Amazon Web Services (AWS) this week made an AWS Security Hub for analyzing cybersecurity data in near real time generally available, while at the same time extending the GuardDuty threat detection capabilities it provides to the Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Container Service (Amazon ECS).

Announced at the AWS re:Invent 2025 conference, these additions to the AWS security lineup come on the heels of a move to prevent guest data running on a kernel-based virtual machine (KVM) from leaking in much the same way it was earlier discovered on VMware platforms.

Mark Ryland, director of the AWS Office of the CISO, said additionally AWS now plans to contribute the fix it developed to the Linux community to address that issue once and for all starting next year.

Finally, AWS has now also made it simpler for organizations to employ short-lived tokens for credentials that can be federated across multiple cloud computing environments. Those tokens are tied to the same multifactor authentication (MFA) capabilities in browsers to validate the credentials issued to the command line interface (CLI) tool being used by a developer. That approach reduces reliance on long-lived tokens that, when compromised, enable malicious actors to potentially access cloud resources for much longer periods of time.

These additions are part of a larger AWS effort to make it simpler to secure cloud computing environments, said Ryland. For example, AWS earlier this week previewed an artificial intelligence (AI) agent that leverages natural language to enable application developers to add policies as code to an application as it is being developed using the open source Cedar authorization engine that AWS developed. In effect, AWS is enabling developers to use a probabilistic tool to generate deterministic policies to improve application security, noted Ryland.

In time, all these capabilities will improve the quality of the signals and metadata that AWS continues to track to identify anomalous behavior, said Ryland. The AWS Security Hub extends that capability to organizations that have deployed applications on AWS services to generate their own actionable insights using signals and metadata collected from Amazon GuardDuty, Amazon Inspector, AWS Security Hub Cloud Security Posture Management (AWS Security Hub CSPM), and the managed Amazon Macie service for identifying sensitive data stored in the AWS S3 cloud storage service.

Additionally, AWS since first previewing AWS Security Hub earlier this year has added a summary dashboard for tracking historical trends. It displays an overview of your exposures, threats, resources, and security coverage through customizable widgets that you can add, remove, and arrange as cybersecurity teams prefer.

The overall goal is to make it simple for AI agents to apply pattern matching to discover threats and mitigate vulnerabilities that otherwise would not have been discovered by a cybersecurity team, said Ryland

Fernando Montenegro, vice president and practice lead for cybersecurity and resilience at the Futurum Group, said that while these advances clearly improve the state of application and cloud security, organizations need to be judicious when it comes to relying on cybersecurity tools, scan and policies that have been implemented by application developers that typically don’t have a lot of cybersecurity expertise. While application developers should be encouraged to use these tools, cybersecurity teams will still need to validate tests and policies, he added.

One way or another, however, the overall state of cloud security in the age of AI should improve. The issue now is getting the tools and processes in place to realize that potential before cybercriminals start using the same AI technologies to discover and exploit vulnerabilities faster than ever.