AWS launches Continuum and Context to secure AI agents

AWS announced two services on June 21, 2026, aimed at making AI agents production-ready: AWS Continuum, which automates the full lifecycle of code vulnerabilities, and AWS Context, a shared knowledge graph that supplies agents with business-specific data. Continuum is starting with select pilot customers while Context integrates existing enterprise sources so agents see authoritative context.

What did AWS announce?

AWS unveiled Continuum to cover detection, prioritization, validation, and remediation of code vulnerabilities, and Context to build an enterprise knowledge graph from existing data sources. Continuum scans for new and existing vulnerabilities, ranks findings by business impact, validates exploitability in isolated test environments, and recommends or applies fixes; Context automatically constructs relationships from databases, documents, emails, and chat messages and exposes them to agents via an Agentic Search API.

Continuum begins in a learning mode that requires human sign-off and can be switched to enforcement mode as confidence grows. Context stores metadata in AWS storage in an open table format, uses built-in access controls to enforce what agents can read, and reuses the same knowledge graph foundation as Amazon's AI assistant Quick.

How do Continuum and Context work in practice?

Continuum automates the security cycle by identifying risks, ranking them by business context, attempting exploit replication to weed out false positives, and then suggesting specific countermeasures or applying them in enforcement mode. Context pulls documents, images, videos, and audio from S3 data lakes, databases, and SaaS apps cataloged in the AWS Glue Data Catalog, then layers business rules so agents know which source is authoritative.

Continuum picks different frontier models depending on the task and cites specialized security models such as Anthropic's Claude Mythos as an example of models that can map attack paths quickly. The service includes a companion threat modeling tool that generates attack scenario overviews from design documents or source code. Context exposes an Agentic Search API for context-aware queries and delivers results directly to AI and third-party tools, and it learns which sources are reliable with each query so later agents benefit from earlier ones.

AWS also updated the DevOps tooling around agent-driven code. The AWS DevOps Agent now has a Release Readiness Review that checks every code change against production requirements and surfaces findings as comments in GitHub or GitLab. A second feature derives a test plan from the specific change and runs it in a production-like environment rather than relying on a static test suite; that preview is initially available for free in the US East region. AWS is also shipping Kiro as a native iOS app for control from smartphones, and expanding Bedrock AgentCore with managed knowledge-base connectors to S3, SharePoint, Confluence, and Google Drive plus built-in web search and security filters.

Why it matters

AWS is targeting two of the biggest practical barriers to deploying AI agents: security and context. Automating vulnerability lifecycle management recognizes that AI-generated changes increase the volume and speed of potential risks, and Context addresses the tendency of agents to produce confident but incorrect recommendations by tying outputs to enterprise data and access controls. The announcements follow internal incidents earlier this year, including a February event described in the source that involved a 13-hour outage after an autonomous action by Kiro, and a subsequent policy requiring experienced engineers to approve AI-generated code.

What to watch

Watch for broader availability beyond pilot customers for Continuum and for the preview's expansion beyond the US East region. Also track integrations promised for Bedrock AgentCore: AWS plans to fold in signals from third-party security providers such as Check Point, Zscaler, Rubrik, Netskope, and SentinelOne, which will be a key test of how well these services operate inside heterogeneous security stacks.