< ciso
brief />
Tag Banner

All news with #bedrock agents tag

46 articles

Amazon Bedrock AgentCore raises default runtime quotas

πŸš€ Amazon Bedrock AgentCore has increased default runtime quota limits to enable larger-scale agent workloads. The update raises active concurrent sessions to 5,000 in US East (N. Virginia) and US West (Oregon), and 2,500 in other supported Regions. All Regions now support 200 agent interactions per second and 25 new sessions per second, improving out-of-the-box throughput for agent deployments. Customers should review the AgentCore Quotas documentation and Developer Guide for details.
read more β†’

Amazon Bedrock AgentCore expands to four regions

πŸš€ Amazon Bedrock AgentCore is now available in four additional AWS Regions: Asia Pacific (Bangkok), Asia Pacific (Malaysia), Europe (Milan), and Europe (Spain). AgentCore is a platform to build, connect, and optimize agents, enabling engineers to ship agents quickly with any framework and model while enforcing security at the infrastructure layer. The launch brings runtime, identity and access control, policy management, session persistence, tool connectivity, and observability to these regions, reducing latency for local end users.
read more β†’

AWS Security Hub Adds AI Security Best Practices

πŸ›‘οΈ AWS Security Hub CSPM introduces the AI Security Best Practices standard, offering 31 automated controls to detect misaligned AI resources. The standard evaluates Amazon Bedrock, Bedrock AgentCore, and Amazon SageMaker workloads against recommended configurations without manual rule creation. It covers domains like network isolation, encryption, VPC placement, KMS usage, private registries, and authorization, producing findings to help teams remediate issues. Available in all Regions where Security Hub CSPM operates, including GovCloud (US) and China.
read more β†’

AWS WAF Protects Amazon Bedrock AgentCore Gateway

πŸ”’ AWS announces general availability of AWS WAF protection for Amazon Bedrock AgentCore Gateway, enabling protection of agentic AI workloads from common web exploits and abuse. You can associate an AWS WAF protection pack with your AgentCore Gateway to enforce IP-based access controls, rate-based throttling, and AWS Managed Rule Groups including Bot Control. Configure protections once at the Gateway and have them applied consistently to all targets behind it.
read more β†’

Amazon Bedrock AgentCore Memory adds cross-account access

πŸ”’ Amazon Bedrock AgentCore Memory now supports cross-account access, enabling multi-account architectures where memory resources and consuming agents span AWS accounts. Administrators can attach resource-based policies to memory resources to grant principals in other accounts permission to call memory data plane APIs by referencing the full memory ARN. Cross-account delivery destinations let memory resources stream payloads and events to Amazon S3, Amazon SNS, and Amazon Kinesis Data Streams in separate accounts. This capability is available in all Regions where AgentCore Memory is supported.
read more β†’

Securing AI Agent Behavior with AgentCore and Check Point

πŸ”’ Check Point and AWS are collaborating to secure enterprise AI agents by integrating Amazon Bedrock AgentCore with Check Point AI Security. This partnership extends AgentCore’s identity, gateway, registry, and policy capabilities with runtime behavioral protections that monitor agent actions across models, tools, data, and applications. The integration enables policy-driven governance, visibility into agent deployments, and prevention of misuse such as prompt injection or unintended data exposure.
read more β†’

Amazon Bedrock AgentCore managed harness now GA

πŸš€ Amazon Bedrock AgentCore announces general availability of its managed agent harness, enabling teams to deploy production-grade agents in minutes. The harness handles orchestration, tool execution, session isolation, persistent memory, failure recovery, and context management so customers define agents via configuration rather than coding the loop. It supports any model, mid-session model switching, integrated security and observability, and exports to code for custom orchestration, and is available today in all AWS Commercial Regions where AgentCore is offered.
read more β†’

AgentCore Memory adds strictly consistent metadata

πŸ“Œ Amazon Bedrock AgentCore Memory now allows applications to attach metadata values directly to short-term memory events so those values are preserved exactly when converted into long-term memory records. Previously, metadata had to be inferred by the LLM during extraction. Setting a metadata key to STRICTLY_CONSISTENT ensures the provided value is unchanged, prevents merging across different values, and lets you group events for department scoping, compliance boundaries, and multi-tenant isolation. The feature supports up to three strictly consistent STRING keys per strategy and is available in all AWS Regions where AgentCore Memory is supported.
read more β†’

Amazon Bedrock AgentCore adds Web Search capability

πŸ”Ž Amazon Bedrock AgentCore now offers Web Search generally available in US East (N. Virginia). The fully managed tool provides agents with current web knowledge, combining an Amazon-operated web index and structured knowledge graph data to return high-value excerpts, entity data, and verified facts. Web Search integrates with AgentCore via the Model Context Protocol (MCP) and keeps data residency within your secured AWS environment with zero data egress.
read more β†’

Amazon Bedrock AgentCore adds interactive shells

πŸ–₯️ Amazon Bedrock AgentCore Runtime introduces the InvokeAgentRuntimeCommandShell API, providing a persistent, PTY-backed terminal over WebSocket into running agent sessions. This complements existing one-shot execution via InvokeAgentRuntimeCommand and delivers a full terminal experience inside an isolated microVM with features like colors, tab completion, Ctrl+C, resize, and automatic reconnect. Developers hosting coding agents (for example, Claude Code, OpenAI Codex, Amazon Kiro) can now authenticate, drop into the agent microVM, inspect files, run ad-hoc commands, and debug while retaining session state across reconnects. Each interactive session uses a runtime session ID and shell ID for resume; up to 10 concurrent shells are supported per runtime.
read more β†’

Step Functions adds AgentCore AI reasoning steps

πŸ€– AWS Step Functions now integrates with the Amazon Bedrock AgentCore managed harness (preview) to add AI agent reasoning steps to workflows. The integration lets you declare agents via configuration, run agents in parallel or sequence, add human approvals, and view execution history with agent inputs, outputs, token usage, and CloudWatch links. You can reuse or create harnesses from Workflow Studio, apply per-invocation overrides, and persist agent context with session IDs. The harness preview and integration are available in select regions and standard Step Functions and Bedrock pricing applies.
read more β†’

SageMaker AI adds multi‑turn reinforcement learning

🧭 Amazon SageMaker AI introduces multi-turn reinforcement learning (RL), a serverless model customization method for fine-tuning models on multi-step, agentic tasks. The feature trains models against users' agent environments, rewarding entire decision sequences to improve task accuracy of smaller, cost‑effective models versus larger general-purpose models. It integrates with Amazon Bedrock AgentCore Runtime and other deployment targets, and handles rollout orchestration, trajectory collection, training, and checkpoints, with MLflow tracking and evaluation metrics. Multi-turn RL runs serverlessly and is available in SageMaker Studio and the SageMaker Python SDK, supporting several foundation models in specific regions.
read more β†’

Securing multi-tenant AI agents with AgentCore policies

πŸ”’ This post shows how SaaS providers can use Amazon Bedrock AgentCore resource-based policies to control multi-tenant access to a shared AgentCore Runtime and Runtime endpoint. It walks through two tenant scenarios: cross-account access for Example Corp and VPC-restricted access for AnyCompany, demonstrating how to apply resource-level Allow and explicit Deny conditions. The article covers required IAM permissions, example policy files, and verification steps to ensure network- and identity-based constraints are enforced.
read more β†’

AgentCore Identity supports customer-managed secrets

πŸ” Amazon Bedrock AgentCore Identity now lets customers reference existing AWS Secrets Manager secret ARNs directly in Credential Providers. Previously, secrets were service-managed and created by AgentCore Identity, limiting tagging, CMK encryption, and governance controls. Customers can now create and manage secrets with their own policies and then reference the ARN without changing runtime behavior. This feature is GA in 14 AWS Regions.
read more β†’

Why Amazon Bedrock AgentCore Chose Cedar Policies for Agents

πŸ”’ Amazon explains how AgentCore Gateway enforces a centralized authorization layer between autonomous agents and external tools, treating the LLM as an untrusted actor. Policies are expressed in the open-source Cedar language for readability, bounded execution, and mathematical analyzability, enabling deterministic enforcement and formal verification during policy authoring and attachment. A neuro-symbolic workflow translates natural-language rules into Cedar, validates them with Cedar Analysis, and enforces decisions at runtime to constrain tool invocations and filter unavailable actions.
read more β†’

Updated AWS Guide: GRC for Responsible AI in FSI Updates

πŸ”’ The updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption provides Financial Services customers practical GRC guidance for deploying AI responsibly. It covers governance, risk management, compliance, data and model management, and AI agent oversight, and maps these considerations to AWS capabilities. The guide highlights services such as Amazon Bedrock AgentCore, Bedrock Guardrails, Bedrock Agents, SageMaker Autopilot, and SageMaker Model Monitor. It complements existing AWS responsible AI and Well-Architected resources and is available on the AWS Whitepaper portal.
read more β†’

Amazon Bedrock AgentCore Payments Preview for Agents

πŸ’³ Amazon Bedrock AgentCore now offers a preview of AgentCore payments, enabling AI agents to autonomously discover and pay for APIs, MCP servers, web content, and other agents. Built with Coinbase and Stripe, the feature manages wallet authentication, x402 protocol negotiation, stablecoin payment execution, and proof delivery without interrupting an agent's reasoning loop. Developers can attach a Coinbase CDP or Stripe Privy wallet, set session-level spending limits enforced at the infrastructure layer, and observe every transaction through AgentCore's existing logs, metrics, and traces. The Coinbase x402 Bazaar MCP server is accessible via AgentCore Gateway, and the preview is available in four AWS Regions.
read more β†’

Amazon Bedrock AgentCore Runtime: BYO File System Support

πŸ”Œ Amazon announced that Bedrock AgentCore Runtime now supports bring-your-own file system mounts for Amazon S3 Files and Amazon EFS access points. Developers can attach these file systems into every agent session at a specified path so agents use standard file operations without custom mount code, privileged containers, or pre-run download orchestration. The feature preserves sub-millisecond latency for active data and NFS close-to-open consistency. It is available across the 15 AWS Regions that support AgentCore Runtime and requires an access point ARN plus a configured VPC.
read more β†’

Amazon Bedrock AgentCore Memory Adds Metadata for LTM

🧠 Amazon Bedrock AgentCore Memory now supports metadata on long-term memory (LTM) records, enabling agents to tag, filter, and retrieve memories using structured attributes alongside semantic search. You can define up to ten indexed keys per memory resource with STRING, NUMBER, and STRING_LIST types and apply operator filters to refine retrieval results. Metadata can be attached at ingestion or inferred automatically by the LLM using extraction instructions defined on the memory resource. This capability is available today in all AWS Regions where AgentCore Memory is supported.
read more β†’

Amazon Bedrock AgentCore arrives in AWS GovCloud US-West

πŸ”’ Amazon announces that Bedrock AgentCore is now available in the AWS GovCloud (US-West) Region, bringing enterprise-grade agentic AI to workloads with elevated compliance and data residency requirements. AgentCore is a managed platform for building, deploying, and operating AI agents at scale without customers managing infrastructure. Core capabilities include AgentCore Runtime for session-isolated, long-running agents; AgentCore Gateway, which uses the Model Context Protocol to convert APIs and Lambda functions into agent-ready tools with controlled access to enterprise services; AgentCore Identity for integrated authentication and permission delegation; and AgentCore Observability and Evaluations for real-time monitoring and continuous quality assessment in production.
read more β†’