AWS Continuum: Enabling Agentic Code Security for Enterprises

AWS Continuum is a new integrated security platform designed to automate vulnerability management, penetration testing, and threat modeling across enterprise applications and infrastructure. According to AWS, the platform leverages agentic capabilities to discover, prioritize, and remediate security issues, drawing on internal operational lessons from Amazon.com and AWS security teams.

Core Capabilities of the AWS Continuum Platform

The platform functions through four primary agentic pillars aimed at the entire vulnerability lifecycle. Chet Kapoor, vice president of search, security, and observability at AWS, states that Continuum is built upon the security practices used to protect the company’s own internal infrastructure.

Core Capabilities of the AWS Continuum Platform
  • Penetration Testing and Code Review: These features, originally introduced under the AWS Security Agent banner, allow teams to trigger on-demand security testing or integrate scans directly into CI/CD pipelines.
  • Threat Modelling: This tool analyzes application architecture to generate system overviews and identify potential attack vectors. It provides actionable recommendations categorized by severity and STRIDE classification.
  • Code Vulnerabilities: This component uses a model-agnostic approach to scan a company’s full environment—including network topology, permissions, infrastructure, and even unstructured data like internal documentation.

Did you know?

The “code-vulnerabilities” capability operates in four distinct phases: discovery, prioritization, validation, and mitigation and remediation. By creating functional exploit examples in a sandboxed environment, the service aims to reduce false positives by providing real-world evidence of a vulnerability.

The Challenge of Tool Consolidation

While the platform introduces new automation, the rollout has prompted questions regarding service overlap. AWS serverless hero Yan Cui noted in a LinkedIn post that the rebranding of AWS Security Agent features into “Continuum” creates potential confusion for developers. Because the original Security Agent product page remains active and continues to receive updates—including recent additions like Claude Code plugins—users face uncertainty regarding which service path to prioritize for their applications.

AWS has opted for deep integration within its own ecosystem, a strategy that contrasts with Google’s approach. Google AI Threat Defense focuses on cloud-agnostic compatibility, allowing security teams to run scans across diverse multi-cloud environments.

Graduated Trust and Remediation Strategies

A key feature of the Continuum platform is its “graduated trust model.” This allows security teams to define the level of autonomy granted to the AI agent during the remediation process. Based on user-defined risk profiles, teams can choose whether the tool should automatically apply patches, suggest policy changes, or simply provide visibility into the “blast radius” of a potential fix.

AWS Summit New York 2026: Holger Mueller's Key Takeaways on Agents, Continuum, and Context

Currently, the availability of these tools is staggered. Penetration testing and code review are generally available with established pricing models. Threat modeling is currently in preview, while the comprehensive code-vulnerabilities feature is restricted to a gated preview, requiring interested users to request access.

Frequently Asked Questions

What is the primary difference between AWS Continuum and AWS Security Agent?

Continuum is an integrated platform that includes penetration testing and code scanning, features previously housed under the AWS Security Agent. As of now, both names exist in the AWS ecosystem, which has led to questions regarding long-term consolidation.

Frequently Asked Questions

Can AWS Continuum automatically fix my code?

The platform provides recommendations for corrections, such as code patches or policy changes. Through a “graduated trust model,” users decide how much autonomy the tool has to enforce these changes versus providing them as suggestions for manual review.

How does the platform reduce false positives?

The service attempts to validate vulnerabilities by building functional exploit examples within a sandboxed environment. This provides evidence that a vulnerability is reachable and impactful, rather than relying solely on theoretical risk assessments.


Are you managing security across a multi-cloud environment? Subscribe to our newsletter for deep dives into the latest cloud security developments and architectural best practices.

Leave a Comment