). 

This will apply to AWSCloudFormation (YAML, JSON), AWS CDK (Typescript, Python), and HashiCorp Terraform (HCL).

Buchh said the update will streamline efficiency of IaC script development, enabling devs and DevOps teams to “write infrastructure code seamlessly”.  

With support for multiple IaC languages, CodeWhisperer promotes collaboration and consistency across diverse teams,” he said. “This marks a significant advancement in cloud infrastructure development, offering a more streamlined and productive coding experience for users.”

CodeWhisperer is coming to Visual Studio

CodeWhisperer is also now available in Visual Studio 2022 in a preview, AWS confirmed. 

The integration of the coding assistant within Visual Studio will enable developers to build applications faster by drawing on real-time code suggestions for C#, the firm said.

This roll-out will automatically flag code suggestions that resemble publicly available code, the firm said. This will include insights on repository URLs and licenses if code is highlighted as similar to public code.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.