AWS Security Agent just automated threat modeling with STRIDE. Your security team's first pass is now optional.

AWS Security Agent now generates threat models from your design docs and source code using STRIDE.

Public preview. Free. No additional cost.

This isn't a scanner. It's an agentic reasoning system that maps your application architecture, identifies trust boundaries, and produces mitigations across all six STRIDE categories.

The architectural shift: security review moves from a gate at the end of the sprint to an agent running in your IDE.

Kiro integration means you build threat models from specs during the design phase. Claude Code plugin means you run them from your terminal. MCP means any agentic tool can invoke it.

Pull request code scanning now ships with inline remediation across GitHub, GitLab, and Bitbucket. The agent reviews your PR, finds the vulnerability, and writes the fix in your IDE without context switching.

What changed at the foundation: AWS Security Agent is now part of AWS Continuum. This isn't a standalone product anymore. It's a security substrate that connects design-time review, development-time scanning, and deployment-time penetration testing into one agentic pipeline.

The penetration testing capability is already GA. Threat modeling and code review are in preview. The gap between "I should do threat modeling" and "I actually did threat modeling" just collapsed to a single command.

Run `help me remediate my findings` from your Kiro IDE and the agent downloads findings to your local workspace, prioritizes the critical path, and launches a bugfix spec session. That's the new baseline.

SOURCE: https://aws.amazon.com/about-aws/whats-new/2026/06/aws-security-agent-threat-modeling
VERIFIED: AWS official announcement (June 17, 2026), Develeap coverage, AWS Security Agent product page, AWS Summit New York announcements
SIGNAL: AWS just turned threat modeling from a specialist skill into an agent capability. Every team with design docs now has automated STRIDE analysis available at zero marginal cost.