2025 PiTuKri ISAE 3000 Type II attestation report available with 183 services in scope
Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestat...
AWS Security Blog
8 articles
Understanding IAM for Managed AWS MCP Servers
As AI agents become part of your development workflows on Amazon Web Services (AWS), you want them to work with your existing AWS Identity and Access Managem...
AWS successfully completed its first surveillance audit for ISO 42001:2023 with no findings
In November 2024, Amazon Web Services (AWS) was the first major cloud service provider to announce the ISO/IEC 42001 accredited certification for AI services...
Inside AWS Security Agent: A multi-agent architecture for automated penetration testing
AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they requi...
AI-augmented threat actor accesses FortiGate devices at scale
Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking ...
Building an AI-powered defense-in-depth security architecture for serverless microservices
March 10, 2026: This post has been updated to note that Amazon Q Detector Library describes the detectors used during code reviews to identify security and q...
Explore scaling options for AWS Directory Service for Microsoft Active Directory
You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams ca...
How to get started with security response automation on AWS
December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation.