Security teams using Amazon Web Services (AWS) infrastructure now have access to a new Amazon-made platform to manage the whole lifecycle of code vulnerabilities from discovery to remediation.
The Seattle-based tech giant launched AWS Continuum among a wave of announcements at AWS Summit New York on June 17, including new AI models and AWS Context, a knowledge graph that gives agents access to the context they need to do their best work.
The AWS Continuum platform, available in gated preview, has access to an organization’s full environment, including structured data already living in AWS and unstructured data, such as documents, communications and business priorities.
Continuum offers four capabilities:
- Code vulnerability discovery: Continuum starts by ingesting the existing backlog of vulnerabilities and performing its own vulnerability scan of the environment
- Code vulnerability prioritization: Continuum uses context to evaluate, enrich and prioritize every finding and provides an evidence-backed list of priorities
- Code vulnerability validation: Continuum validates findings to surface false positives, provides additional context relevant to the users and constructs working exploit examples in a sandboxed environment
- Code vulnerability mitigation and remediation: Continuum assesses existing defenses around a validated issue, including blocking and compensating controls along with detection mechanisms. It then draws on its understanding of the codebase, context and findings to recommend mitigation or remediation of the vulnerability with a network change, policy change or code patch
AWS noted that Continuum always starts “in learn mode” with a human in the loop.
“Every recommendation includes the reasoning behind it. As you gain confidence, you can graduate Continuum to enforce mode, enabling remediation that can be increasingly automated based on categories and risk profiles you define,” the company said in a public statement.
The Continuum platform also includes AWS Security Agent, an agent powered by frontier AI models that helps software developers and security engineers do penetration testing, code scanning and threat modelling, with output results provided in the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege (STRIDE) format. These features will now be called Continuum pen testing, Continuum code scanning and Continuum threat modelling.
AWS explained the launch of Continuum was motivated by the “urgent need for a shift” in security workflows.
“The operating model that served us for the past decade (collect telemetry, store it, query it, build dashboards to watch it) is no longer keeping pace. We need to shift to the new world: telemetry, context, reasoning and actions,” the company warned.
“The latest cybersecurity frontier models further made this shift urgent. Models like Claude Mythos can now find software vulnerabilities and reason through complex attack paths at machine-speed, leading to an exponentially increasing backlog of vulnerabilities.”
AWS confirmed customers across financial services, automotive and technology were already using the Continuum platform.
Image credits: aileenchik / Shutterstock Gen AI / Shutterstock.com
Read now: Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats
