New digital workforce: AWS unveils autonomous 'Frontier Agents'

Amazon Web Services (AWS) announced a new category of artificial intelligence (AI) workers called Frontier Agents at its re:Invent conference on 2 December 2025. These agents represent a fundamental shift from traditional AI assistants by operating autonomously, managing complex projects over extended periods, and working as scalable, goal-driven extensions of human development teams.

The initial rollout focuses on three specialised areas within the software development lifecycle: the Kiro autonomous agent for development, the AWS Security Agent for application security, and the AWS DevOps Agent for operational excellence.

Defining the Frontier Agent

AWS designed Frontier Agents after observing three key insights from its internal development teams:

1. Goal-driven autonomy: Teams found the most value when they directed agents toward broad, high-level goals instead of constantly supervising small, individual tasks.

2. Scalability: The speed of development correlated directly with the number of agentic tasks that teams could run simultaneously.

3. Independence: The longer an agent could operate without human intervention, the better.

These observations led to the three defining characteristics of a Frontier Agent:

• Autonomous: Teams provide a high-level goal, and the agent independently determines the steps, plans, and execution required to achieve that outcome.

• Scalable: The agents can perform multiple tasks in parallel and distribute work across several agents to meet the demand of a growing application portfolio.

• Independent: They maintain context and operate continuously for hours or days without requiring constant human check-ins or supervision.

Kiro Autonomous Agent: The virtual developer

The Kiro autonomous agent functions as a virtual developer, aiming to reduce the friction often associated with managing multiple coding tools. While existing AI coding tools accelerate specific tasks, they still require a human to maintain context across sessions, coordinate changes across different code repositories, and stitch together information from tickets and chats. Kiro seeks to eliminate this "human thread."

As a virtual team member, Kiro maintains persistent context across work sessions and learns from team feedback and pull requests over time. It connects to common team tools like Jira, GitHub, and Slack, building a collective, shared understanding of the team's codebase, architecture, and standards.

Developers assign a task, such as triaging a bug or improving code coverage, directly in GitHub. Kiro then figures out the necessary steps, which can span multiple repositories, and shares the final output as proposed edits and pull requests for the human team to review. This allows human engineers to focus on higher-priority, uninterrupted work.

AWS Security Agent: Proactive security from design to deployment

The AWS Security Agent acts as an on-demand virtual security engineer, shifting the security focus from reactive measures to proactive prevention throughout the entire development lifecycle.

The agent embeds deep security expertise directly into the development workflow:

• Proactive review: It reviews design documents and scans pull requests against specific organisational security standards, preventing vulnerabilities before they become code.

• Tailored standards: Security teams define their organisation's specific security policies once. The agent then automatically validates compliance across all applications, moving beyond generic security checklists.

• On-Demand penetration testing: The agent converts the slow, resource-intensive process of penetration testing into an on-demand capability. It conducts comprehensive, context-aware testing that can scale across an entire application portfolio. For validated findings, the agent provides remediation code to quickly fix the identified issues.

SmugMug, a Software-as-a-Service platform, utilised the Security Agent and saw penetration tests complete in hours instead of days. Andres Ruiz, a staff software engineer at SmugMug, reported the agent caught a business logic bug that existing tools had missed, highlighting the agent’s ability to contextualise information and uncover sophisticated vulnerabilities.

AWS DevOps Agent: Operational excellence and incident prevention

The AWS DevOps Agent joins the team as a virtual operations expert focused on increasing application reliability and performance. Its primary function is moving operations from constant incident firefighting to continuous, data-driven improvement.

When an incident occurs, the agent immediately initiates anautonomous response:

• Root cause analysis: It uses its knowledge of the application's components and their relationships to find the root cause. The agent learns from observability tools like Amazon CloudWatch, Datadog, New Relic, and Splunk, as well as runbooks, code repositories, and CI/CD pipelines. It correlates telemetry data, code, and deployment information to precisely pinpoint the source of the problem, reducing the Mean Time to Resolution (MTTR).

• Proactive prevention: By analysing patterns across historical incidents, the agent provides targeted recommendations to strengthen four key areas: observability, infrastructure optimisation, deployment pipeline enhancement, and application resilience. This uses untapped operational data to improve recovery times.

Commonwealth Bank of Australia tested the DevOps Agent by replicating a complex network issue that would typically take an experienced DevOps engineer hours to solve. The agent identified the root cause in under 15 minutes. Jason Sandery, head of cloud services at the bank, noted that the agent "thinks and acts like a seasoned DevOps engineer," helping engineers build more resilient banking infrastructure.

These three Frontier Agents mark a significant step toward an AI-driven software development lifecycle, shifting the value of AI from merely assisting with tasks to autonomously delivering project outcomes.