AWS urges ‘security-first’ mindset as the AI threat landscape evolves

For AWS, it is vitally important for security to be built from the ground up.

Speaking at the AWS Summit in London recently, the company revealed that countries like the UK could unlock billions in growth potential if they closed the gap between basic and advanced AI adoption. However, Kimberly Dickson, worldwide go-to-market lead for AWS detection and response, took this one step further – advocating for a ‘security-first’ mindset as the ticket to innovation.

“Everything – from the way that we build our physical data centres, all the way through into our networking capabilities, to the way that we help customers protect their data and applications in the cloud – is created with that security-first mindset,” she explained, talking about how AWS confronts security.

“We always put security first to make sure that it’s front of mind.”

A security-first mindset

An interesting part of how AWS approaches security is from a culture mindset, which Dickson explained is the idea that it’s everyone’s responsibility to uphold security in the best possible way.

“AWS has a very broad and deep layer of security – we’re looking at every layer of the stack, from encryption to the network, allowing customers to classify their data and understand where it flows,” she said. “As we’ve grown, we’ve realised AWS maintains a whole host of understanding of data on AWS, which informs the way we build our security applications and how the security agent works.”

The way AWS looks at data and builds its security tools is based on its scale. Dixon explained that, given that you can only protect what you can see, this means security is “essentially a data problem”.

She added: “We can see the way that threat actors act across AWS environments and our customers’ environments, and that data feeds into the way we build our protections on the cloud.”

An example of an AWS threat detection tool that informs the way agents are built on AWS is MatPot, an internal tool that distributes multiple honeypots globally. The company launches roughly 10,000 MatPot sensors a day, enabling it to capture how threat actors act across its entire network.

“That intelligence informs all of our AWS solutions and the tools our customers are able to use,” Dickson explained. “MatPot looks at approximately 750 million threat interactions daily – all of that threat intelligence flows through into services like Amazon GuardDuty, our threat detection tool, AWS WAF, our application firewall, and AWS Shield, our DDoS service. That data gets fed through into our AWS tools and consumed by our customers.”

Through completing these tasks, AWS realised customers now want the ability to not only protect data already launched on AWS, but to use a security agent before they’ve even written code. Dickson explained how the company’s frontier security agent can support the design review process, look at vulnerabilities in any code and draw on AWS best practices and threat intelligence after deployment through the agent itself.

“With the security agent, you have on-demand penetration testing that compresses what might take months or weeks down to just a couple of hours,” she noted. “It gives you a report, provides remediations you can implement automatically and it’s based on best practices drawn from our threat intelligence.”

The threat landscape continues to evolve

With the excitement of AI agents spreading across the wider technology industry comes intensified risks of how misusing new tools could result in cyber incidents. New and emerging threats involve more novel techniques being used by AI or AI agents in cybersecurity threats.

“What we’re seeing is that attackers and adversaries are using commercially available AI applications to execute the same attack tactics and techniques, just at a much greater scale and much faster,” Dickson explained. “It’s not novel at all; they just can do it at scale now.”

A lot of what AI enables attackers to do currently is to move faster, Dickson noted, advocating for a hardened environment and stronger security hygiene.

She added: “The fundamentals of security remain the same. [Attackers] are opportunistic; if they find something that’s easily blocked or can’t be exploited easily, they move on.”

AI agents are significant from a risk perspective because they can reason and make decisions, sometimes with minimal oversight. This, Dickson said, is where the risk comes in.

“You can’t build security controls with only the human or the machine in mind,” she added. “Now you need to look at the entire chain of decisions an agent might have taken to reach a specific outcome.”

AWS looks at AI agents specifically as a third identity from an AI risk perspective, treating them as a new identity layer – one that’s not just about an agent having access, but also about the humans who deploy the agents.

“Agents on AWS can inherit temporary, privileged permissions directly scoped to the human who deployed them,” Dickson said. “That way, you can scope things down, ensure least privilege, ensure auditability and ensure you understand why certain actions were taken to reach the outcome the agent arrived at.”

As more businesses move from the experimentation phase to deployment, Dickson advocated for the CIA triad to approach controls: Confidentiality, integrity and availability.

“These are basic security controls that you can implement using a lot of AWS security services – proper identity and access management, proper encryption and logging,” she said. “Then there’s the newer things you need to think about – things like model poisoning, how can I be sure an adversary isn’t trying to bias my model to produce biased or malicious outputs?”

She explained how AWS has services like SageMaker machine learning inference, which enables customers to look at an immutable understanding of changes across models and underlying data.

“You need to be careful about whether the underlying data for your models might contain personally identifiable information, because that can be surfaced through a prompt or accidentally exposed,” Dickson added. “We have controls for that through Amazon Bedrock Guardrails, which can check for the presence of PII.”

She also explained how cybersecurity professionals must think about how to segment data and consider the output layer to make sure what comes out of AI applications can be trusted.

“A lot of the tools we’ve released on AWS build on the same security foundations customers have been using for 20 years, with additional guardrails implemented through Amazon Bedrock, Lake Formation, SageMaker and so on, to create a very strong input and output posture,” she said.

Overcoming industry challenges with AI

A significant pain point within the industry currently is alert fatigue, operational exhaustion that occurs when cybersecurity professionals are faced with an overwhelming number of warnings. For Dickson, the issue is prioritisation.

“Finding the needle in the haystack and determining what to address first – that’s definitely a challenge customers regularly bring to AWS, and we’ve been relentless in our development and release of services over the last year to help with it,” she explained.

Having supported the development of AWS’s enhanced Security Hub tool, Dickson explained how it can correlate threats across vulnerabilities, misconfigurations, data risk and network risk to provide a visualisation of an attack path.

“Piecing together those signals allows customers to focus not on individual alerts, but on a correlated attack path with clear downstream impact,” she said. “We’re also continuously releasing services that stitch together these automated signals, so customers don’t have to do this manually.”

Despite such progress, AWS does acknowledge there are still use cases it doesn’t address across multi-cloud or hybrid environments. This year, Dickson explained how the organisation has released an extended plan for the new AWS Security Hub to curate 14 solutions and bring them under the AWS Security Hub umbrella.

“Customers can now procure endpoint, network, or email solutions directly through AWS Security Hub, with findings from partner tools like CrowdStrike and Okta feeding into Security Hub,” she said. “This gives them a single pane of glass across not just AWS, but multi-cloud and hybrid environments as well.”

AWS’s use of AI is only evolving to support longer-term security challenges. Dickson explained the company now uses the technology to write detections AWS, recommending detections based on what MatPot has identified – tasks that used to take defenders months.

“We’ve used AI internally to dramatically reduce time taken to go through data,” she added. “We’ve also implemented AI directly within our application review process, feeding historical security reviews into AI so it can identify patterns and flag anomalous behaviour. That allows us to look at unknown unknowns, based on our understanding of what baseline behaviour looks like.”

According to recent statistics, it used to take AWS 27 hours to produce a new vulnerability. It’s now down to just 10 minutes.

“The role of the security team really does change,” Dickson said. “We’re no longer spending time on manual, repetitive tasks – AI handles that. Security teams can now focus on high-value actions: zero-day threats and building an environment that’s genuinely more secure for our customers.

“The more AI is used, the more effective security is going to be.”

Meta plans to scale agentic AI with AWS Graviton chips

Finance leaders in Washington issue stark warning on AI cyber threats to financial stability