The Rise of AI in DevOps & Security: AWS Launches Two Agents

Amazon Web Services has launched two AI agents to investigate production incidents and run penetration tests. The company has “aggressively” priced these agents, according to Forbes senior contributor Janakiram MSV, to challenge the staffing economics of traditional DevOps and security.,

There are big implications. Teams will now be evaluating whether routine operations should remain manual at all.

What these AI agents actually do

The new AWS agents are built to handle complex workflows that typically require coordination across multiple tools and teams.

Scarlett Evans of CIODive points out that AI developments have shifted from discovery and experimentation to organization, governance and scale.

Some of the new agents’ core capabilities include:

• Monitoring systems and correlating operational data
• Diagnosing root causes of incidents
• Generating and recommending fixes
• Running continuous security tests
• Producing detailed mitigation plans and investigation outputs

The agents can chain tasks together. For example, they can detect a failure, trace it to a misconfiguration, apply a fix, and validate the result.

This level of autonomy could change how teams think about operations. Instead of reacting to alerts, they can rely on systems that act immediately.

How agentic DevOps plays out in real scenarios

To see the impact, it helps to look at common situations.

Imagine a production outage late at night. Traditionally, this would involve:

• Alerts firing across monitoring tools
• Engineers logging in to investigate
• Manual debugging and patching
• Coordination across teams

With AI agents in place, the flow could look different:

• The agent detects the anomaly
• It identifies the root cause
• It deploys a fix
• It verifies system stability

All of this can happen before a human even checks the alert.

Another example is security testing. Instead of scheduling periodic penetration tests, agents can:

• Scan continuously
• Identify vulnerabilities as they appear
• Attempt safe exploit simulations
• Recommend or apply fixes

This reduces the gap between vulnerability and response.

Cost and efficiency shifts

As recently reported by Forbes, AWS positions these agents with usage-based costs, such as approximately $0.50 per minute for DevOps tasks and around $50 per hour for security testing.

That naturally invites comparison with human labor.

For some teams, there could be practical advantages. Short-term or repetitive tasks may be cheaper to automate, and continuous security testing may be easier to justify. There is also the potential to reduce reliance on external consultants for specific jobs.

But the cost picture is not straightforward. Organizations will need to supervise these systems, configure them, and potentially step in if something doesn’t behave as expected.

A few factors to consider include:

• Ongoing runtime costs as usage scales
• Time spent on setup and integration
• The impact of errors or rollbacks

In other words, the savings will depend on how these tools are used rather than just the pricing.

Why smaller teams may look at this differently

Smaller teams with limited resources generally have the most to gain from automation. AI agents can help cover gaps without requiring a full DevOps or security function.

Many small teams start with manual DevOps practices, handling deployments, monitoring, and fixes directly on a single server without much automation. Instead of complex setups, many teams begin with a cheap VPS, making them possible candidates for lightweight AI agents before adopting enterprise-scale automation.

Smaller teams won’t always have the time to closely monitor autonomous systems, and the impact of a mistake can be more immediate. For some, the simplicity of their current setup may appeal more than adding more automation.

The shift in DevOps roles

As agents take on more execution, engineers are likely to spend less time on routine tasks and more time shaping how systems behave.

This allows teams to focus on architecture, reliability, and long-term improvements instead of firefighting.

But it introduces a different responsibility. Engineers need to review automated actions, define boundaries, and handle situations where the agent can’t resolve an issue on its own.

And if too much work is delegated, teams could lose familiarity with their own systems. That will make it harder to respond when something unexpected happens.

Trust and control

Autonomy is useful, but only if teams are confident in the outcomes.

Even with strong performance, there are still open questions around how decisions are made and how easy they are to trace. When something goes wrong, organizations need to understand what happened and why.

Because of this, some organizations will introduce these agents gradually. That will mean:

• Limiting what agents can change early on
• Keeping human approval for higher-risk actions
• Relying on logs and audit trails for visibility

Trust will come from consistent, long-term results.

Continuous operations come with trade-offs

A possible advantage highlighted in the Forbes article is the shift toward more continuous, autonomous operations. Rather than relying on scheduled checks, these agents can investigate and act on issues as they arise.

This may improve responsiveness and reduce the time it takes to resolve issues. It also allows security testing to happen more frequently, which helps reduce exposure.

However, continuous activity changes how systems behave. More frequent updates and adjustments can make environments harder to track if not managed carefully. Teams need to maintain visibility and ensure that stability is not affected by constant changes.
The benefit is clear enough, but it requires careful implementation.

AWS strategy and the bigger picture

AWS is extending its role beyond infrastructure by offering systems that actively manage operations.

This can simplify things for customers. Instead of stitching together multiple tools, teams can rely on a more integrated approach to monitoring, response, and security.

But it raises longer-term considerations. Relying on a single platform for infrastructure and operations can limit flexibility. Even if agents support multiple environments, control still sits with the provider running them.

For many teams, the trade-off between convenience and independence will be part of the decision.

Where AI agents still fall short

AI agents perform well in structured, repeatable scenarios. That is where they deliver the most value today.

Outside of that, there are still limits. Complex or unusual situations may require human input, and not all environments provide the clean data these systems rely on.

Some of the current gaps include:

• Handling edge cases with limited context
• Operating reliably in highly customised environments
• Explaining decisions in a clear and traceable way

Cultural changes inside teams

Introducing AI agents changes how work is distributed.

There are clear benefits – chiefly reducing manual workload and speeding up routine processes. Engineers can spend more time on planning and improving systems rather than reacting to issues. Satya Nadella, CEO of Microsoft, has predicted that AI agents will be the “primary way we interact with computers”.

And there will likely be new, or different, roles. Daniel O’Sullivan, senior director analyst at Gartner, has said the integration of AI agents could mean more human employees focus on AI management.

There will be an adjustment period. Moving from hands-on work to oversight can feel unfamiliar, and some team members may be cautious about relying on automated decisions.

Clear roles and expectations could help make this transition smoother.

What the next few years could look like

AI agents are likely to become a regular part of DevOps and security workflows, but not in isolation.

A mixed approach is more likely. Agents will handle routine and repeatable tasks, while engineers focus on design, oversight, and more complex scenarios.

As the technology improves, the balance may shift, but full autonomy is unlikely to happen all at once.

Managing agent sprawl

Some organizations are concerned with agent sprawl. Different teams are building and deploying their own agents, often for similar tasks, without a shared system to track or manage them.

AWS is responding to this with a Bedrock Agent Registry, designed to act as a central catalogue for AI agents within an organisation. Instead of agents being scattered across projects and environments, they can be registered in one place where teams can discover, reuse, and govern them.

It also supports reuse. Rather than teams building similar agents from scratch, existing ones can be shared across departments, reducing duplication and helping standardise workflows.

As more agents are introduced, there are questions around ownership, permissions, and duplication. A central registry is designed to address this by making it clearer which agents exist, what they do, and who’s responsible for them.

It will natively index and manage agents within AWS environments, but manual registration will likely be needed when integrating external or on-prem agents, according to Gaurav Dewan, Avasant research director. Per InfoWorld, Dewan noted that this limitation of the service may introduce the risk of registry sprawl across hyperscalers. Enterprises using AWS, Google, and Microsoft registries simultaneously could recreate the fragmentation the tools were meant to solve.

Takeaways

The AWS news suggests real progress, particularly in pricing and the ability to automate complex operational work.

Adoption will partly depend on how these systems perform in practice. Cost, control, and reliability will play a role in how widely they’re used.

For most teams, the next step is practical testing. Starting with defined use cases and building from there will give a clearer sense of where AI agents fit into existing workflows

ZeroGPT AI detector: